Avoiding data-sharing disaster: sharing documents more risky than you think

Organizations are working collaboratively more than ever before.

Not only must they circulate documents for due diligence and compliance purposes, but also in everyday interactions with partners, customers and off-site employees. And there's no end in sight for this trend. The turbulent economy, heightened cost pressure and growing compliance demands are driving collaboration as companies restructure, link-up and seek partners to improve efficiency and competitiveness.

Although sharing documents with external parties is inherently risky, companies can't do business without doing so. To collaborate with external parties, companies let sensitive documents travel outside the firewall where they lose the organization's direct control.

CISOs need to provide safe and efficient means to establish and enforce controls over documents, facilitating collaboration with others beyond the organization.

Document sharing options

Currently, organizations use a number of collaboration options, including overnight mail, email attachments, intranets, online collaborative spaces, FTP sites and VPNs. Despite the security, setup and management problems that make these options unsatisfactory, businesses share sensitive documents whether they have a safe platform or not. However, the emergence of cloud computing has given rise to the best option yet for sharing documents: secure online work spaces.

IT can leverage online work spaces by creating and enforcing policies to safeguard the company's sensitive information, effectively creating a platform that enables business users to share documents in compliance with policies. In a secure online work space, any authorized person can access, share and collaborate on documents from any place and at any time – with confidence that the documents will remain safe.

Secure online work space

A secure online work space offers an access-controlled internet location where an organization can put documents to be shared. The organization can control who sees which documents and what can be done with them. The best online work spaces take advantage of document compliance technologies, such as digital rights management and watermarking, to extend this control beyond the collaborative space.

Protection offered by online work spaces varies widely. The most secure work spaces provide features such as operator shielding, which prevents the provider's staff from viewing the data and shields key management, as well as encryption from systems operator personnel. To ensure proper encryption, documents should be encrypted with 256-bit (AES) key at rest and 128-bit SSL during transmission.

To assure data destruction, all documents can be destroyed simultaneously by destroying the encryption key. Strong authentication can be assured with two-factor authentication, which protects against password fraud. For document access control, a role-based permission system enables precise definition and enforcement of centrally-defined policies.

Another area to consider is the management of digital rights. Integrated rights management extends protection to all documents and all users. For traceability, all events and actions in the system should be captured in a time-stamped audit trail. Data centers should be equipped with multilevel firewalls, intrusion detection, virus protection and load balancing. Additionally, data centers should have automated backup and recovery processes in place and the work space should be able to restore content from the encrypted backup files.

Five key roles for the CISO

IT management must become involved before collaborative sharing produces disastrous results. Policies should be set in place to ensure safe collaboration before unsecure document-sharing takes place. These challenges can be met by focusing on five key roles:

1. Identify, review and apply existing security controls and policies – leverage security work that IT already handles for the organization.
2. Assist the business in defining new controls and policies – the new collaborative space may require additional controls and policies specific to particular tasks.
3. Determine user requirements and define an application that enables users to conduct crucial business processes while adhering to defined policies.
4. Manage the online collaboration relationship – this includes monitoring service-level commitments and choosing between an on-site solution, a SaaS solution or one that can be changed from one model to the other.
5. Integrate with the online space – expedite the flow of documents between the existing IT infrastructure and the secure online space.

By assuming these roles, the CISO can enable the organization to collaborate freely with external partners, reaping the rewards of improved productivity and security simultaneously.