How to Secure Sensitive Files and Documents
Much of an organization's most sensitive information resides in unstructured files and documents that are commonly subject to data loss and leakage--especially in today's mobile, Web-based world. IT pros must develop an approach to securing these documents that gives the business the control it needs without stymying employees' productivity.
Fri, August 03, 2012
CIO — Are you doing enough to secure your organization's sensitive information? If all your security measures are focused on the volume level rather than the file or document level, chances are the answer is 'no.'
While the security risks associated with sensitive files and documents have been around for as long as sensitive files and documents have existed, a confluence of today's corporate environmentbusinesses are increasingly relying on mobile workers and collaboration between geographically dispersed workers and business partnersand technologies like mobile devices and browser-based file-sharing applications have increased the scope of the risk.
"A lot of the issues have been around for a while, but the playing field has changed," says Larry Ponemon, chairman and founder of research think tank Ponemon Institute, which last week released its 2012 Confidential Documents at Risk Study, a survey of 622 IT and security practitioners with an average of more than 11 years of experience. "Everyone wants to connect and they want to do it anywhere and immediately."
Common Practices That Put Information at Risk
Common business practices, frequently leveraged by employees seeking to be more productive, are often responsible for putting information at risk. Five scenarios are among the most common, according to the Ponemon Institute's study. The scenarios are as follows:
- Employees attach and send confidential documents in clear text from the workplace using Web-based personal email accounts. The Ponemon Institute's survey found that 68 percent of respondents believe this happens frequently or very frequently, and 71 percent say it results in the loss or theft of confidential documents.
- Employees download, temporarily store and transfer confidential documents in clear text from a workplace desktop to a generic USB drive. Sixty-five percent of respondents say this happens frequently or very frequently, and 68 percent say it results in the loss or theft of confidential documents.
- After registering with Dropbox, employees move several large files containing confidential business information to the application without permission of the employer. The survey found 60 percent of IT and security practitioners say this happens frequently or very frequently, and 57 percent believe it can result in the leakage of confidential information.
- Employees download confidential documents to a public drive, thus allowing other employees to view and use this information from various mobile devices. Sixty-two percent of respondents say this occurs frequently or very frequently, and 56 percent say it can result in the loss or theft of confidential documents.
- Employees download confidential documents to a public drive to collaborate with business partners and view and use the information on tablets. Fifty-five percent of the respondents say this happens frequently or very frequently and 51 percent say it results in leakage of these documents.