Companies Must Implement Smart Information-Sharing Policies

Corporate data has never been more at risk. As well as keeping on top of employee sharing habits, organizations now have to contend with a wide range of security threats, from new zero-day vulnerabilities to targeted attacks and state-sponsored espionage.

It’s vital that businesses are able to communicate effectively on an internal and external level, with customers and partners alike. But an increasing level of communication comes the risk that sensitive corporate information could be treated carelessly and fall into the wrong hands.

Breaches, interception, or accidental leaks mean that sharing documents over email, free file-sharing services, or on paper are not viable options for many businesses. Equally, with most full-time employees now using mobile devices to access corporate data, it’s more essential than ever that security extends beyond the perimeter of the organization.

So what should businesses be looking out for when it comes to IT security and file sharing? What should they be doing to ensure their organization doesn’t feature in the data leak headline of tomorrow? After all, data leaks are becoming more of a day-to-day threat to organizations than cyber-attacks, with the Information Commissioner’s Office (ICO) fining a number of companies in recent months for accidental loss of data. Undoubtedly, these will continue, generating further embarrassment for businesses.

Data loss can be attributed to IT struggling to manage users’ sharing habits outside of the organization. In the past, when things were held behind the firewall, IT departments knew what their internal systems were and where people were sharing data. Nowadays, we are at a point where cloud file sync and share (FSS) services have made their way into many businesses from the consumer world, causing challenges for IT and compliance staff alike.

The FSS market can be looked at as a pyramid, with a vertical axis of business value. At the bottom is a massive breadth of adoption, with some FSS providers claiming up to 500 million users. But while these users are saving themselves time, they are likely to create greater problems for others within their organization.  For example, protocols whereby user access to specific information alters over time, such as when employees join, move and leave, mean that implementing policy to protect intellectual property (IP) or against data loss becomes more important as the total surface area of cloud services in use increases. 

"File-sharing platforms for the workplace should have strong capabilities that enable content protection without introducing friction for end-users"

At the opposite end of the spectrum (or in this case, the top of the pyramid) are the more niche players, with more focused adoption rates typically solving more clearly defined business problems. They provide a higher level of business value to highly-regulated organizations, making it easier to track information, reduce paper usage and allow access to the most current information available. Shaving a month off the time it takes to run a pharmaceutical trial, for example, through increased efficiency in sharing information, may translate to an extra month in market before a patent expires.

File-sharing platforms for the workplace should have strong capabilities that enable content protection without introducing friction for the end-users who need to get their jobs done. Technologies such as information rights management (IRM) make it easier to manage access to documents and protect IP beyond the organizational boundary. Businesses also need the option to add specific permissions, such as a time limit after which the document can no longer be viewed – even if it has already been downloaded.

What’s more, if you’re in a highly regulated industry like banking or pharmaceuticals, you have to be confident that sensitive information about customers, contracts or medical trials remains secure. Should a judge come asking for a full set of information pertaining to a specific issue, finding the right documents spread across 50 different systems is a huge challenge. FSS technology needs to take all of these compliance issues into account.

That said, regulations vary from country to country. There are times when a government authority requests specific customer data from cloud providers, which can cause problems between all parties involved. This is where solutions like customer managed keys (CMK) may help to give more power back to the information owner, allowing customers to manage their own encryption keys.

As threats continue to impact business, security is becoming a major concern not only for IT departments but also for the board of directors. Both IT and the C-suite should remember that employees need to share things with each other and third parties to do their job efficiently. Often, too many companies rely on a few tersely-worded sentences in an easily forgettable employee policy document as the primary guidance to safe information sharing.

Organizations should take control over the myriad of sharing tools being brought into the workplace by employees, recommending a standard that can guide employees to apply the right information controls, without introducing unnecessary friction into their vital business processes.

Richard Anstey is CTO EMEA at Intralinks

What’s Hot on Infosecurity Magazine?