The dangers of external collaboration on data
Seclore’s new survey reveals the depth of ICT professionals’ fears that external collaboration is leading to data leakage
File sharing and external collaboration may be the norm for today’s enterprises, but a new survey reveals ICT professionals’ concern at the prospect of shared data being lost or stolen. The survey, titled Securing Information in the Age of External Collaboration, interviewed 200 senior ICT and security professionals in North America over the first six months of this year. Respondents were asked how much they work with third parties, what kind of files they are regularly sharing and which methods they used to share files.
The survey, conducted by Enterprise Strategy Group (ESG), confirms how widespread external collaboration is, but also reveals the pitfalls associated with it.
While unauthorised access, malicious software and stolen credentials were all named as likely ways of losing enterprise data, lost portable storage devices (still one of the most common ways of sharing data with external partners), e-mails sent in error and theft by trusted partners figured almost as highly.
For example, 61% of respondents said it was likely or somewhat likely that data was lost through lost portable storage devices. Sixty-seven percent said it was likely or somewhat likely that e-mails sent to the wrong person led to leakage of sensitive data.
Worryingly, 56% believe it’s likely or somewhat likely that partners, contractors and customers have stolen information intentionally shared with them.
By contrast, 64% said it was likely or very likely that unauthorised access led to data leakage. Sixty percent named malicious software as a likely or somewhat likely cause of data loss. Fifty-six percent said it was likely or somewhat likely that a hacker with stolen credentials had made off with sensitive data.
The conclusion is clear: ICT professionals perceive actions associated with external collaboration to be as big a threat to information security as malicious acts. The report also makes clear, however, that sharing of files with external parties is a widespread practice.
Thirty-four percent of respondents said that between 26 and 50% of their employees regularly share files with third parties. Another 18% said that more than half their employees regularly share files.
The report reveals that information of a highly critical nature is also being shared routinely. Forty-nine percent say that customer information and intellectual property is regularly shared, followed by proposals and pricing documents (48%) and legal agreements & documents (47%).
Respondents lament that the rise of enterprise file sync and share services (EFSS) only exacerbates the problem of data lost through external collaboration.
Although their popularity was driven initially by users copying work data to their own devices, EFSS services are now regularly used alongside e-mail, FTP and portable devices to share files with third parties. Respondents believe their colleagues tend to use multiple EFSS solutions (some authorised, some not), with 37% saying they believe four to five of the services are in use within their organisation.
The potential problems associated with external collaboration are driving interest and investment in enterprise digital rights management (EDRM), the study found.
Forty-seven percent of respondents have already deployed an EDRM solution and 37% said they are committed to doing so in the next 12 months. Of those who already have an EDRM solution in place, 69% said they have plans to refresh or augment them.
Respondents were clear that EDRM solutions need depth to be effective. Enterprises need to able to track a document, revoke access, put time limits on it, restrict access to a certain IP address and to completely control what can be done with it (e.g. disabling features such as print, cut & paste and taking a screen grab). This level of control needs to be possible across recipient device and application types.
Respondents also noted the need for EDRM solutions to integrate with the tools used to send, store and create the content being shared. These include e-mail, enterprise content management (ECM), ERP and EFSS platforms. Integration helps ensure that EDRM becomes part of everyday working practice with less need to rely on end users to manually address security.
Amongst the biggest challenges with current ERDM solutions are their inability to integrate with existing systems, difficult management for IT and difficult utilisation for end users. This reinforces the need for solutions that are easy to integrate, manage and use, while delivering high levels of protection and control.
The research clearly shows that external collaboration is now a standard part of working practice, but that sharing files has significant implications for information security. IT professionals seek solutions that persistently control who, what and when of end user access to files, while integrating with existing enterprise platforms and being easy to manage and use.
Amit Malhotra, VP Sales India Middle East & Africa, Seclore.