Understanding the Dangers of Workarounds

By Yorgen Edholm  |  Posted 2010-04-08 Print this article Print

Understanding the dangers of workarounds

Before discussing how to reduce security risks associated with e-mail attachments, let's look at some common IT workarounds which employees often turn to when enterprise-level solutions are not available. Although the dangers associated with these workarounds may seem obvious, recent actions from the FTC, Department of Defense and high-profile data breaches illustrate additional education is necessary.

To alleviate the impact that growing file sizes have on e-mail networks, the common response is to place a limit on the size of messages sent and received. With Microsoft best practices limiting e-mail attachments to a mere 10MB, employees are often left to find other creative (but often unsecure) ways to send large file attachments.

Simple to use and relatively inexpensive, thumb drives, DVDs and CDs are common vehicles for transferring large amounts of data. However, these highly-portable devices quickly turn into a security nightmare when placed in the wrong hands. Although advances are being made that allow encryption of thumb drives, more work needs to be done before this method is ready for mass use. Additionally, the inability to monitor what information is copied onto devices and track where the devices go after leaving an enterprise makes achieving compliance impossible.

Using P2P in the workplace

The use of P2P in the workplace often happens with the best of intentions. Typically installed to exchange music files with friends, P2P can become an appealing IT workaround for an employee who discovers the proposal they need to send is too large to share over a company e-mail network. FTC Chairman Jon Leibowitz has recently stated that, unfortunately, "companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information such as health-related information, financial records, driver's license and social security numbers at risk for identity theft."

Dedicated FTP servers installed to overcome size limitations come with their own set of problems. In addition to being too technical for the average user, shared account names, passwords and files left indefinitely on unsecure FTP servers present a weak link in an organization's data security programs.

Yorgen Edholm is President and CEO of Accellion. A Silicon Valley veteran, Yorgen has more than 25 years of enterprise software expertise. Yorgen also co-founded Brio Technology. During 12 years as Brio's CEO, he took the company public and grew it to $150 million in revenues, with over 700 employees and a customer base of over 5,000 organizations. In addition, Yorgen was president and CEO of DecisionPoint Applications, an analytical applications company. Yorgen has served on several public and private company boards including most recently Hyperion (sold to Oracle), I-many, Resilience, Verix and Saama. He can be reached at yorgen.edholm@accellion.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel