Information governance is not just good for improving security, it is good business practice. discusses how it can help firms protecting their most valuable assets against loss or harm.
Information exchange is vital for any organization. It enables collaboration, fosters productivity and simply allows business to get the job done. Yet, every organization produces information that is confidential in nature, such as records related to financial transactions or customers, or that provides it with competitive advantage, like trade secrets related to product designs. Should such information fall into the wrong hands, the consequences can be dire in terms of lost business, sanctions and fines. In a worst case scenario, reputations could be left in tatters.
The chances of that happening have never been greater. Modern technologies are extending the perimeters of networks well beyond their traditional boundaries to encompass all manner of external applications, devices and users. Mobile technologies, instant communication mechanisms and interactive applications have redefined the way we work, making information ever easier to exchange and consume. This is true of exchange between internal employees as well as with third parties such as business partners and customers. But this also makes information easier to intercept or share inappropriately.
Embrace governance strategies
This means that every organization must embrace secure information governance strategies and technologies. Information governance technologies provide visibility over all information flows – into, within, and out of an organization – and provide the ability to ensure that policies are applied to all of those information flows.
The online world that we work and socialize within no longer accepts the delays that many information governance solutions enforced over the past decadeKevin Bailey, Clearswift
There are a number of capabilities that must be in any information governance toolset so that firms can ensure that information is adequately safeguarded. They must provide protection for all mechanisms that allow information to be exchanged, including emails, removable media, and web downloads and uploads such as to social media and file sharing applications. Protection needs to be extended across all platforms where information is held or accessed, including mobile devices, cloud-based applications, file shares, and internal communication and collaboration tools.
They must also provide protection for the content being communicated to ensure that sensitive information cannot be accessed inappropriately or malware or exploits embedded within documents are not propagated. These could damage systems or allow information to be extracted. For protecting sensitive information, data loss prevention technologies ensure that sensitive information can’t be communicated accidentally or maliciously by encrypting or redacting the information so that it can’t be read. Document sanitisation capabilities remove from documents any embedded malware or exploits as well as metadata that can be used to glean further information. They then present a clean version of the document to the intended recipient so that they can continue working without interruption.
To be effective, all these capabilities need to work together in a seamless manner in a way that is transparent to the user and requires them to take no action that would interrupt their work. If technologies prevent users from performing their tasks, they will merely attempt to find ways to circumvent them. To make them easy to implement and manage, these tools should be provided as one integrated platform that allows policies to be enforced uniformly and reports to be generated for security and audit purposes.
Kevin Bailey, head of market strategy at Clearswift, believes that true information governance should provide visibility, productivity and business advantage, while ensuring that only authorised personnel can access, collaborate and repurpose corporate and personal information. Yet traditional data loss prevention techniques, used as pseudo first generation information governance solutions, are not intuitive to minimise unnecessary delays.
“The online world that we work and socialize within no longer accepts the delays that many information governance solutions enforced over the past decade,” he told me recently. “An equal balance of security and information visibility is the minimum that businesses and individuals will accept in their collaborative engagements.”
Reaping the benefits
All organizations are under increasing pressure to ensure that sensitive information is adequately secured in order to shield themselves from potential financial losses, lost productivity and reputational damage – all of which can cause considerable harm to continued wellbeing and competitiveness. Organizations should therefore strive to ensure that all information flows are adequately protected against internal and external security risks.
Information governance technologies reduce risks for organizations by enabling them to continuously monitor information in order to understand how it flows throughout networks and beyond the boundaries of an organization, who accesses it and how it is stored. In so doing, they provide 100% visibility into information security risks on a continuous basis. With this, organizations will be able to benefit from the productivity gains enabled by always-on collaboration, whilst stemming data losses and protecting themselves against advanced attacks from even the most sophisticated adversaries. Not only will organizations be able to ensure that their sensitive information is adequately secured, but they will be better able to meet internal governance and external compliance objectives.
Fran Howarth is an industry analyst with Bloor Research specialising in security. She has worked within the security technology sector for more than 25 years in an advisory capacity as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include cloud security, data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Fran can be reached at fran.howarth@bloor-research.com.