[credit provider=”www.flickr.com” url=”http://www.flickr.com/photos/jonmcgovern/2673202881/”]
Every company has information assets that are crucial for growth and success, and this intellectual property (IP) exists in a wide variety of files (emails, product release documents, design specifications, contracts, customer records, product roadmaps for next generation solutions, company financials/spreadsheets, pricing strategies, research documents, images and so on).Companies must collaborate and share this sensitive information with global employees and external stakeholders like clients, partners and vendors, who consist of many authorised end-users.
Business is increasingly being conducted in ‘the cloud’ and Web 2.0-enabled, device-agnostic environments. Therefore, files need to be shared externally and across users in order to maintain business flow.
Obviously, file sharing is essential for conducting day-to-day business; however, this key function has great potential to expose sensitive information about a company’s research investments, financial data and competitive strategy.
If this information gets into the wrong hands, it puts a company’s competitive edge, and sometimes its credibility, at risk.
The top threats to this type of leak continue to involve either an authorised user of sensitive information who becomes malicious or an employee or partner who simply becomes careless with no malicious intent. A company’s risk increases, especially when its files do not have a way of being retracted, remotely tracked or ‘killed.’
In the event a company is developing a hot next generation mobile device (think, Apple’s iPad) or is working on a key technological or scientific breakthrough (like IBM’s Watson, for example), there’s a good chance that competitors would like to “sneak a peek” through breaches or leaked documents.
And, in an IP breach or leak, a company’s sensitive information will forever remain at risk because files can be copied repeatedly and/or stored anywhere in the Internet. A recent study by the Ponemon Institute reports that negligence is the leading cause of data breaches (41 per cent of the data breach incidents studied). Further, it found that organisations are already losing $7.2 million per breach—that cost can greatly impact a business that loses its “secret sauce” through a leak.
No matter how much traditional IT or network security a company has in place, it is impossible to stop collaboration (information sharing with authorised or unauthorised users) and therefore to protect against an unknown loss of sensitive information. Traditional information security solutions are unable to handle the shift from silo-based IT security to the cloud.
Now, companies need to incorporate security policies and mechanisms that define and automate how sensitive information should be handled at the file level. Companies need to invest in solutions that make file protection simple, automatic, transparent and usable for everyone (authors, users and company IT). This helps companies proactively protect sensitive information and keeps it private against the growing number of breach and leak threats.
So, how should this file protection work? By embedding security mechanisms directly in the file itself, without requiring client software or changing how users work. Key security mechanisms should include the ability to automate the following:
- Actively and passively track and trace the location of files for the life of the files anywhere on the Internet
- Track file usage for every partner, employee, and track the official chain of custody
- Automatically enforce usage and protection policies for sensitive business files
- Embed the identity of a user invisibly into a file
- Destroy or retract files remotely
Knowing where and how sensitive information is used becomes critical to protecting against security breaches. Information governance is the first step in classifying the types of information that pose risks to businesses. The next step is to track that information in the form of the business files we use and share everyday wherever they travel and without requiring authorised users to do anything extra for the files to be tracked.
Business is moving outside of the traditional four walls of the enterprise. In order to effectively protect IP, organisations need to adapt secure measures to extend outside of the server room. If not, your company’s next great idea could end up belonging to a competitor.