THIS MESSAGE WILL SELF-DESTRUCT: THE POWER OF COLLABORATION WITH AN EXPIRATION DATE White Paper
2 This Message Will Self-Destruct: The Power of Collaboration with an Expiration Date Introduction There is a lot of technology that is occasionally ineffective, but hardly anything rivals the impotence of the Recall Message feature in Microsoft Outlook. Not only is its effectiveness spotty when you send a message to a colleague in your own organization, it is completely useless when you mistakenly send a message to an external recipient that you would dearly love to take back. Users of email have long lived with the fact that once a message is sent, it cannot practically be unsent. After all, the inspiration for email was snail mail, in which a message or file sent to someone took physical form, and taking it back would involve going to their home or office and physically grabbing it. A similar situation applies to shared files. The vast majority of shared files, even sensitive ones, have no practical means to be taken back or revoked from someone who has received them. Even the United States National Security Agency (NSA) resorted to the notion of originator control, or OrCon in NSA-speak, to try and control the dissemination of sensitive files. The problem with OrCon was that it operated entirely according to the honor system. Those curious about its effectiveness need only look at the trove of documents leaked by Edward Snowden, most of which were fruitlessly stamped OrCon by those who wished to maintain control over how they were shared and dearly wished they could have taken them back from Snowden and the journalists with whom he shared them.
3 The Basic Power of Ephemerality The Value of Revocable File Sharing In the digital world, it does not have to be that way. For a highly publicized example, one need not look further than the astounding growth of Snapchat, which as of this writing had more than 50 million users, and to a lesser extent similar apps like Wickr and Silent Circle. Snapchat s users seized on the fact that messages, or snaps, were not designed to be permanently shared, like posts on a Facebook wall or status updates. Rather, they were in the moment social interactions, and were better off disappearing. The benefits of the ephemerality of these interactions were clear unless consciously saved (and the sender would be alerted if the recipient took a screen capture), the messages went away, having served their purpose and incapable of haunting the sender again. The same should be true of most filebased collaborations, although likely they should last longer than the brief lifespans of most of Snapchat s users snaps. The average enterprise user creates between 3-5 gigabytes of files, up to 80% of which are not accessed for multiple years after they are saved to storage or a local hard drive. Much of that information is attached to emails and sent externally; sensitive files sent externally using common mechanisms like email and file sharing tools like Dropbox essentially will not disappear unless the recipients delete them. It s worthwhile to consider what file collaboration would be like if files did expire after a short period by default, unless they were required to be retained for a regulatory or business reason. e-discovery costs and data volumes The costs of keeping everything are also quite high. Security risks abound, as sensitive data is much harder to protect and keep track of if it does not expire in the hands of outside collaborators and is hoarded by internal users. That information hoarding can also have staggering costs if the organization becomes involved in legal proceedings the costs of ediscovery rise in line with data volumes, and keeping so many files for longer than necessary results in unnecessary legal risks (see chart below). Typical file volume per employee 3-5 GB Average pages per GB 10,000-75,000 ediscovery attorney cost $70 per hour Average reviewer productivity 55 documents per hour ediscovery estimated cost $380K per 1,000 employees 1 1 Baseline Magazine, Information Hoarding Wastes Money, by Anne Kershaw.
4 The Key to Expiration: Data-Centric Security The ability to revoke access to shared files has been around in its modern form since being implemented by Microsoft and Adobe a little over a decade ago and known as information or digital rights management, but only with the rise of online file sharing has it become so critical. Data-centric security embeds persistent controls in your files, so as they are shared with internal and external parties and across multiple devices they are always protected and tracked, including post-download. When they need to be revoked, they can disappear just like a Snap. The technical comparison is not exact; while Snapchat as a mobile only app has quite a bit of control over its data and was rumored to simply change a file s extension to make it inaccessible, data-centric security for files must take into account the desktop, mobile and web interfaces. Controls typically include restriction of document copy/paste, print, and sharing, and can add advanced features like dynamic watermarking and screen capture prevention. However, the key feature in this context is that it allows remote wipe of data, regardless of where a file has ended up. This is technically implemented by keeping files persistently encrypted and requiring users to authenticate to decrypt the file in memory to work with it. If a file has been made available offline, the decryption key is typically cached for a configurable period of time, after which it expires and the file recipient must re-authenticate online to ensure their access has not been changed or revoked. If the file has been expired or revoked, it remains in its encrypted state and as inaccessible as an old Snapchat message.
5 Key Takeaways As more and more people move toward collaboration methods that incorporate revocation or expiration, the enterprise file sync and share (EFSS) space appears to be moving in that direction as well. In the most recent Gartner research on the topic, analyst Mario de Boer identified data-centric security as one of the eight fundamental elements to consider in evaluating an EFSS solution. As of this paper s publication, WatchDox by BlackBerry and IntraLinks were major EFSS platforms with revocation and rights management capabilities, and numerous other vendors had announced that they are building similar functionality. This capability is particularly critical to factor into an organization s evaluation of an EFSS solution. It impacts not only an organization s ability to protect its file, but also both the economics and risks associated with hoarding files unnecessarily, in the hands of both the file owners and their collaborators. In the final analysis, users choices speak volumes, and the movement of consumers to Snapchat clearly presages a similar move for enterprises to EFSS tools with real expiration built in. WatchDox by BlackBerry enables organizations to access, protect and control their critical documents wherever they go: on any tablet, smartphone or PC, even those beyond the IT department s control. With WatchDox technology, organizations can collaborate securely with partners, safely adopt bring-your-own-device (BYOD) initiatives, and destroy their documents remotely if a device goes missing. More than 100 of the Fortune 1000 including many of the world s leading financial institutions, manufacturers and government agencies depend on WatchDox secure file-sharing solutions. Learn more at www.blackberry.com/watchdox 2015 BlackBerry. Trademarks, including but not limited to BLACKBERRY, EMBLEM Design, WATCHDOX, WATCHDOX & Design and WATCHDOX & EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, the exclusive rights to which are expressly reserved. All other trademarks are the property of their respective owners.