Inappropriate sharing or unauthorized access to files containing sensitive, confidential or regulated information is leading to ever-more data leakage for companies.
More than 80% of participants in EMA Research’s 2015 State of File Collaboration Security report, sponsored by FinalCode, admitted that there have been data leakage incidents in their organizations. And while the majority of IT organizations have enhanced technical controls and auditing, only 16% of the respondents felt highly confident in their file security investments—indicating an underlying insecurity in monitoring and enforcement capability.
The growth of cloud and mobile computing has boosted the ease at which files can be shared. Also, the diversity of collaboration methods (applications and devices) have all contributed to the frequency of file data leakage incidents. Accordingly, more than 90% of respondents stated that the lack of protection of files leaving cloud-based platforms or device containers poses the highest risk to adopting cloud-based file storage and collaboration services.
And no wonder that all organizations surveyed, across IT, security and line of business roles, are concerned about file data leakage risks, and 75% expressed very high to high concern.
Yet while the expansion of industry and government compliance mandates toward data security, and specifically safeguarding personally identifiable information (PII), has spurred companies to take action and investigate how to extend policies, processes and controls to further protect sensitive information within and outside an organization—this is a nascent process.
“Data dissemination and file collaboration are natural parts of most business and operational workflows, so security must be an integral part of the workflow to protect information," said David Monahan, research director of risk and security management at EMA. “Unfortunately, protecting sensitive and regulated data within shared files remains a significant exposure within many organizations.”
For now, 84% of participants had moderate to no confidence in their security controls and auditing capacity to secure confidential files. Email gateway/proxy software and data loss prevention (DLP) technologies were the top mature controls, while file encryption and usage control software was cited as the top upcoming control investment.
About 70% of respondents believed that end users would invoke stronger security controls on files they share if empowered to do so.
"Our survey findings clearly show a gap between file security policies and practices and the efficacy of technical controls in place to monitor and enforce compliance to the existing policies,” Monahan said. “This lack of capability to control unstructured data as it moves through its lifecycle will not only yield more data privacy breaches but will impact the adoption of advanced enterprise and cloud content management systems."