The Security Gap: What Is Your Core Strength?

Holiday Access.png
Byod.png
Hair Loss.png
Disaster Plan.png
Disaster Recovery Plan.png

The Security Gap

You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your content in the cloud is dangerous. The truth is that top tier cloud storage is more secure than most organizations’ On-Premises data centers. Consider that most of the high profile data breaches have been on on-premises data centers.

During an Enterprise Content Management (ECM) assessment project, I mentioned to a client (in Canada) that I was willing to bet that some of their users were using consumer file sharing services. There were noddings of heads, murmurs of assent, and an “OMG how does he know?

a meeting less than five hours after I mentioned it, an Executive from one of the stakeholder groups got a call from security stating that her team was violating policy by using a well known consumer grade file sync and share (FSS). This client had deployed an ECM platform; one of the key drivers for the platform was sharing of content among collaborators. Consumer grade FSS services were not supposed to be necessary. One of the key inhibitors is Citrix.

What Options?

So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug with Citrix.

I mentioned to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS) service. Their Director of IT Infrastructure told me that the executives were scared of any cloud service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. Government wants to get at stuff in Canadian data centres they will? And dig this … some of the better known cloud providers have been working on tools that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by the government. Hey, they can still come to you and ask, but at least you’ll know, no? Can you imagine!?!

Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around.

Instead of blocking access to consumer services, IT and security ought to:

  1. find out why staff is using the services in the first place;
  2. identify and provision SECURE enterprise grade services;
  3. develop appropriate policies for using EFSS services, including remedial action for violating the policies.

If staff are using consumer services to share business content, it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.

Part of the fix may actually be to provision EFSS to staff. Think about this for a moment; EFSS providers make money by providing a secure way for people to share content and collaborate.

How do you make money? What’s your core strength?

By Chris Walker

Ray Meiring

Proposal Management Software Can Save Companies Hundreds of Thousands in Annual Revenue

Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...
Matrix

Are We Building The Matrix?…

When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...
Kelly Dyer

Achieving Data Security Compliance in the Cloud

Achieving Data Security Compliance As individuals, we go through life sharing information about ourselves in every aspect of our daily existence. From credit checks for securing a loan, through to entire personal and family medical ...
Threat Security

Azure Red Hat OpenShift: What You Should Know

Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Derrek Schutman

Implementing Digital Capabilities Successfully to Boost NPS and Maximize Value Realization

Implementing Digital Capabilities Successfully Building robust digital capabilities can deliver huge benefits to Digital Service Providers (DSPs). A recent TMForum survey shows that building digital capabilities (including digitization of customer experience and operations), is the ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.