A few years back corporate files were restricted only to laptops and desktops for end-user consumption. Today mobile devices are multiplying at a rate five times than humans. And, mobile devices - company-provided as well as personally-owned (Bring-your-own-device – BYOD) - are increasingly being used by employees for office work. As a result, information security dynamics in enterprises have changed significantly.
Given the sheer volume and frequency of file access, sharing and collaboration through multiple devices (including mobile devices) across the enterprise today – be it within the corporate network or while outside the corporate perimeter, security-minded IT departments need to understand the multiple dimensions to new challenges in information security.
Further, when corporate files move beyond the corporate network on employee devices or on third-party devices (through file sharing and collaboration), things can go wrong drastically wrong beyond imagination if you’re not prepared.
Digital rights management (DRM) and enterprise mobility management (EMM) technology are now being considered essential. But you need to look at next generation information security holistically, rather than looking at just the point products that solve individual pain points or challenges.
Here are the 7 secrets of successful enterprise file security:
- Protect information across states and throughout its life cycle
Data is everywhere, and when broadly categorized, three states of data exist: data-at-rest, data-in-motion and data-in-use. There’s an increasing focus on prioritizing the protection of data and information rather than endpoint devices. Each distinct state of data presents its own file security challenges. Without a solution equipped to protect data in all states, it’s impossible to achieve a win-win for both enterprise IT (for end-to-end holistic security) and end-users (secure file sharing aka enterprise file sync & share (EFSS), anywhere access and mobile collaboration).
- Protect information across devices: company-managed, BYOD and third-party
People are increasingly using personal devices (through BYOD) and huge amount of corporate data is being shared with third-parties as part of business requirements. Hence traditional perimeter-based and endpoint-based security solutions are not enough as they provide protection only within the corporate perimeter and only on the company-managed devices respectively. Corporate data needs to be protected through an information-centric security approach that emphasizes the security of the information itself rather than the security of networks, applications or devices.
- Protect information from data loss events like theft or damage of end-user devices
Your file security is incomplete without endpoint data protection (that includes policy-based endpoint backup, on-disk encryption and remote wiping). Over last few years, endpoint data protection has transformed from a nice-to-have to an essential requirement of enterprise file security. Businesses need to have endpoint data security risks minimized without impacting the end-user productivity.
- Apply access policies uniformly - irrespective of device, user and location
With the corporate information breaching the traditional security boundaries of corporate network and company-managed devices, it is important for enterprise IT to control multidimensional access rights to answer the questions surrounding who, what, when, where and how files are accessed. IT teams want to grant the flexibility while maintaining enterprise file security along the way. This means the secure file sharing (aka enterprise file sync & share or EFSS) solution you adopt needs to have enterprise digital rights management (eDRM) options for how enterprise files are accessed and shared. A sophisticated EFSS system should have DRM features that allow IT teams to follow data wherever it goes. These features could allow a file to be downloaded with restrictions that limit formats, place limits on how many downloads are permitted, control copy-pasting and sharing of information with third-party applications or individuals, or restrict the spread of enterprise information through watermarks or disabling screenshot capabilities.
- Embrace true Enterprise Mobility Management – focus on data and not device
EMM is necessary for data protection and control due to the mobile nature of our data and the world we live in. Mobile devices are becoming the primary means through which data is lost. A successful BYOD policy requires a paradigm shift by the enterprise. You must focus on protecting your data, not the device it’s on. Once you’re able to accept that enterprise files live in the same space as end users’ personal apps and files, and that devices could get lost or stolen at any time, you start to see the futility in trying to protect the device. Focus on the data instead.
- Keep security parameters under dynamic control of IT and owner of information
Security needs to travel along with the information as it moves across endpoints, across networks and across users (including with people outside the organization). This effectively means that a file always needs to travels within a security envelope that can only be opened by authorized users, from an authorized device and from authorized locations based on access rights defined by the corporate IT and the owner of the file. The document owner (and the corporate IT) should be able to control the use of shared documents and manage (and even revoke) the permissions to open, view, download, print, copy-paste, forward and edit those documents. The security solution should protect the documents even after they are downloaded by the recipient on a device not under control of the company IT.
- Make information traceable
Once all levels of protection and security parameters are applied on file access, use and sharing within and beyond corporate network, enterprise IT administrators (as well as end-users/document owners) should be able to monitor all the actions performed on their data and make the information available as audit-trails and reports, if required for investigation or regulatory compliance.
Thinking about these seven points above will help set you on a path of discovery and ultimately drive you towards the best information security, enterprise mobility and enterprise rights management solution.