I m not a security expert or a systems architect, this is purely from a layman's perspective but this is what i would do
Log everything, every file access every read and write call, some one with root access may clean up the logs you might say, then integrate it into the file sytem architecture, still really talented hackers might circumvent the File-system and directly access it. Even better built into the hardware of the storage devices to make it really tamper proof. Once you do log everything, it is not too difficult to setup alerts on suspicious patterns especially for large scale theft.
If some of the above it too disruptive, too costly, too difficult to implement then alternative is to simply have peers review your access in sensitive systems. Meaning every time some one needs root access to those system, other sysadmins preferably needs monitor/approve etc, sure it creates more red tape and bureaucracy and decrease in productivity, but better than the loosing data of national importance. In general more the people having monitoring information access, less chance of theft, as it then requires more people to collateralize on your wrong doing making it statistically less probable.
Finally I would suggest encryption at multiple levels, I don't know what exact role snowden actually performed, but I cannot visualize many cases where he needed access to the contents of a file or object to do sysadmin work. Even if it required such decryption, NSA could easily setup dedicated servers which will decrypt file and of course log the requests.
These are crude ideas and are probably full of holes, but any with serious experience and sufficient time and thought can design robust systems making it much harder to steal. No system is perfect, but it could been made far harder and amount of information leaked could have been minimized far better.
I think this more a symptom of the american security apparatus rather than a problem with the NSA only, look at how easy it was for Manning to take information, he was no techie, not particularly given special access.
Far more than spooks collecting data I am worried at how badly they are securing it. To clarify I am not supporting this invasion of privacy, but merely saying that this data can end easily up in the hands of people who will do far worse than what NSA will do.