Data loss is a big problem - but it's a problem in two separate ways, one obvious, and one less so obvious. The first is the BYOD issue, whether that's smartphones, tablets or USB devices. People lose them, and their content. But the second problem is potentially more worrying: IT departments often have little or no visibility on what, or even how, corporate and often sensitive data is being moved in and out of the business. No visibility means no governance; and no governance means no compliance.
It's a real challenge, Rich Kennelly, president at Ipswitch File Transfer told Infosecurity. "Businesses are sharing more confidential information electronically than ever before - between people and between applications. The challenge is that IT is behind the curve in creating ways to share this information securely."
Ipswitch has been monitoring the problem and has released the results of its latest survey at Infosecurity Europe. Not all of the figures are individually surprising. Only fifty percent of people admit to using personal email to send company files. But even where company email is provided, 60 percent of those users attach classified documents. More worrying, however, is that users are turning to 'personal file sharing', the use of new file transfer websites such as Dropbox to move files between different destinations.
"It's when you step back from the figures," says Kenelly, "that you see the real issue: IT has little visibility on its own data." All the users are trying to do is get on with their jobs - and they are using non-IT-sanctioned methods simply because they are easier. "They're faster, more convenient, and size issues (such as those imposed by corporate email restrictions) just disappear. It all proves what we have long suspected - companies have data moving in and out of the business over which IT has no visibility at all."
The problem for IT is to provide the simplicity that users need with the governance that IT needs - and it can be done with products or services such as that provided by Ipswitch: it encrypts files on the way to its own servers, from where it is downloaded by the recipient.
Everything is tracked, so it provides logs and tracking for governance and audit, while the encryption provides security. Not only does such a service provide the governance that IT needs and the simplicity that users require, it has an additional benefit for European business and European compliance. Since the data is encrypted, Ipswitch has no visibility on or knowledge of the content; and this provides an effective counterbalance to the US Patriot Act. Although the US government can require that IPswitch, a US company, hand over what details it has - just like it can and does with companies like Google and Microsoft and Twitter and Facebook - all that Ipswitch can actually hand over is meaningless encrypted files.