File sharing's red herring: secure, external communication

FIle Sharing Red Herring
Keep your data all costs

You can't turn on the news, pick up the paper or scan your favorite website without hearing a report about a data breach, loss of intellectual property or hacked files. A recent statistic reported by CNNMoney revealed that 47% of U.S. adults have had their personal information hacked. The business world is also affected, with companies such as Australian telecommunications provider Telstra and even the New York City Transit Authority suffering data losses in 2014.

With cybercrime on the rise, it is no wonder that IT administrators are walking around with a glassy-eyed look of fear, wondering if their companies will be the next target. Although IT can build extremely secure internal networks, they still face a critical problem. Files must travel outside of that secure, internal data center network for external collaboration with partners, customers and other employees. When hackers and data thieves are lurking around every corner, how can the IT director say yes to unlimited sharing?

You cannot build an 8-foot wall around your company to lock in all of your data. For one, employees will find a way to circumvent those walls and take data off-site, likely on mobile devices to work from home or on the road, and data loss will still occur. Secondly, your company is not a self-sufficient fiefdom. Information must be shared with customers, partners, investors and other outside parties. Each time a file leaves a company's secure internal server, it is at risk of being stolen, shared with an unintended recipient or just lost. So, can a file ever be securely shared outside of the company's four walls?

Don't be fooled by a red herring

There are numerous solutions that claim to secure and track files for auditing purposes. However, many of these offerings are just red herrings. They may look secure and sound secure, but in reality not all file storage and sharing solutions are created equal. What is acceptable for an individual, may be insufficient for business.

The fact is: the word "secure" is a misnomer in the industry. It is not enough to just know that the file is secure while stored on a box service; enterprise security must encompass the entire lifecycle of the file and its various renditions. This is where the struggle lies for enterprise IT – it is recognizing that the term "secure" has many variations, knowing what it means for each product, and identifying what additional security measures they must put in place to protect their firm. In other words, IT must remove the big red bulls-eye attached to its company.

Defining security in your company

If IT can't keep everyone and everything contained within its own castle behind thick, sturdy walls, then there must be a clear method that allows for information to be shared externally among partners and employees. If you are an athletic shoe manufacturer, for example, you may need to share schematics and production design with the overseas production team.

Yet, IT cannot just sit back and say "share away!" What if a competitor were to gain access to this information while in transit, or even worse, via an insider threat like a disgruntled employee? Here is the opportunity for IT to fully define security within their organization by creating – and enforcing – clear policies and implementing technologies on how information is sent beyond the company's walls. In order for this effort to succeed, employee input and buy-in is critical. Without their acceptance of any policy or approved technology, IT's efforts will be for naught.

The inescapable truth is that cybercrime is becoming the new norm and that means another enterprise data breach will soon make the top story on the 6 o'clock news. Now is not the time to stand mute waiting for the inevitable breach or data loss to occur. IT administrators need to be proactive and take control over how data is shared externally, before it's their company splashed all over the news.

  • Ryan Kalember is chief product officer at WatchDox