SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK



Similar documents
THE TOP 6 TOOLS USERS NEED FOR MOBILE FILES AND HOW TO PROVIDE THEM SECURELY. White Paper

May 14 th, 2015 INTRODUCING WATCHDOX. And The ABC s Of Secure File Sharing. Jeff Holleran VP Corporate Strategy BlackBerry

THIS MESSAGE WILL SELF-DESTRUCT: THE POWER OF COLLABORATION WITH AN EXPIRATION DATE

The Challenge of Securing and Managing Data While Meeting Compliance

Secure Document Sharing & Online Workspaces for Financial Institutions

RAIDERS OF THE LOST FILE SHARES: DEFENDING ENTERPRISE DATA AGAINST DESTRUCTIVE MALWARE

Your Company Data, Their Personal Device What Could Go Wrong?

Where is your Corporate Data Going? 5 tips for selecting an enterprise-grade file sharing solution.

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Enterprise Collaboration: Avoiding the Productivity and Control Trade-Off

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Secure Data Sharing in the Enterprise

Calculating ROI on your Colligo Investment

KEEPING UNSTRUCTURED DATA SECURE IN AN UNSTRUCTURED WORLD

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

EMBRACING SECURE BYOD

Protecting ip Data From Loss and theft: The ShorTeST PaTh To PrevenTion and risk reduction

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Information Rights Management for Banking Seclore FileSecure Provides Intelligent Document & Data Protection that Extends Beyond Enterprise Borders

How To Protect Your Data From Theft

Don't Be The Next Data Loss Story

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Bring Your Own Device and Expense Management

Protecting Your Data On The Network, Cloud And Virtual Servers

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

CA Enterprise Mobility Management MSO

Enterprise Data Protection

10 Threats to Successful. Enterprise Endpoint Backup

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Key Considerations in Enterprise File Sharing Gurinder Dhillon, Sr. Director Product Management Ankur Shah, Sr. Product Manager

SharePoint Governance & Security: Where to Start

Cloud Backup and Recovery for Endpoint Devices

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

AB 1149 Compliance: Data Security Best Practices

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Teradata and Protegrity High-Value Protection for High-Value Data

EasiShare Whitepaper - Empowering Your Mobile Workforce

SOOKASA WHITEPAPER CASB SECURITY OVERVIEW.

#ITtrends #ITTRENDS SYMANTEC VISION

Top. Reasons Legal Firms Select kiteworks by Accellion

Protecting personally identifiable information: What data is at risk and what you can do about it

Securing Health Data in a BYOD World

Sample Data Security Policies

Always Worry About Cyber Security. Always. Track 4 Session 8

High-Risk User Monitoring

WHITE PAPER. Stay ahead (of data leak) with Data Classification and Data Loss Prevention

Mobile Data Leakage Prevention

Moving to the Cloud: What Every CIO Should Know

Cyber Exploits: Improving Defenses Against Penetration Attempts

How To Secure Your Mobile Devices

A BUYER S CHECKLIST ENDPOINT DATA PROTECTION:

Information Governance Challenges and Solutions

Executive s Guide to Cloud Access Security Brokers

Encryption Buyers Guide

Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations

Information Security Addressing Your Advanced Threats

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

How To Manage A Mobile Device Management (Mdm) Solution

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

BOYD- Empowering Users, Not Weakening Security

STRONGER AUTHENTICATION for CA SiteMinder

5 Things You Need to Know About ipad in the Enterprise

Information Governance, Risk, Compliance

OVERVIEW. Enterprise Security Solutions

how can I comprehensively control sensitive content within Microsoft SharePoint?

Data Leakage Prevention Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Forensics & Recovery LLC

Fasoo Data Security Framework

WHITE PAPER SPON. Making File Transfer Easier, Compliant and More Secure. Published February 2012 SPONSORED BY!!! An Osterman Research White Paper

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

IBM Data Security Services for endpoint data protection endpoint encryption solution

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest

10 Smart Ideas for. Keeping Data Safe. From Hackers

IBM MobileFirst Managed Mobility

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

Practical Enterprise Mobility

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Readiness Assessments: Vital to Secure Mobility

Privilege Gone Wild: The State of Privileged Account Management in 2015

A Guide to MAM and Planning for BYOD Security in the Enterprise

Secure Mobile Content Management for the Enterprise

EXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April An Osterman Research Executive Brief. sponsored by.

Best Practices: Developing Secure Enterprise Mobile Apps

Why Endpoint Backup Is More Critical Than Ever

28% Top 10 Endpoint Backup Mistakes And how to avoid them. of corporate data resides exclusively on laptops, smartphones, and tablets

Data-centric Security

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Google Identity Services for work

How four Citrix customers solved the enterprise mobility challenge

RightsWATCH. Data-centric Security.

HIGH-RISK USER MONITORING

Whitepaper. Simple and secure. Business requirements for Enterprise File Sync and Share solutions.

