Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

File sharing and mobile productivity: How to limit risk

A more remote and mobile workforce is helping companies to reduce costs and improve employee productivity and collaboration. However, organizations leveraging remote and mobile employees are also at greater risk of losing control over their sensitive data as more files are accessed and shared from smartphones, laptops and other mobile devices. Chief security and information officers in the enterprise are bedeviled with new concerns around sensitive company or customer information ending up outside the organization – either accidentally or through malicious intent. Data loss is a concern for organizations of any size, in any industry, from a competitive, regulatory and ethics perspective.

Employees are drawn to consumer-friendly technology solutions when searching for collaborative platforms since these solutions, including Skype, Gmail, Box, Dropbox and countless others, are readily available, feature easy-to-use interfaces and are usually free.

While these tools are great for an employee trying to get his work done, they can undermine management's efforts to maintain the privacy of company information. These products store information on cloud servers outside of company ownership, and, more disconcerting, their security falls short of solutions designed specifically for the enterprise. While some consumer tools might have firewalls or perimeter security methods to protect the data stored in third-party cloud data centers, no consumer technology protects data itself – that is, none of it secures files directly or protects files wherever they might end up.

In a recent Enterprise Strategy Group survey of organizations that have online file-sharing solutions, the greatest challenge they reported was with security (46 percent), which was closely followed by training users (40 percent) and monitoring and enforcing internal processes (33 percent.) For those who mentioned security as the greatest concern, data loss and theft were overwhelmingly the security issues named: 51 percent were most concerned with data loss or theft from an outside attack, 48 percent were most worried about the risk of an accidental data breach by an employee, and 45 percent felt that the risk of a malicious data breach by an employee was the biggest issue.

Two of the biggest things that stick out from ESG's research are:

  1. Online file sharing poses security problems; and
  2. Employees struggle with adapting to complex technologies.

The latter point may even have the direct effect of leading users back to the insecure consumer-grade technologies that posed a security issue in the first place. It's clear that security and usability are the most vexing issues for IT administrators, chief information officers (CIOs) and chief technology officers (CTOs) who want to provide employees with the tools to work most effectively on any device, but also need to avoid exposing the company to risks.

For security-conscious technology decision makers, it is  necessary to evaluate employee behavior, the policies that impact sharing and collaboration in (and outside) of workflows, and what role the technology selected or approved plays within all of this to ensure data is truly secure.

When considering the risks of data leaks, you can make the right decision about solutions for sharing files. As a gut-check, here are three quick considerations to make the most out of how files are shared and employees are collaborating in an organization:

  1. Concentrate on who is handling the files. If you know who is dealing with what, you are two steps ahead of a potential data leak.
  2. Create strict policies around intellectual property, regulated customer data and the files that are most valuable to your organization's competitive advantage or legal compliance.
  3. Consider where your data is coming from and how it is shared from the source to every individual in the company.
If you follow these simple guidelines, and roll out collaboration solutions that ascribe by a carrot – rather than stick – policy to encourage employee adoption, expect big gains in both data protection and the benefits of running a mobile-friendly enterprise.
Ryan Kalember

With 20 years of experience in the information security industry, Mr. Kalember currently leads cybersecurity strategy for Proofpoint and is a sought-out expert for leadership and commentary on breaches and best practices. His global team of security experts ensures that Proofpoint’s customers have consistent insight into the attacks that target their people and the best defenses they can implement to mitigate them.

Mr. Kalember joined Proofpoint from WatchDox where he served as chief product officer, leading the development of pioneering data-centric security solutions through to the company’s acquisition. Previously, Ryan ran solutions across HP’s portfolio of security products, was director of product strategy at ArcSight, and held a variety of positions at VeriSign, including EMEA regional manager and senior product manager. Early in his career, Ryan was a security practitioner, helping build many leading security organizations and security operations centers (SOCs) around the world. He received his bachelor’s degree from Stanford University.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.