1 WHITE PAPER OCTOBER 2014 Big Data and Collaboration: Security Solutions from On-Premises to Cloud and Mobile Tyson Whitten Security Solutions from CA Technologies
2 2 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Table of Contents Section 1: Challenge 4 The Big Data security implications of collaboration Section 2: Opportunity 8 Protect and control Big Data on-premises and in the cloud Section 3: Benefits 11 Promoting on-premises, cloud and mobile collaboration Section 4: Conclusions 12 Section 5: About the Author 12
3 3 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Executive Summary Challenge There s a direct correlation between the growth in cloud delivery models, mobile users and interconnected applications and the growth of data. As these technologies continue to grow so does data volume, data velocity and data variety offering unique insights to businesses. But while this growth in Big Data can offer businesses valuable information it can also expose them to significant risk. As Big Data is stored, processed and analyzed it is also shared and collaborated on amongst employees, partners and customers. Collaboration takes shape in many forms. Traditional modes of communication such as , collaboration software such as SharePoint and mobile collaboration cloud services such as Dropbox all deliver convenient and effective ways to share information to drive business forward and improve productivity in the workplace today. But they also pose risks to the sensitive elements of Big Data that must be protected. Opportunity As organizations expand how they share and collaborate on sensitive information from on-premises to mobile platforms and cloud delivery models, the business is increasingly exposed to new risks. Security has an opportunity to be an advocate for the business and enable collaboration in high risk environments by doing it in a secure manner and across a broad set of use cases. By taking both a data and identity-centric approach to controlling information in collaboration environments, whether it be on-premises, when using mobile devices or cloud delivery models, organizations can be more precise in how they control information balancing business enablement with information protection. Benefits The ability to precisely protect sensitive information within on-premises, mobile and cloud environments will allow businesses to realize multiple data sharing benefits. Organizations will be able to take advantage of new mobile and cloud data sharing models, thereby improving overall productivity of daily business, mitigating the new risks of sharing information outside the traditional network perimeter and improving regulatory and corporate compliance while handling sensitive information within these new mobile and file sharing delivery models.
4 4 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Section 1: Challenge The Big Data security implications of collaboration The Consumerization of IT, the interconnectivity of devices and applications, the anywhere/anytime access of mobile users and the adoption of cloud business services are all major contributing factors to Big Data. Data volume is no longer about terabytes. It s about petabytes. Centralized structured data has been replaced with a variety of decentralized unstructured data throughout the organization. And what was once the standard to process data in batches has given way to a high velocity of persistent data streaming. Organizations are being overcome by data, but not just any data, valuable data Big Data that will enable better and more informed business decisions. So while volume, variety and velocity contribute to Big Data, it s the valuable business outcomes that organizations are beginning to derive and as a result need to protect and control. Valuable Big Data is communicated, shared and collaborated on in the same way that data has always been. , files, social media, enterprise content management systems and software such as Microsoft SharePoint all present convenient and effective examples of ways to collaborate in the workplace today when sharing data and files with employees, partners and customers. But they also pose risks to sensitive information that must be protected. But what once was security s focus to protect the crown jewels within the perimeter is no longer the case. The advent of mobile collaboration and file sync and sharing within cloud delivery models has exposed businesses to a new and persistent threat. The ability to store and synchronize valuable content, extend file sharing, and enable collaboration in and outside the enterprise with mobile-friendly technologies with customers, employees and partners has exposed sensitive data outside the traditional control of the enterprise. Figure 1. Big Data The Velocity, Volume, Variety and Value of Big Data
5 5 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Risks of on-premises Big Data collaboration Risks of Big Data file collaboration As Big Data is collected from various sources, business intelligence tools sift through mounds of data and valuable insights come to the surface, metadata is collected and stored for future use. Quite often this information is accessed by strategic roles within the organization to collaborate on and make business decisions. Software such as SharePoint and Windows Server, although common platforms to improve productivity within organizations, does not change or defer to other technologies when the likes of Big Data needs to be shared, worked on and used for decision making purposes. Its ability to store documents and images while acting as a centralized location to collaborate and improve business processes is still relevant. Marketing still needs to share demographic information to shape go-to-market strategies and operations teams still need ways to communicate service level metrics across the enterprise. But it is the same core functions that make these tools valuable that can also result in the exposure and compromise of sensitive content. Once the Big Data value elements are identified, users can manually post the data or access and edit existing data changing its form, level of sensitivity or even value. This typical data usage process can expose organizations to sensitive information compromise with little to no controls to protect the organization. Posting and storage of information Users often leverage SharePoint as a repository for storing sensitive documentation and content. But quite often a lack of defined processes or data architecture design enables the posting of sensitive content to the wrong locations or containers. The result is sensitive information being stored within unsuitable locations with little organizational or administrative knowledge. Content collaboration Collaboration within SharePoint has remained its most popular usage but is also a significant factor in SharePoint information sprawl. Add in Big Data and you have a significant risk on your hands. Even though SharePoint usage improves communication and business process efficiency it also increases the risk of exposing sensitive corporate information. While the original posting of content could at first be non-impactful to the business, the evolutionary process of content access, collaboration and sharing often results in the appending or net new creation of sensitive information. Access management policies that were originally intended to allow access to non-sensitive information often become outdated and ineffective due to the new forms content takes as collaborative usage occurs. Content distribution Once document collaboration is complete the final copy is often ready for distribution over a variety of communication modes. This often results in sensitive content being copied to storage devices, sent over , uploaded to social networking sites, transported over mobile devices or even migrated to the cloud. This replication of content significantly increases the exposure level to the business.
6 6 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Risks of Big Data collaboration This brings us to . remains the most used mode of communication in the workplace. High volume communication puts organizations at significant risk of either accidentally or intentionally distributing sensitive information inside or outside the company. Insider threats that expose the organization to brand and financial impact via are often broken into three groups: accidental, negligent or malicious threats. Accidental communication threats. The multi-tasking of executives and employees can often result in unintentional information distribution. Fat-fingering keys, entering the wrong address or replying to all are common forms of accidental communication. The result is Big Data getting into the wrong hands directly impacting brand image or shareholder value. Negligent communication threats. Employees often don t realize the full extent of their actions with shades of gray often blurring their ability to make the right decision. It may occur over a gradual period of time or even be given a pass if the outcome is good. Ineffective data handling training and lack of visibility into real-time communication flow can lead to the inappropriate distribution of Big Data. Not understanding the impact of sending colleagues protected executive conversations or the passive forwarding of sensitive information can have a direct impact on the long-term profitability of the business. Malicious communication threats. Even with the best hiring practices and training there will always be employees that will attempt to benefit at the expense of the company. Unethical behavior can be blatant but also can stem from gradual indiscretions. Forwarding competitive information to gain advantage in a new job or sending pre-released financial results to unauthorized internal employees that then forward to media outlets for negative exposure can have a direct financial impact on the business. Figure 2. On-premises Collaboration of sensitive data in file servers, collaboration software and
7 7 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Risks of mobile collaboration The same mobile and cloud technologies that have driven Big Data growth have also increased the risk of data compromise. Mobility and the interconnectivity of applications including mobile collaboration and file sharing has exposed organizations to significantly more risk. Employees are increasingly accessing, collaborating on and sharing information on the mobile platform and in the cloud. Prior to native mobile apps, was the first form of non-voice communication to take hold of the enterprise on the mobile platform. Mobile significantly improved user communication. Sales teams communicating on the road or operations teams communicating off hours were the first to drive this usage model. And relatively recently demand for online file storage and real-time file access has created a market for mobile collaboration and file sync. For groups looking to quickly collaborate on files across organizational borders, like board members collaborating on an acquisition strategy, file sync and sharing technologies offered a viable yet insecure avenue to share content. File sync and sharing vendors such as Dropbox, Box, SkyDrive and O365 have created delivery models that allow users to access files anytime/anywhere. Files are persistently synced to the cloud and then synced directly to their mobile device that provides the access required to move a business forward. But convenience in collaboration doesn t come without risk. What once was the goal of the enterprise, to contain information within the firewall, is no longer achievable. and file collaboration have reached a new level of risk that only the cloud and the mobile device could have enabled. The consumer is driving innovation and the enterprise is in a state of security catch-up. If the enterprise does not offer a secure mobile collaboration option for its employees, the employees will find their own solution even if it is not secure. The organization must take on the responsibility of delivering a mobile and cloud collaboration solution while protecting information that s sensitive to the business. Figure 3. Cloud and Mobile Collaboration of sensitive data moving to mobile devices and the cloud The release of the Apple ipad and other tablets has unleashed a torrent of interest in file synchronization solutions: keeping files synchronized across a variety of devices desktops, netbooks, tablets and smartphones. Source: Gartner, Inc., Mobile File Synchronization Evaluation Criteria, Guy Creese, May 1, 2012