BYOD: Bring Your Own Policy. Bring Your Own Device (BYOD) is already making a significant impact on the way the private sector works.

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Transcription:

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK Whitepaper

2 Secure File Sharing and Collaboration: The Path to Increased Productivity and Reduced Risk Executive Summary Enterprise File Sharing and Sync (EFSS) products are making inroads into the enterprise in fact, Forrester analyst Ted Schadler recently called the space the hottest technology category since social networking. However, many EFSS implementations leave many issues unanswered, such as: How will intellectual property be protected if a user shares or syncs it? How will compliance be handled if regulated data ends up in the EFSS system? How will data be discoverable if files are synced to a cloud service and the company gets entangled in a lawsuit? Security is almost invariably top of mind (see chart below), and enterprises soon discover that many of the EFSS solutions fail to offer hoped-for security, and can even be a conduit to major security breaches.

3 What challenges if any has your organization experienced since deploying an online file sharing and collaboration solution? Percent of respondents, Sample = 139, multiple responses accepted. Security challenges Training users Internal processes/workflows Integrating existing applications User non-compliance Lack of admin control/auditing File size issues Slow performance Lack of senior management support Too expensive to justify No challenges 46% 40% 33% 32% 31% 30% 29% 24% 18% 15% 9% Source: Enterprise Strategy Group, 2013. Despite these challenges, EFSS implementations are expected to surge in the years ahead. Organizations are realizing that EFSS solutions have to protect data and prevent espionage by securing business plans, product roadmaps, financial documents and other confidential information that users may sync or share using these systems. As organizations are looking forward to deploying EFSS, they recognize that they must also put the right security and controls. Because of the nature of EFSS solutions, such security needs to extend to anywhere such information is shared inside and outside the organization, and to any type of device: PC and mobile, managed and unmanaged. This paper outlines the shortest path to implementing EFSS, while protecting the organization against data loss incidents. The first section presenting an expanded view of intellectual property (IP), factoring in that organizations now must be concerned with their IP when it is shared using EFSS with external users, like partners and suppliers. Next, recognizing that process, not technology, drives successful EFSS implementation, the paper lists six steps an organization can take to deploy EFSS with proper data security controls. Finally, the paper introduces the concept of documentcentric security, and demonstrates how a data-centric approach to EFSS technology can offers the robust data security enterprises require in their EFSS solutions, while delivering the experience users want.

4 What You Must Protect and Why Many companies protect their IP and other confidential information through a combination of access controls, encryption services and DLP tools. However, these protections are no longer effective as soon as a document is shared and goes outside the firewall to a mobile device or to an external party. IP can also include operational information, plans, forecasts and a huge variety of other files, which according to IDC, drive over 50% of the typical enterprise s business processes. In fact, any information that provides competitive advantage can be considered IP. The following realworld scenarios illustrate this fact: A film studio wanting to protect its scripts and marketing materials for an upcoming motion picture. A leading footwear manufacturer wanting to protect product designs sent over to Asia. A large private equity firm handling sensitive M&A transactions. A large oil company protecting intellectual property stored on various systems. The IP an organization needs to protect almost always extends to information shared with or by a partner or another third-party. There are potentially high costs to insufficiently protecting your IP, and once a breach occurs it is usually too late to stop or even mitigate the damage. Such external exposure can result in financial consequences like lost business and regulatory fines, devastated reputations, and other direct and indirect damages.

5 How Your IP Leaks Out While organizations have been focused around perimeter security and access controls, the following key vectors allowing sensitive data to leak require different tools: Device loss or theft A major leak vector is a mobile device (smartphone, tablet or laptop) being lost or stolen. In a BYOD world, and when mobile devices are used by third parties, it is difficult to solve this issue. Accidental sharing Much of the data leakage comes from insiders accidentally sharing the content via email, Dropbox or other cloud services. It s as easy as sending an attachment to the wrong person, and having no recourse. Insider threat Employees many times copy sensitive data into a USB drive, a Dropbox account and move to a competitor. These are examples of the malicious insider threat. 14% of attacks are attributed to insider threat, and over 70 percent of these attacks happen within 30 days of an individual announcing resignation from the organization. Third party threats A lot of sensitive data and IP is shared with business partners, contractors and customers. As a business relationship ends, such data can remain with that third party. Additionally, any employee of that third party poses a threat equivalent to an organization s own insider threat. External attack Advanced Persistent Threats (APTs) affect many enterprises, and very frequently target critical IP and other data. As data becomes distributed, perimeter protection is not a sufficient defense. How Organizations Lose Data Insider External Attack Etc. Source: Forrester Research Lost Device Accidental Sharing

