Today corporate information has no boundaries. The increase in workforce mobility, home offices, and now Bring-Your-Own-Device (BYOD) trends have extended the corporate perimeter beyond the corporate network and corporate managed devices. Corporate information is heavily being accessed, used and shared by people using different devices (company-owned and BYOD) not only from within the (protected) corporate network but also on the move (over public networks like the Internet) – thus creating data leakage points that require a different approach to security and data loss prevention than the traditional perimeter-based approach. CIO/CISOs need to look beyond the traditional IT-centric approach and think about information-centric file security, where the security and user experience are on the same plane.
Here are six of the biggest trends in Enterprise File Security today:
- Embedded Enterprise Digital Rights Management (DRM/eDRM) or Enterprise information rights management (IRM) – Legacy enterprise DRM solutions were restricted to certain file formats and were difficult to use. Hence end-users tried to work around them or avoided using them – preventing large-scale successful deployments. The next-generation enterprise DRM solutions seamlessly integrate rights management in the regular workflow of end-users (Outlook, right-click, drag-and-drop, and file sharing) and embed the controls within the documents themselves. The files shared across corporate fence are DRM-encrypted such that the access rights travel along with the documents. The documents are only usable by the authorized recipients and within the authorized environment. The document owner (and the corporate IT) can control the use of shared documents and manage (and even revoke) the permissions to open, view, download, print, copy-paste, forward and edit those documents. The documents are protected even after they are downloaded by the recipient on a device not under control of the company IT. In addition to the protection, the embedded DRM enables detailed tracking and auditing of shared files wherever they go – independent of location, device and user.
- Multi-dimensional Access Rights – Multi-dimensional access rights provide enterprise IT control over the access parameters such as who can access data, what files can be accessed, what operations can be allowed on file and so on. Through this, IT can get complete control over defining employee access, collaboration and sharing rights based on role, activity, time, device parameters and geographic or IP locations.
- Content-aware Data Loss Prevention (DLP) Integration – For last many years enterprise have adopted content-aware DLP solutions from providers like Symantec, McAfee and Websense to help them create data classification mechanisms and further apply the DLP policies to monitor (and block) the sensitive contents at egress point (gateway or data-in-motion solution) and, to detect sensitive data stored within corporate systems (discovery or data-at-rest solution). With the rise of enterprise file sync & share (EFSS), the big trend today is the integration of these classification engines to apply appropriate file security policies (like DRM-encryption) before the files can be shared with any third-party. For example, corporate IT should be able to block files having keywords such as “classified” or “confidential” from being distributed beyond a pre-defined list of users and perform DRM-encryption on other files. These classifications could also be assigned to flag anything that looks like a credit card number from being copied or forwarded, which is important for organizations that must maintain certain regulatory compliances. Without such integration, EFSS solutions would fail to meet the compliance requirements needed in regulated verticals.
- Aggregation of Content for Applying Security Controls – Enterprise content management (ECM) systems, such as SharePoint, have long been the go-to data repository for medium- and large-sized organizations. However, SharePoint is not always an organization’s sole data repository. Other file-sharing platforms, such as NAS or Google Drive, could also be used at varying levels across many departments within an organization. An emerging trend, as a result, is that enterprise file sync & share solutions are becoming aggregators of documents across all data repositories in an organization. By using a secure file sharing platform for aggregating documents in one place and then providing users anytime, anywhere access to those files from any device, IT departments can create a productive and flexible experience for the end user while maintaining access control and apply DRM controls uniformly to files across all repositories.
- Cloud Information Protection and Security – Businesses are increasingly moving to cloud solutions. The biggest challenges to cloud adoption are data privacy, data residency and regulatory compliance. These laws can vary by region or industry, and sometimes conflict between countries. Finding a cloud solution that satisfies a variety of privacy regulations while maintaining accessibility of data can become a daunting task. One big trend to solve these issues is to move focus away from data location and onto the data itself. If properly protected, such that access control and the ability to view data in the clear are exclusively in the hands of enterprise IT, data can move anywhere it needs to go without triggering cloud security issues. There are two key components to this approach: encryption and tokenization. Strong encryption, like AES 256-bit encryption, and exclusive ownership and control of the encryption keys by enterprise IT, make it impossible for cloud providers or other external parties to access data without IT’s permission. Tokenization keeps all the original sensitive data local and stored locally such that it is never accessible in the original form in the cloud. This can help organizations overcome data privacy, residency and cloud security issues.
- Data Containerization – As bring-your-own-device (BYOD) becomes more common throughout the workplace, data containerization techniques are used to keep corporate files separate from other data on an employee’s personal device. Data containerization ensures that data is stored in a secure container on mobile devices to enable secure BYOD. The container is always kept encrypted to protect it from unauthorized access with the ability for IT to securely wipe its contents if the device is lost or the user leaves the organization. The container can be further protected using a PIN unique to the device. Geo- and IP-fencing capabilities can further protect the contents by wiping the container when the device leaves a pre-defined geography or IP range. All this combined can ensure unmatched end-to-end file security.
The value of successfully implemented file security will bring you closer to a secure enterprise, which is critical part of CIO/CISO and IT Director roles.
Also, read about 5 big trends in the enterprise file sync & share market.