With the rise in the number of IT-sanctioned business-productivity tools, applications and businesses migrating to the cloud, enterprises are embracing methods for work to get done to be faster, more efficient and more collaborative. However, with all this collaboration also comes risk when critical content is shared across a wide range of users and collaborators inside and outside the enterprise.
While this “data everywhere” philosophy is great for efficiency, it’s devastating to traditional security models because they fail to protect data, especially when both the user and the data are beyond the security perimeter. But the problem goes beyond simply trying to extend the perimeter to the cloud when data, files, and emails are mobile. They can be copied, forwarded and saved to USB devices. When there are many paths to the data, and the data itself is portable, a one-time allow/deny decision at the network or application level simply doesn’t cut it.
Once organizations shift from whether or not to embrace collaboration, the question becomes how to do so securely. In this eWEEK Data Point article, using industry insight from Vera Security, we offer five key criteria for IT and security teams to enable the secure collaboration in today's cloud and borderless enterprise.
Data Point 1: Building security for the lifecycle of data
Once we shift from whether or not to embrace collaboration, the question becomes: How do you do this securely? Security teams must first ensure that they see the full scope of the problem. The knee-jerk response might be to say: “Well, if users are storing less in Application X, then we should add a security layer for Application X.” This is a common approach, however; it can get difficult to manage very quickly as users adopt new applications with new features.
But this approach contains an even bigger problem: It falls back on old perimeter thinking. This is a holdover mentality from a time when users and their data were considered to be safe on the inside of the network. That is no longer the case, and data can have a very long life after being accessed in the collaboration app.
Data can be saved, copied, forwarded and shared in other applications indefinitely. This is the lifecycle of modern data. There are many paths to access, many devices upon which it can be stored, and it can live indefinitely. In short, data must be secured across these three phases: when it is accessed in the application, in transit and at rest.
Data Point 2: Identifying friends vs. foes
Enterprise data can be lost in a wide variety of ways, and it is not always the clichéd “hacker in a hoodie” who is behind it. While cyberattacks are ever-present and continue to grow in sophistication, some of the largest breaches of the past few years have been due to data that was exposed by insecure business partners or simple mistakes from internal staff.
Data Point 3: Embracing the rise in cloud and productivity apps
While email is a traditional source of data loss, content collaboration tools that connect users and teams both inside and outside an organization also are having an impact. Most organizations are well aware of tools such as Dropbox and SharePoint for sharing files and collaborating on projects. However, these are just the tip of the data-sharing iceberg with a wide variety of tools such as Slack, messaging apps, Google Drive, Box, Jane.ai and many more, allowing users to share data and files.
Data Point 4: Don’t forget third-party threats & the partner ecosystem
In many cases, a critical mistake can occur outside the organization entirely. As businesses become more interconnected, data moves back and forth across organizational boundaries. While you may take the utmost care with your data, it is almost impossible to fully control the ways that everyone else in your ecosystem behaves. In fact, this has quickly become one of the most notorious sources of damaging data breaches.
Data Point 5: Achieving security in the age of collaboration
Collaboration is rapidly redefining how organizations get work done. Far from being a “nice to have,” collaboration tools have quickly become front line tools for working with data. What began with tools like Box and Dropbox has spread to applications of all types. Some of these applications could be sanctioned at the corporate level, used in an ad-hoc way by teams (e.g. Slack, messaging apps), or even simply by an end-user’s personal favorite application (personal Gmail or Google Drive). While organizations always try to drive adherence to the sanctioned corporate tools, users tend to gravitate to their personal favorite apps or what they see as the most convenient in the moment.
Let’s face it: When a new technology stands to make the organization more productive and more competitive, the security team can’t afford to be the “Department of No.” According to Gartner’s recent Cloud Collaboration Magic Quadrant, by 2022, 50 percent of enterprises will be using content collaboration platforms, which proves that while collaboration can pose a challenge to security, avoiding it entirely is simply not an option for most organizations today.
By adopting a data-centric approach to security and bringing dynamic encryption to the data or file itself, security teams can get out of the losing proposition of trying to predict every how, when, and where of every asset. Instead, they can focus their time and efforts in other areas, while at the same time become the “Department of Yes,” which is a win-win for everyone.