File Insecurity: The Final Data Leakage Frontier

Wednesday, November 11, 2015

Scott Gordon


The growth of cloud and mobile computing, the ease at which files can be shared and the breadth of collaboration methods have all contributed to greater sensitive data exposure. At the same time, the use of targeted attacks and sophisticated malware by nation states and organized crime has increased the probability of unauthorized data access. Between 25.7 million individuals who were affected by the Office of Personnel Management (OPM) data breach and, more recently, the Experian data breach affecting 15 million T-Mobile users, it is ever apparent that organizations need to re-examine their defenses. IT professionals usually associate file protection with backup and encryption technologies within their network or at the gateway. But that conventional wisdom fails to protect file information throughout its lifecycle. To materially reduce the data leakage threat footprint, the last mile of defense is to protect the file itself.

Unfortunately, the protection of sensitive, confidential and regulated data within files being shared both internally and externally remains a significant source of exposure within many organizations. This lack of capability for controlling unstructured data as it moves through its lifecycle will not only yield more data privacy breaches but will impact the adoption of advanced enterprise and cloud content management systems --- as evidenced in the just released Enterprise Management Associates (EMA) 2015 State of File Collaboration Security report (infographic PDF). The research shows a distinct gap between file security policies and practices and the efficacy of technical controls in place at the organizations to monitor and enforce the policies.

Key findings in the report revealedthat more than 80 percent of mid-tier and large enterprise survey participants were aware of data leakage incidents in their organizations, and 50 percent experienced frequent incidents. While the majority of these organizations have enhanced technical controls and auditing, only 16 percent of the survey respondents felt highly confident in their file security investments – indicating an underlying insecurity in monitoring and enforcement capability. Fortunately, the vast majority of respondents, across IT, security and line of business roles, indicated that their organization plans to invest in stronger security controls.

As companies re-examine their enterprise content manager (ECM) systems and determine investments in cloud-based ECM and enterprise file sync and share (EFSS) platforms, security has to be as important a consideration as usability, accessibility and interoperability.  Organizations can have reasonable confidence that communications and storage are securewithin their organization and even within the repositories and application containers of reputable cloud-based file storage and collaboration vendors.  The elephant in the room is the risk of data leakage after a file is appropriately accessed or delivered.  In the EMA report, more than 90 percent of respondents stated the lack of protection of files leaving cloud-based platforms or device containers as the highest risk to adopting cloud-based file storage and collaboration services.

When that file leaves the network perimeter, by way of a share drive or email, or is pulled from a protected EFSS container, security provisions denigrate. We’ve all shared files with others in these systems… and then copied the file onto our device, forwarded to another device or possibly shared it with another user we trust that may just be outside the scope of intended recipients. Once this occurs, the rights and controls associated with the users and the document are no longer there to prevent saving, copying, pasting, printing or even screenshots. In a digital world, security controls must be persistent for those files containing sensitive, confidential and regulated data – no matter if the file is shared internally or externally and regardless of storage, delivery and collaboration method.

In today’s digitally collaborative business, file security must accommodate a broader set of applications, constituents and collaboration mechanisms including the use of cloud-based storage and sharing platforms.  To solve this challenge, one approach to consider is next generation file encryption and usage control platforms.  These platforms separate file security from file storage, distribution and content management. Most information rights management (IRM are encumbered by complex and restrictive information rights management capabilities – limited to certain user, system and application types. Since new file security platforms are infrastructure agnostic, they can offer more expedited onboarding for internal and especially external users.  More so, rather than the usual IRM boil-the-ocean application across an enterprise, new file security solutions can be applied by use case application, risk, department, recipient type and business need.

As data leakage incidents, information theft and public breach notifications increase, so too will the business and regulatory requirements to protect not only structured data, but also unstructured data throughout their lifecycles. Security professionals now have the opportunity to partner with business leadership to enable greater collaboration while managing new file data leakage risks. 

About the Author:  Scott Gordon, COO at FinalCode, Inc., is an accomplished leader who has helped evolve security and risk assessment technologies at both innovative startups and large organizations. An infosec authority, speaker and writer, he is the author of Operationalizing Information Security and the contributing author of the Definitive Guide to Next-Gen NAC. Scott holds CISSP-ISSMP certification.

Enterprise Security
Information Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.