Are you aware that email is a major source of businesses losing control of sensitive information? Do you know if your employees are using consumer grade tools to share and work on company files because you do not have an enterprise file sharing system in place or it is too complicated to use? If the answer to either of these is no you need to take a serious look at your security as you are likely exposing your business to a whole host of potential security breaches.
Protecting vast quantities of data is unquestioned as a necessary pillar of achieving security. But increasingly, company intelligence and insights are usually the preserve of employees, often shared through email, cut and pasted into disparate pieces of information, usually filed in multiple locations. It is this highly valuable information that often resides in an unstructured, unprotected and unencrypted format. Security decision makers must now address effective security not only for infrastructure, but also for information.
The rise in the use of popular consumer file sharing tools in business such as DropBox and Google Drive has caused a major headache for IT departments frightened of losing control of files shared inside and outside the workplace and putting data security under threat. Most often, consumer-grade file sharing tools like these utilise the public cloud. The end result is that not only does the IT department not know who is sharing what, when and with whom, it also has no visibility as to where the data is actually being stored.
Tackling The ‘Dropbox Dilemma’
Smart organisations are adopting a document-centric approach to the problem, which means that security is embedded in and travels with the files. This approach need not be complex or expensive but it is important to have the right security policies and the right level of security in place to protect data from breaches, without slowing down the workflow process.
Implementing an enterprise ready secure file sharing and collaboration solution will help an organisation adapt their security approach and ensure they are protecting valuable information. When chosen and implemented correctly an enterprise-grade secure file sharing and collaboration solution should free companies from the complexity and cost of managing files in a typical heterogeneous IT model, whilst addressing the shortcomings of consumer-oriented file sharing platforms.
Two key considerations when it comes to any enterprise-grade collaboration solution are:
1. DRM (Digital Rights Management)
This puts security at the file level, allowing it to travel with the file, and affords control of the file, such as limiting copy, paste, edit, and print, even after the file has left the organisation. It can also include revoking access to that file completely for an external recipient. One additional benefit is that files can “call home”, allowing the IT team to see exactly where and on which device files are being consumed. This can be vital in detecting potential breaches and for forensic activity.
2. Consideration Of The Insider Threat
PWC’s Global State of Information Security Survey 2015 found that the number one cause of security incidents in 2013 was current employees. Failing to address the risk posed by internal users leaves a business vulnerable to entirely preventable breaches and data loss. Solutions that devolve policy control, even with the DRM, are very convenient, but they do not deal with inside threat. This is critical to maintain administrative policy control, in combination with document owner controls, to address the insider threat and to make sure sharing options and policies are appropriate to the level of content in question.
For most organisations, it will be a question of when and not if they will be subject to a cyber security breach. Despite the unpredictability of when the next cyber security incident might occur there are risk factors that IT chiefs can control to protect their organisation to the best of their ability. Giving employees the tools to carry out their daily activities securely without impairment should go a long way to reducing that risk.