A recent result of an Enterprise Strategy Group (ESG) research study has unveiled the challenges, best practices, and solutions required for securing data shared among internal and external individuals.
Seclore, the Enterprise Digital Rights Management (EDRM) enabler, in its survey brought 200 senior IT and security professionals with influence over purchasing decisions, highlights the need for organizations to have the necessary technologies in place to ensure policies travel with sensitive data wherever and however it is shared.
Based on the data collected from the survey, the ESG Report titled, Securing Information in the Age of External Collaboration concludes that:
- Loss of sensitive information is a top concern, and is assumed to be happening. While 98 percent of respondents cited the loss of sensitive data as a top or significant concern, many believe it is very or somewhat likely that sensitive data had been lost or accessed inappropriately in the last 12 months. Commonly stated reasons for data loss include, emails inadvertently sent to the wrong person (67 percent), unauthorized access (64 percent) and lost portable storage devices (61 percent).
- Loss of information due to human error continues to be a concern, but IT must also work to prevent theft. 56 percent of respondents said it’s very or somewhat likely that files had been stolen by partners, contractors or customers (with 28 percent saying it’s very likely), as well as 58 percent saying the same about files being stolen by employees and malicious software (60 percent).
- IT faces a new set of challenges and requirements when protecting sensitive data assets. The need to collaborate with third parties makes file sharing a common occurrence, which can also pose as a security threat if information is accessed by an unauthorized party. In fact, 34 percent of respondents noted that 26 to 50 percent of their employees regularly share files with individuals external to their organizations. Other challenges include hybrid IT, the rise of the mobile workforce and shadow IT applications.
- EFSS is quickly gaining parity as one in a variety of solutions used for sending, sharing and collaborating. Organizations are quickly adopting Enterprise File Sync and Share (EFSS) services as a means to share information, with 75 percent of respondents noting EFSS is used frequently to share files with others and 54 percent noting that their end-users use two to three authorized and unauthorized file sharing services. While EFSS is a highly popular method for sending documents, traditional methods of sharing files are still frequently utilized. Portable storage devices (60 percent), FTP (58 percent), and email (79 percent) are also reported to be used for collaboration by respondents’ organizations. The ability to persistently secure any file type across all sharing methods, devices, and storage locations is paramount.
- External collaboration, including collaboration enabled by Enterprise File Sync and Share (EFSS) services, is likely driving investment in EDRM. 47 percent of respondents indicated they have already deployed an EDRM solution and 37 percent said they are committed to doing so in the next 12 to 24 months. The trend towards increased adoption of EFSS, and the external collaboration that it enables, is likely the primary reason.
- First-generation EDRM systems are not an effective approach to persistently securing information. 69 percent of those who already employed EDRM reported current plans for refreshing or augmenting their existing solutions and an additional 27 percent stating their intention to do so in the next 12 months. Three of the top four most-cited perceived challenges of EDRM solutions stated by all respondents was their inability to integrate with existing systems, difficult policy management for IT and difficult utilization for end-users due to agent requirements. A next-generation EDRM solution, based on the results of the ESG research, can best be characterized as having increased breadth and depth in usage controls and types of files that can be protected, the ability to integrate with other applications to automate protection, and browser-based access for ease of use.
“In order to stay competitive, organizations must embrace key business agility drivers, such as mobility, outsourcing, file-sharing, and cloud-based systems, but also must acknowledge how these factors open up organizations to unnecessary security risks that can cause devastating repercussions,” said Vishal Gupta, CEO of Seclore. “Next generation data-centric security solutions are a critical piece to a strategically planned security architecture as they go beyond the perimeter and ensure that sensitive data is controlled no matter where it travels or is stored.”
“ESG’s research uncovered a classic example of how new technologies that have incredible business value can also bring security vulnerabilities that either restrict the use of such technologies, or leave the business vulnerable,” said Doug Cahill, Senior Analyst, ESG. “In order to fully embrace technologies that encourage collaboration and cost savings, businesses need solutions that provide the capability to automatically and comprehensively secure the five W’s of data control: who can access which file, what can they do with the file, from which location/device, and when.”