The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap

You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your content in the cloud is dangerous. The truth is that top tier cloud storage is more secure than most organizations’ on-premises data centers. Consider that most of the high profile data breaches have been on on-premises data centers.

During an Enterprise Content Management (ECM) assessment project, I mentioned to a client (in Canada) that I was willing to bet that some of their users were using consumer file sharing services. There were noddings of heads, murmurs of assent, and an “OMG how does he know?

cloud-client-shocked

(Image Source: Shutterstock)

In a meeting less than five hours after I mentioned it, an executive from one of the stakeholder groups got a call from security stating that her team was violating policy by using a well known consumer grade file sync and share (FSS). This client had deployed an ECM platform; one of the key drivers for the platform was sharing of content among collaborators. Consumer grade FSS services were not supposed to be necessary. One of the key inhibitors is Citrix.

What Options?

cloud-cloudtweaks-comicSo, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug with Citrix.

I mentioned to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS) service. Their Director of IT Infrastructure told me that the executives were scared of any cloud service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. government wants to get at stuff in Canadian data centres they will? And dig this … some of the better known cloud providers have been working on tools that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by the government. Hey, they can still come to you and ask, but at least you’ll know, no? Can you imagine!?!

Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around.

Instead of blocking access to consumer services, IT and security ought to:

  1. find out why staff is using the services in the first place;
  2. identify and provision SECURE enterprise grade services;
  3. develop appropriate policies for using EFSS services, including remedial action for violating the policies.

If staff are using consumer services to share business content, it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.

Part of the fix may actually be to provision EFSS to staff. Think about this for a moment; EFSS providers make money by providing a secure way for people to share content and collaborate.

How do you make money? What’s your core strength?

By Chris Walker

About Chris Walker

Chris is an independent consultant that is involved in the Information and Content Management space. Chris is also a prominent keynote speaker and writer who has published articles on sites such as CMS Wire and Tech Target.

View Website
View All Articles

Sorry, comments are closed for this post.

Comics
Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Cyber Criminals Are Business People Too

Cyber Criminals Are Business People Too

Cyber Crime Business You’re on the morning train on the way to work and take a look at the guy next to you. He’s clean-cut, wearing a crisp suit and holding a leather briefcase just like dozens of others. Just another worker headed to the office, right?. Yes, but not in the way you think…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…