There is a growing need for ensuring data protection across applications, devices, and users. As information sharing becomes increasingly prevalent, the state of data security remains vulnerable. Just as end-users are collaborating with external parties to conduct business, so too has the IT business model evolved to one of collaboration. Today, IT and business unit leaders work together, embracing mobility and cloud-delivered file sharing services. This has resulted is extending the flow of information to beyond the secure confines of corporate controlled perimeters, thereby creating security risks and compliance challenges.
To evaluate the challenges, best practices, and solution requirements for securing data communications, Enterprise Strategy Group (ESG) conducted a survey of 200 IT and cybersecurity professionals across industries and organisations of varying sizes. The results confirm how widespread external collaboration is and reveals the pitfalls associated with it. While unauthorised access, malicious software and stolen credentials were all named as likely ways of losing enterprise data, lost portable storage devices (still one of the most common ways of sharing data with external partners), e-mails sent in error and theft by trusted partners figured almost as highly.
This survey report, ‘Securing Information in the Age of External Collaboration (2016)’ identified the following factors that are posing new challenges for protecting sensitive data assets:
- External collaboration: Collaborating and sharing information with external sources, which is now an inherent part of almost every workflow
- Hybrid IT: The multidimensional nature of hybrid IT environment that results in data assets being sent, received or stored via on-premises and cloud-based services
- Workforce mobility: An increasingly mobile workforce, which accesses corporate information outside of the firewall—often from unmanaged devices
- Shadow applications: The use of shadow IT applications and solutions used inside organisations without explicit approval for storing, managing, and sharing of sensitive data is a reality in many establishments.
The respondents of the survey stated that the rise of enterprise file sync and share services (EFSS) exacerbates the problem of data lost through external collaboration. Although its popularity was driven initially by users copying work data to their own devices, EFSS services are now regularly used alongside e-mail, FTP and portable devices to share files with third parties.
The new business landscape
The survey underscored many issues relating to data security and the growing concerns that are impeding the use of contemporary technologies such as Cloud and BYOD. Emphasizing the role of security and compliance in the workplace, the survey highlighted the following findings:
- External collaboration is now common in business. ICT professionals perceive actions associated with external collaboration to be a big threat. The report also reckons that sharing of files with external parties including partners, contractors, customers, and more, is a widespread practice. About 34% of participants indicated that 26% to 50% of their employees regularly share files with individuals external to their organisations
- The fear of data loss is prevalent. Not only did 98% of respondents cite the loss of sensitive data as a top or significant concern, but many also indicated that their organisation has already lost data by various means
- Organisations prefer using EFSS for sharing files. About 75% of respondents said that they use EFSS to share files with others and 54% said that their end-users use two to three authorized and unauthorized file sharing services
- Users prefer uniform security solutions across devices, applications, locations, and file types. While EFSS is highly popular, traditional methods of sharing files, such as FTP (File Transfer Protocol), portable storage devices, and email, are still preferred by many
- Risks in external collaboration drive EDRM (Enterprise Data Rights Management) usage. Due to the prevalence of external communications, about 47% of respondents have already deployed an EDRM solution and 37% have stated that they are committed to doing so in the next 12 months
- Organizations prefer EDRM integration with complementary solutions. In addition to EDRM, organizations prefer employing a variety of controls for security and compliance purposes at endpoints
New requirements for securing information and communication
It is clear from the ESG survey that the potential problems associated with external collaboration are driving interest and investment in EDRM. As per the report, organisations want and need to share information with external parties, but want data integrity to be preserved both inside and outside the establishment, without compromising the resources and processes that make the business work.
To secure external communications, there is a growing realization among users for a strategic imperative to apply contemporary security controls. Any organisation that needs to share data, but wants to control who can access them and what can be done with them would benefit from EDRM. Senior management, Sales, HR or Payroll – anyone who comes in contact with sensitive information that may need to be shared externally – will benefit. With the right EDRM solution in place, enterprise need no longer fear sharing information and can embrace external collaboration with confidence.
Today’s EDRM solutions don’t just require you to put a password on a document before you share it. They are based on the four Ws: Who, What (view, print, cut/paste, screen share, etc.), Where (location/device), and When. Organisations with the right EDRM solutions in place now have the ability to manage and quickly change who can view, edit, copy, screen capture and re-distribute files. Users can specify which devices a document can be viewed on and for how long. An audit trail is also created, clarifying who has accessed a document and when. Some market-leading solutions today support two-factor authentication using encryption keys that are enterprise controlled to lock down server-to-server communication. Extended watermarking features allow every document to be given a dynamic, user-specific watermark. This can help drastically reduce the risk of data leakage, even from mobile devices and cameras. Client-server communication is made more secure through the incorporation of SSL (Secure Sockets Layer) tunnelling features.
EDRM is a core element of a data protection strategy in any organization and represents a way to extend security beyond the corporate perimeter to wherever information travels. But as newer and more challenging data theft tactic emerge with time, the upcoming EDRM solutions must help in controlling usage capabilities across a range of applications and file types, without adversely affecting user experience and workflow. According to the ESG survey , developing such a perimeter enables the execution of policies attached to data, which may be used or shared across any application, device, or network. Its development is possible if next-generation EDRM solutions meet a set of enterprise-ready requirements. These requirements may be based on a rich policy lexicon and a set of integrations with complementary controls for automation, ease of use, and operational efficiency.