The Security Gap: What Is Your Core Strength?

The Security Gap

You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your content in the cloud is dangerous. The truth is that top tier cloud storage is more secure than most organizations’ On-Premises data centers. Consider that most of the high profile data breaches have been on on-premises data centers.

During an Enterprise Content Management (ECM) assessment project, I mentioned to a client (in Canada) that I was willing to bet that some of their users were using consumer file sharing services. There were noddings of heads, murmurs of assent, and an “OMG how does he know?

a meeting less than five hours after I mentioned it, an Executive from one of the stakeholder groups got a call from security stating that her team was violating policy by using a well known consumer grade file sync and share (FSS). This client had deployed an ECM platform; one of the key drivers for the platform was sharing of content among collaborators. Consumer grade FSS services were not supposed to be necessary. One of the key inhibitors is Citrix.

What Options?

So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug with Citrix.

I mentioned to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS) service. Their Director of IT Infrastructure told me that the executives were scared of any cloud service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. Government wants to get at stuff in Canadian data centres they will? And dig this … some of the better known cloud providers have been working on tools that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by the government. Hey, they can still come to you and ask, but at least you’ll know, no? Can you imagine!?!

Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around.

Instead of blocking access to consumer services, IT and security ought to:

  1. find out why staff is using the services in the first place;
  2. identify and provision SECURE enterprise grade services;
  3. develop appropriate policies for using EFSS services, including remedial action for violating the policies.

If staff are using consumer services to share business content, it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.

Part of the fix may actually be to provision EFSS to staff. Think about this for a moment; EFSS providers make money by providing a secure way for people to share content and collaborate.

How do you make money? What’s your core strength?

By Chris Walker

Episode 1: Why Small and Medium Sized Businesses Need an MSP

Small and Medium Sized Businesses Need an MSP Small and medium-sized businesses don’t enjoy the ...

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips ...

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for ...
Mark Casey Apcela

How to Optimize Your Office 365 Performance with Network Peering

Optimize Performance with Network Peering Microsoft Office 365 usage has grown significantly in recent years. More than 56 percent of organizations all around the world ...
David Gevorkian

How to Apply Website Accessibility in UX and How to Achieve Better User Experience

Design Tweaks: Apply Website Accessibility in UX In this current digital age, websites have become more complex because of the introduction of various aesthetic designs ...
Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, ...
Will Crump

The Key to a Successful M&A = Data

Successful M&A = Data Data is often the single point of failure for many organizations. Divestitures, privatization, leveraged buyouts, and management buyouts are all on ...
Juan Pablo Perez Etchegoyen

69% of Enterprises are Moving Mission-Critical Information to the Cloud

Why Security matters According to a research study by the Cloud Security Alliance (CSA), 69% of enterprises are moving mission-critical information to the cloud. These ...
Garry Connolly

Data Policy is Fundamental for Trust

Data Policy Trust Consumers once owned and protected their data independent of anyone else. Handwritten letters, paper bank statements, medical records locked up in a ...
Kayla Matthews

6 Reasons More Organizations Are Adopting Zero Trust

Organizations Adopting Zero Trust The zero trust model is becoming more commonplace in security. It's based on the realization that threats exist inside and outside ...
Kaylamatthews

What You Need to Know – IoT and Real-Time Operating Systems

Real-Time Operating Systems A real-time operating system, or real-time OS, appears to execute tasks while using a single processing core simultaneously.  However, what's really happening ...
Marty

Digital Transformation: Adapting Your Business Online

The Age of Digital Transformation There is little doubt that the transition to cloud computing is driving an insatiable demand for digital transformation. Countless organizations ...
Al Castle E911

Businesses Need E911 for Remote Employees

E911 for Remote Employees Remote working is no longer a luxury or a distant possibility – it’s the norm for enterprises around the world. The ...