6 Six Steps for deploying Secure EFSS An ideal approach to implementing EFSS is to start small and move methodically through all steps below to ensure the project achieves the desired results. Particularly sensitive files, such as board and executive communications or IP are good places to start before moving to larger data sets with more owners and business processes. The six steps below for deploying secure EFSS are based on the collective experience at BlackBerry of working with hundreds of enterprise customers: 1. Identify and calculate the value of your data The key to solving this problem is working with your executives and information owners. Identify sensitive data, and determine a simple formula to estimate the value of your data. One of the best examples comes from the research group Securosis. Data value, frequency and audience is quantified within a table and allotted a score. Examples of data types include board and executive communications, IP, personally identifiable information (PII), sales data and any other specific data you are required to protect. An overall score is then defined based on the type of data. Below is an example of this in practice: 2. Make your business case with ROI A properly implemented EFSS solution typically saves one hour a week per user in productivity that s one extra work week each year. More specific ROI can come from less printing and shipping costs. For example, board books, event brochures or training materials can amount to hundreds of thousands of dollars a year. When using a secure EFSS solution, you can make your security ROI case, per the table above. You can demonstrate additional ROI for your security sponsors. This means clearly quantifying the immense value that comes when you know where your data is, who is accessing it and how it s being used. It s important to analyze, communicate and share the financial and organizational impact of stolen and lost data.

7 3. Identify business owners and solve for a few low hanging fruit Start with a small-scale deployment. Identify initial groups that have highvalue data, and are also feeling a sense of urgency around solving their collaboration and security needs. For example, senior executives may want to access their files on ipads and corp dev or legal teams may need to collaborate with external parties by sharing many sensitive files. It s important to identify the stakeholders, including who is going to manage the system and support it. For example, board documents may be managed by the corporate secretary, product design IP may be managed by the R&D group, and finance audit projects can be delegated to the individual project managers. Clearly identify success criteria in security as well as productivity terms. High level executives using the solution can prove its value and give it a lot of visibility in the organization going forward. 4. Deploy to wider groups After proving success on a small scale, you will likely see more demand throughout the enterprise. A gradual rollout is recommended to address additional groups and use cases. This stage typically encompasses a few hundreds of users and can go on for several months. 5. Integrate with your repositories and workflows before deploying enterprise wide To achieve wide-scale adoption, it is helpful to make sure the EFSS system is tightly integrated into user workflows. For example, if a content management system such as SharePoint is in use, it s important to have your EFSS solution pull data directly from that system in a seamless manner. Additionally, custom apps such as partner portals, document workflows, should be integrated via APIs into the EFSS system to provide consistent security and productivity across all enterprise systems. Once this is done, the system is truly ready for enterprise-wide adoption. 6. Leverage the compliance benefits Once the secure EFSS solution is in place, your organization will have significant auditing capabilities. It will be easy to prove compliance in the event of a lost or stolen device, terminated employee, ediscovery requirements and more. You will gain full tracking of files residing on lost devices, or being sent exchanged by employees and third parties.

8 The WatchDox by BlackBerry Secure EFSS Solution WatchDox by BlackBerry is a secure file sharing and sync tool that was build from the ground up by a team of security experts. As such, WatchDox addresses the real risks to your IP and the vectors it leaks through as described above: It embeds persistent controls in your files, so as they are shared with internal and external parties and across multiple devices they are always protected and tracked. Controls include restriction of document copy/paste, print, forward, unique watermarks and more. It allows remote wipe of data, whether it is on a lost or stolen mobile device (regardless if that device is a managed device or a third party device), or wiping data when a business relationship changes. It provides a choice of cloud or onpremise deployment, to address strong regulatory and security requirements WatchDox does all that, while still providing a friendly Dropbox -like experience for the end users. At the end of the day, this is what matters most. Users will reject a solution if it isn t usable, and they will find less secure workarounds. WatchDox provides an optimal combination of security and ease of use. Summary Enterprise File Sharing and Sync (EFSS) technology can be a double-edged sword, and the risk of allowing vast amounts of data to be easily taken out of the enterprise can outweigh the productivity benefits. WatchDox provides an EFSS solution that allows you to take back control over your data as it is shared, combining the benefits of productivity and collaboration with the type of security you need to protect your IP anywhere it travels in the course of doing business. WatchDox by BlackBerry enables organizations to access, protect and control their critical documents wherever they go: on any tablet, smartphone or PC, even those beyond the IT department s control. With WatchDox technology, organizations can collaborate securely with partners, safely adopt bring-your-own-device (BYOD) initiatives, and destroy their documents remotely if a device goes missing. More than 100 of the Fortune 1000 including many of the world s leading financial institutions, manufacturers and government agencies depend on WatchDox secure file-sharing solutions. Learn more at www.blackberry.com/watchdox 2015 BlackBerry. Trademarks, including but not limited to BLACKBERRY, EMBLEM Design, WATCHDOX, WATCHDOX & Design and WATCHDOX & EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, the exclusive rights to which are expressly reserved. All other trademarks are the property of their respective owners.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information