8 8 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Section 2: Opportunity Protect and control Big Data on-premises and in the cloud Consumerization of IT has taken hold but not without risk. Security has an option. They can take the approach of resistance and shutdown access to third-party services and require employees to use only company issued devices when in the workplace a risky proposition that, while secure, could impact business processes and productivity. Or security can move to the acceptance side of the table and concede that business will gain from leveraging hybrid on-premises and cloud delivery models to share and collaborate on Big Data and find a way to balance collaboration with protecting sensitive data. The following steps outline the latter, how organizations can enable business and protect sensitive information within various collaboration environments. Steps to protecting sensitive data in collaboration environments Step 1 Turn Big Data into Small Data. Big Data is comprised of the three V s: volume, velocity and variety. This interconnectedness of applications and persistent streaming of large volumes of unstructured data results in a lack of data understanding. Organizations are challenged with understanding if the data they re collecting contains value and will drive better business outcomes. Is the business you re in and the information you re collecting potentially valuable and drive business forward? Does it possess unique insights into customer demographics and buying habits that will be a trigger point to adjust strategy and business direction to capitalize on new opportunities? Will the loss of this potentially valuable information put your business at risk if found in the wrong hands? Organizations need better visibility into what data is important and will put them at risk. They need to turn Big Data into Small Data. Your traditional classification engines will not be sufficient and could take years to produce actionable results. Take the following into account when classifying Big Data. Volume. Classification engines now need to keep up with petabytes of storage. Evaluate technologies based on their ability to constantly mine large volumes of information efficiently and in a prioritized fashion. Also take into account the flexibility of settings. Most classification engines will not be able to classify large volumes of data without some level of triage based on business goals and environmental factors. Velocity. Classification engines need to keep up with information coming into the organization at an increasingly fast clip. Evaluate technologies based on their architectural capabilities to classify centrally as well as in a distributed manner. High velocity sources will vary based on the business. Confirm that the classification engine can support a range of technologies and software across the enterprise in order to keep up with high velocity transactions. Variety. Classification engines need to collect a wide range of data formats. Evaluate technologies based on their ability to classify information from all devices and systems that contribute to Big Data including mobile phones, social media, web sites, operating system logs, databases, file servers, etc. Value. Classification engines should be flexible enough to fingerprint data you know is valuable and data you expect to generate or identify to be valuable. Evaluate technologies that can fingerprint as well as classify high value data across systems that store and collect raw information. Include databases and file servers as well as systems that mine highly valuable information including Hadoop, Tibco, Splunk, Teradata or Informatica.
9 9 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE By having a system that can keep up with volume, velocity, variety and value, organizations will be able to make faster, more accurate and business relevant decisions in the long-run. Step 2 Determine the context of information being accessed and handled. Are marketing professionals accessing Big Data to make more informed product decisions? Are supply chain partners accessing information with their composite apps? Are internal employees accessing this data for projects through collaboration software? Is information being sent internally or externally via ? Are applications automatically distributing content to new mobile collaboration and file sync technologies in a persistent manner such as Dropbox? By understanding which employees, customers and partners are involved and the modes of communication that are being used you ll be able to understand the context of information flow and in turn be able to make more precise control decisions. Step 3 Deploy controls that securely enable on-premises and collaboration. Once you understand the context you can then determine how and where to deploy data controls. If Big Data is being shared through collaboration and file sharing software such as SharePoint or Windows Server ensure you can control information throughout its lifecycle: when posted, stored, accessed and distributed. And if information is then being communicated through ensure you have the capability to centrally classify information locally on the message server such as Microsoft Exchange or Lotus Domino. Use identity and content to control how the is handled. Step 4 Deploy controls that securely enable cloud and mobile collaboration. Then once you ve identified the context of how information is being shared through the cloud or the mobile platform you ll need to control these areas of high risk. If sensitive content is being sent over to mobile devices make sure you can classify sensitive content and then encrypt the data so only the recipient on the mobile device can open and read the message. In addition, if employees are using mobile collaboration and file sync technologies like Dropbox and O365 you should only allow non-sensitive and non-regulated information to reach these applications.
