Public-Sector Cybersecurity Battles are Bleeding Over into Corporate Business

Written by

If both companies and sovereign countries deploy cyber-attacks on their enemies, perhaps the goal is to disable the tech that rival entities rely on. Other times the mission may involve attempts to steal classified data or intellectual property.

The increasingly polarized political climate is bringing some important issues into the forefront. One of them is cybersecurity. With allegations made that Russian agencies attempted to disrupt or alter the outcome of the 2016 presidential election, the public is being inundated with lessons on cyber-warfare via an endless drumbeat of cable news presentations. 

One of the most powerful ways for companies of all sizes to protect their intellectual property is through the deployment of virtual data rooms (VDRs). The VDR was originally relied upon by Fortune 500s for securely sharing information during a merger or acquisition negotiation, VDRs serve as the modern gold standard in information security.

VDR Technology is the Cloud’s Answer to a Data Lockbox
You don’t need to build Fort Knox. VDRs, as the name suggests, are entirely virtual. They can be accessed in a similar manner to using Google Drive or Onedrive. The difference is that permissions are granted at the user and sub-user level. When users sign in to access the VDR, they can be prompted to electronically sign an NDA. Every document they access can be marked with a dynamic watermark to reduce the likelihood that users will share information with unauthorized parties.

The main reason I believe small businesses should see a VDR as a mandatory part of their data security suite is the availability of affordable SaaS solutions. There’s no need to hire a team of data security experts, or house additional servers. It’s affordable and much more secure to rely on a comprehensive platform that is maintained by leaders in the data security space.

A VDR isn’t capable of completely defending your company on its own. Great data security specialists get creative to protect the data they are sworn to defend. One of the more creative stories I’ve come across is a story about Jay-Z and Kanye West’s efforts to prevent the leaking of their recent collaboration. They used internet kill switches and high-level encryption to collaborate offline. Like the pieces of a puzzle, because of their data security efforts, it was impossible for any one person to upload the entire track, even if they were able to bypass the encryption efforts.

This is one step further than a VDR, because it completely removes the use of the internet to share files externally. While creative, it’s just not realistic for modern businesses to operate in this manner. A VDR is the next best thing to the tactics used by the artists in this case - and I think their life would have been much easier if they were willing to deploy a VDR.

SCIFS are the Offline Version of a VDR
A VDR is great for handling digital files, but what happens when information is printed onto physical paper or burned to portable media? Even with watermarking, murphy’s law applies to data security - if it can go wrong, it will.

In the public-sector, sovereign powers use something called a Sensitive Compartmented Information Facility (SCIF) to protect state secrets. Unlike a VDR, these are physical structures located in the homes and offices of high-level government officials. They resemble a bank vault - airtight and encased with led to prevent wireless data transmission.

The main benefit of a SCIF is that it represents a further compartmentalization of security. Gaining access to a secure building is challenging. Gaining access to a secured building, and then infiltrating each SCIF within it in order to gain secrets is virtually impossible without proper authorization. Traditionally utilized by governments, businesses around the globe are now installing SCIFS in their corporate offices. They allow for sensitive meetings to take place in a secure setting. They are especially useful for boardroom meetings where intellectual property and other highly confidential data is transmitted to a group of people.

Both a SCIF and a VDR offer a show of force. When personnel interact with them, they get a sense of the gravity of the situation. They psychologically understand that what they are interacting with is privileged. This step alone deters would-be leakers from accidentally sharing information with unauthorized parties.

With increased media attention, I’m hopeful that more and more small businesses learn to utilize VDRs. As they scale, they should invest in SCIFs to help support safe data sharing with outside parties.

What’s hot on Infosecurity Magazine?