The true cost of metadata | SC Media
Privacy

The true cost of metadata

March 17, 2014

It seems like every day, there's a headline about a new phishing scam, surveillance breach, data leakage, or other act of cyber warfare that reveals the extent to which online data can be exploited. Whether it's an act of government snooping or online business gathering personal information for ad campaigns, people are growing wary of federal agencies and associated technology companies collecting data. This pervasive distrust can cause startling financial afflictions; Forrester Research recently predicted that the U.S. cloud computing industry alone stands to lose up to $180 billion by 2016 as a result of the National Security Agency (NSA) PRISM project being made public. The reality is that federal bodies across most countries are secretly gaining access to data from service providers and, therefore, unlimited insight into corporate data. 

A lack of transparency from the “powers that be” is forcing businesses to quickly rebuild their strategies around privacy and trust to protect their intellectual property and ensure that employees act responsibly. But this is increasingly difficult considering the amount of information that businesses develop, store, and share, on a daily basis, from a multitude of devices. Cisco predicts that there will be 25 billion devices connected to the internet by 2015, and 50 billion by 2020, amounting an unthinkable volume of data traveling between different systems and devices. This data boom is leaving business struggling to make sense of information, let alone protect it.

Part of the problem with this information overload is that it is simultaneously increasing the amount of metadata. While invisible to the naked eye, metadata – or hidden information within documents – can actually cause more damage if exposed than the visible data would. Metadata exists in various documents in many shapes and forms, from track changes in a Microsoft Word document and geo-location data in a digital photo, to document properties, such as title and subject author, in PDF files. Additionally, beyond this traditional understanding of metadata, analysts increasingly consider metadata integral in Big Data strategy as the underpinnings of all content that resides in the enterprise. 

While metadata is valuable for organizations to leverage internally, if shared externally, it can expose highly sensitive information to undeserving recipients and create gaping security holes, not to mention cause extreme risk to reputation. One recent incident involved a financial institution in the UK that mistakenly released the personal data of more than 2,000 residents, including names and details about their sexuality, histories of domestic abuse and health problems. The accidental release occurred because the official that released the PowerPoint did not realize that a graph within linked back to an Excel sheet containing personal information.

With a laser sharp focus on privacy and trust, businesses are increasingly considering metadata a significant component of corporate intellectual property that must be protected in order to uphold customer loyalty and trust. Companies in highly regulated industries like healthcare and finance are particularly keen to protect all content within documents, given that much of it is highly sensitive and confidential customer information. Gartner even predicts that 80 percent of highly regulated organizations will embark on aggressive awareness campaigns focused on metadata by the end of 2013.

Today's increasingly complex threat landscape makes it even more difficult to protect metadata. Aside from publicized events, new working habits are also increasing the likelihood of confidential data being exposed, whether the data is personal information or just comments that shouldn't have been shared with a client. Key to this is the rise in workforce mobilization, which exacerbates enterprises' vulnerabilities to metadata leakage. Knowledge workers today require access to documents outside of the office and often use their own mobile devices and unsecure, free, file-sharing platforms to share corporate information. In fact, a recent survey of more than 5,000 global corporations revealed that 72 percent of knowledge workers are relying on unauthorized file sharing services, raising major concerns over the security of corporate documents.

To regain control over corporate documents, businesses in highly regulated industries are increasingly turning to enterprise-class file sharing and collaboration applications, which strike the balance between corporate data security and user agility. These applications contain policy-driven protection to reduce the risk of employees inadvertently sharing hidden information in documents sent outside of the organization. The solutions can work across an organization's network as well as multiple mobile devices to ensure any confidential data remains private from all vantage points.

Businesses are forced to survive in a high-risk environment where there are innumerable channels through which corporate data can be leaked. Take the online surveillance practices underway today, add in the vast amount of data that is produced, and sprinkle in the various devices that workers use to communicate, and you have yourself a recipe for a security disaster. To combat this, organizations first must recognize that if the data they develop is indeed their most valuable asset then metadata is an opening door to this. The solutions they implement to safeguard and control their data must treat them as equal, and as they would ensure all visible information is checked and protected, so should the same practices be put in place for any invisible information – such as hidden metadata. Businesses that look at the bigger picture will see that the technology landscape is always changing, but if they continuously adapt to uphold the tenets of privacy and trust, giving employees the tools to do their jobs, they will maintain the security and integrity of the business through it all.

prestitial ad