By: Makoto Mizuyama
Member of the board of directors, FinalCode
The cyberthreat landscape is complex and constantly evolving, and we saw a constant stream of breaches in 2016 ranging from the embarrassing (exposure of email addresses on a fetish website) to the ominous (IoT-based distributed denial of service attacks) to the manipulative (Russian hacking during the presidential campaign). The year’s bad news was capped in December with the announcement that one billion Yahoo accounts have been compromised.
But regardless of the threat or the attacker, at the end of the day your data must be secured.
With the growth of cloud and mobile computing and the disappearance of the enterprise perimeter, your data is being exposed to a rapidly growing attack surface. The opportunities for data exfiltration by attackers or accidental exposure also are growing along with it. As data becomes more mobile, organizations must separate file security from their storage, transport and collaboration platforms to provide persistent security controls for all users, internal and external.
With this in mind, here are a few trends in data security to keep an eye on in the coming year.
• New E.U. Privacy schemes for U.S. companies
The new Privacy Shield replaces the old Safe Harbor to help U.S. companies comply with European privacy requirements for shared data. This will all be replaced in May 2018 by the E.U.’s General Data Protection Regulation (GDPR). The GDPR applies to any organization holding or processing personal data of E.U. residents, which means that any company doing business with or in Europe probably will be affected. And the penalties for violations of GDPR are serious, ranging from about $10.5 million (€10 million) or 2 percent of the company’s worldwide annual turnover to $20.9 million (€20 million) or 4 percent of turnover for more serious violations.
This gives organizations a strong incentive to prevent data leakage at any point within the enterprise or in the supply chain. They cannot depend solely on encrypting databases and network links.
• Misinformation and fake news
Propaganda and information warfare are not new, but their role in the 2016 presidential campaign demonstrated just how powerful a weapon information can be. Misinformation can be effective and easy to use, and we can expect it to be a common feature in public discourse in the coming year.
Information that is stolen, leaked or otherwise exposed can be manipulated and used for unintended purposes. Even accurate information can be misused to damage or embarrass the source organization or a third party. If it is not accompanied by the appropriate controls, information in the hands of an outsider can be edited or altered to create a false impression. Data today must be protected not only as a valuable asset, but as a potentially dangerous weapon.
• The insider threat
This threat also is not new. But as perimeters disappear and information becomes more mobile, the definition of an “insider” has become much broader, extending beyond your own employees. Contractors, suppliers and customers can all have legitimate reasons to access your data. All of them represent an insider threat, either from the potential for malicious activity or from simple human error.
All of these people—and increasingly, machines as well—are using your information. This makes it imperative that information be secured throughout its lifecycle, in use as well as in storage and transmission, and regardless of who is using it.
• Protecting your files
Data has value when it can be used, and collaboration helps businesses to succeed. Unfortunately, collaboration also introduces significant risks. Organizations must comply with government and industry requirements for security and privacy, and the more people who have access to data the greater the risk of exposure. Data must be protected wherever it is in use.
“Organizations need file protection products that offer appropriate levels of control for the internal users and the variety of external users requiring access to sensitive and/or regulated information,” said Andrew Kellett, principal analyst for infrastructure solutions at Ovum.
This protection requires controls that are persistent and follow the file while it is in the user’s hands (or device) without interfering with productivity. This is where many file security solutions come up short. Security tools for Email, applications, network file sharing and transfer, and device and cloud-based content management lack persistent controls for file access and usage. File-based digital rights management (F-DRM) solutions, such as FinalCode, address many of these limitations. This F-DRM solution employs strong encryption and also usage controls that include file traceability, with the ability to remotely delete files even after distribution. Management is centralized and it integrates with other tools such as content management from Box and data loss prevention (DLP) systems.
Events of the past year show that it probably is a matter of when, not if, your organization suffers a data breach or leakage. But you do not have to leave your sensitive information exposed to hackers, insiders or human error. Seamless persistent file security can give you complete control of your data, wherever it is or who has it.