With the increase in consumerization of information technology, enterprise mobility and demand from end-users for anywhere, anytime access to corporate data – enterprise IT is facing challenges in balancing the need of end-users and business requirements of security, data governance and compliance.
With the explosive growth of freely available consumer file sharing services enterprise IT is finding out the hard way that their employees have been sharing valuable data with external parties with little or no security measures in place.
Being able to identify what information was shared and to whom it was shared may prove difficult in times of legal or internal investigations when Shadow-IT exists.
Even those companies who have implemented an enterprise file sharing (Enterprise File Sync & Share – EFSS) solution as a Dropbox alternative may find that their ability to audit and report on what information was shared with whom and when may find that these capabilities are severely lacking in their current products.
Here are the Top 10 data governance capabilities your enterprise file sharing solution should have to meet compliance, security and data loss prevention objectives:
1. Retention
Retention is a very important part of data governance. It allows enterprise IT to keep the history of all corporate data and make it accessible when the need arises.
Retention should come in two forms:
- Data Retention or File Versioning
File Versioning is about retaining versions of data as it goes through its life cycle – being created, modified and deleted by end-users. Some businesses may require each and every version of a data item be kept so that any version of data in the past can be retrieved at any time. The IT administrator should be able to define the Retention policy to control the retention period and the other parameters like how many versions are created, how long they are stored and how versions for data deletions are treated.
- Meta-data Retention or File History
Meta-data Retention or File History is about retaining the history of all meta-data of a data item – this includes creation, modification, sharing, download, upload and so on.
Your file sharing solution should be able to perform policy-based endpoint backup with version controls for a defined retention period. Beyond endpoint backup capabilities, all the data that is being shared by your end-users - internally through collaboration or with external third-party - should be versioned and retained.
2. eDiscovery
By making use of the data and meta-data retention, your file sharing solution should be able to produce Audit Trails or Logs for electronic discovery purposes. There may be various requirements for legal eDiscovery including complying with data storage and retention laws/regulations, or being able to reproduce (old) data as evidence (e.g. in case of a litigation or court case).
3. Enterprise Rights Management for Information-centric Access Controls
Enterprise Digital Rights Management (eDRM or information rights management or IRM) allows IT departments to define granular access control over corporate information once it gets shared with an outside party. For example, let’s say you’re working with a third party and need to share a document with them. While this document could be relevant today, or even this week, it might not be the kind of information you’d want to stay available forever. Through digital rights management the access rights should travel with the document itself such that it is only usable by the authorized recipients in compliance with DRM-protection settings.
4. Mobile Content Management for BYOD
It’s fairly easy to control information as it moves through your corporate network on IT managed devices. But maintaining control of your data once it leaves you network or when used by employees on un-managed devices (like BYOD or Bring-Your-Own-Device) is another story.
Mobile Content Management (MCM) allows corporate IT to prevent data loss, security and compliance breaches by controlling what end-users can do with corporate data on their personal devices that are allowed through BYOD.
Your EFSS solution should provide mobile content management that seamlessly integrates with rights management such that files shared through BYOD devices also stay DRM-protected even after they are downloaded by the recipient on a device not under control of the company IT.
By implementing file sharing that has robust mobile content management and enterprise rights management features, IT teams can define access rights to company information based on a number of parameters, including how long the shared documents can be accessible, how many times they may be accessed, who may access it and what (edit, copy/paste, print, forward) may be done with it.
5. Online Document Viewer and Digital Watermarking
You may need to share certain documents that are highly sensitive but at the same time may not want the recipients to download those on their own devices. A web-based Online Document Viewer facilitates viewing of files within the web browser itself while allowing control of things like copy-paste, printing and email.
Watermarking allows organizations to easily and effectively assert ownership over sensitive documents. It discourages illegitimate reproduction and deters data leakage. Your EFSS solution should allow IT administrator to enforce watermarks and also restrict the sensitive contents to be accessible only through online document viewer (without downloading). The watermarks carrying email address, IP and time stamp of access can also be enforced.
Watermarks can also be enforced through DRM policies such that all documents downloaded by third-party would be presented as watermarked PDF.
6. Integration with Data Loss Prevention
If you are in a security-conscious regulated vertical integration of file sharing and DRM with content-aware data classification is required for compliance as it ensures that the information that requires the highest security is locked down automatically, while information that does not need securing is not touched.
Your file sharing solution should be able to integrate with popular content-aware Data Loss Prevention (DLP) solutions (like Symantec, McAfee, Websense) ensuring that files that end-users share using secure links can be subject to content filtering and any sensitive documents can be blocked or protected with digital rights management to ensure security and prevent data leakage.
7. Encryption
Encryption is the best tool to guarantee that data stays private and secured while stored on your end-users’ devices, while it moves over the wire and when it gets shared with third-parties. Make sure that the EFSS solution you use guarantees encryption throughout the life cycle of documents and across all end-user devices.
8. Multi-Dimensional Access Rights
IT administrators should have the ability to define multi-dimensional robust, granular access rights over corporate files. This means managing who can access what files, from where access is granted, how and for how long access is granted, and more. You need to have the complete picture of your end-users’ access rights. This means employing access rights controls such as geo-fencing to control physical regions where file access is granted, as well as IP-fencing to control file access across a range of IP addresses beyond your network. Defining access rights based on timing might be another necessity for your business. For instance, if you want a file sent to a client for review to expire after one view or seven days, you should have that control.
9. Deployment Flexibility
Most small and medium businesses like a public cloud offering, as it relives them from managing the infrastructure. But most of the BFSI customers are not comfortable with public cloud as they predominantly deploy on-premise to keep everything completely under their control. This scenario will persist, not only in BFSI but all highly regulated industries.
Hence depending on your need, ensure that you are not compromising on where your file sharing is deployed. Look for a solution provider that provides deployment flexibility.
10. Data Privacy Option (Data Sovereignty / Data Residency)
In regions with tight data sovereignty regulations, such as the European Union, data is not permitted in third-party clouds unless it’s encrypted, and the encryption keys aren’t allowed to leave the jurisdiction. Your EFSS solution should allow you to retain full control over the keys and manage them any way you want.