10 10 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Figure 4. On-premises, Cloud and Mobile Solution Controlling sensitive content onpremises, on the mobile platform and the cloud How CA Technologies can help Effectively controlling sensitive information in collaborative environments requires support from on-premises to cloud and mobile. CA Technologies has solutions that can be delivered to control information for each of these use cases. On-premises: SharePoint and Windows information lifecycle control Given the dynamic nature of content security considerations must be made to protect information at every stage of its lifecycle. CA Data Protection provides flexible capabilities designed to classify and control documents when they are posted, stored, accessed and distributed within SharePoint and Windows environments. This data-centric approach to controlling information enables only the right users to access and handle the right content based on their role and privilege. Mobile: Secure mobile messaging CA Technologies delivers mobile messaging protection helping improve employee productivity while enabling customers to securely engage with the business. Whether it is sales orders, policy holder information or just general inquiries that require the communication of sensitive information over , CA Data Protection will automatically classify content and then enforce control based on policy. While blocking, warning, or monitoring potential incidents is critical to data protection, the ability to automatically encrypt content allows normal mobile device usage and employee interaction with customers over to continue without otherwise compromising security. The combination of policy, classification and encryption for mobile devices delivers organizations end-to-end data-centric security that enables customers to conveniently engage the business while maintaining their native mobile user experience at a lower overall total cost of ownership.
11 11 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Cloud: Secure file sync and mobile collaboration CA Technologies also delivers security solutions that enable the usage of mobile collaboration and file sync solutions for technologies such as Dropbox, Skydrive and O365. As key organizational constituents are using these technologies on an everyday basis it s in the organization s best interest to offer a solution that still allows usage but in a secure manner. CA Data Protection offers a solution that classifies and controls content communicated through these services enabling business processes to continue but in a secure manner that can reduce risk and improve compliance. Section 3: Benefits Promoting on-premises, cloud and mobile collaboration The ability to precisely protect valuable and sensitive data during collaboration when on-premises, in the cloud or over the mobile platform will offer many important benefits to your organization. Decrease risk. As Big Data grows more and more sensitive information that s valuable to the business can be exposed to external and internal threats. Collaboration, although not malicious, is a threat that needs to be mitigated. The ability to control sensitive information within on-premises software such as SharePoint and Windows Server, internal and external messaging and mobile collaboration through file sync and sharing services can significantly reduce the risk of data compromise and brand impact. Improve compliance. As more information is collected there is a high likelihood that data covered by external regulations and internal corporate policies will increase the risk of non-compliance. Customer and employee information are critical aspects of Big Data that need to be managed properly in order to avoid financial penalties. CA Technologies has the ability to identify that needle in the haystack to help determine if regulated data is being collected. It s then able to apply controls to mitigate the inappropriate storage, access and handling of information in order to improve internal and external regulatory compliance. Enable collaboration productivity. Organizations often get caught in the business of saying no to users and IT projects in order to reduce risk and improve compliance. But this has an inverse relationship with driving the business forward. With CA Technologies it s not about saying no anymore but more about what you know. Through the ability to understand context of information sharing, collaboration becomes much more precise and in-turn a secure business enabler.
12 12 WHITE PAPER: THE SECURITY CHALLENGES OF COLLABORATION: SOLUTIONS FROM ON-PREMISES TO MOBILE Section 4: Conclusions Although Big Data offers many opportunities to identify valuable insights and drive business forward it also has resulted in significantly exposing the business to risk. Valuable Big Data insights that are derived from large volumes of unstructured data are collaborated on amongst employees, customers and partners on a daily basis. In order to reduce the risk of data compromise and non-compliance organizations need to control how sensitive data is collaborated on whether it is on-premises, in the cloud or on the mobile platform. But the trick is doing this in a way that balances information control with business enablement. Security needs to become a business service enabler. Instead of being the security of no they must become the security of know. CA Technologies offers content-aware solutions that allow businesses to realize the productivity gains technologies such as SharePoint, and Dropbox offer while reducing the risk of information compromise and policy non-compliance. Section 5: About the Author Tyson Whitten is a CISSP with 10+ years of information security experience managing application, network and risk based products and services. In his current role he has solution marketing responsibility for mobility and data protection solutions within CA Technologies Security Customer Solutions Unit. Prior to CA Technologies, Tyson held positions at Genuity, Guardent, VeriSign and SecureWorks. He has a BS in Information Systems and a MBA in Product and General Management from Boston College. Connect with CA Technologies at CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at. Copyright 2014 CA. All rights reserved. Microsoft, Windows, SharePoint, Office 365 and Windows Server are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Lotus and Domino are trademarks of International Business Machines Corporation in the United States, other countries, or both. ll trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product referenced herein serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, Laws )) referenced herein or any contract obligations with any third parties. You should consult with competent legal counsel regarding any such Laws or contract obligations. CS _1014