Data in motion – how to protect it – 5 Key Considerations
Now, more than ever, it’s critical to protect your data at the file level.
Data is the most valuable asset you control. Losing intellectual property, a customer’s personally identifiable information (PII), financial information, and confidential memos can cause substantial damage. But it’s not just malicious attacks you must worry about—it’s crucial to prevent data from escaping during everyday operations.
The nature of work itself is changing rapidly. Employees are no longer tethered to a single computer or device – they are often using multiple devices to get their work done. That means that information is being created and shared in a variety ways, across a variety of locations. This is all hugely impactful for increasing productivity and improving collaboration but it makes protecting our sensitive data much more challenging.
The growth of cloud-based services means that companies are more and more likely to have sensitive data in a cloud environment, in addition to on devices or even on premise. Recent research shows:
- 8 out of 10 employees admit to using non approved Saas apps¹
- Data theft has more than doubled²
- 88% of organisation feel they are losing control of data³
- $158 is the average cost of each lost or stolen file containing sensitive info 4
- 1 in 5 mobile devices will be lost or stolen in their lifetime 5
A typical network today is only secure in that you have control over your data inside your network boundaries. Once it leaves your network, beyond the firewall, you lose the ability to protect or track it. In today’s environment this is not enough. And your perimeter is very much dissolving.
Protect your sensitive data at the file level
Every day, data is traveling between users, devices, apps, and services outside of your control. Now, more than ever, it’s important to protect your data in motion and at the file level. In our environment today you need to be able to classify and add security directly to your sensitive data so that it’s always protected and identifiable no matter where it travels.
Here are 5 key things to consider when creating a data protection framework for your organisation’s sensitive data
- Configure: create policies for data labelling, classification and protection. Typically on my customers’ sites, all data and documents created within the finance team will be automatically labelled as confidential, and only people in that team have the rights to access those documents but if the documents move beyond that team, say into HR, no one in HR can open, save or do anything with those documents. So protection is automated.
- Classify: ensure when files are created they can be automatically (or manually) classified so automated encryption and permissions occur. Remember your teams and users don’t always know the correct label, or level of confidentiality that should be attributed to certain information? So this type of automation is very powerful. But in general when it comes to security and compliance, it is vital to educate your people so they understand which information is sensitive and how it should be treated. But I’ll talk more about that in a moment.
- Label: make sure your metadata defining sensitivity of information stays with the file. So this means only identified and authorised people can open, print, save or copy the document. The caching of names in any email systems (when you’re prompted to send an email to Ciara Gallavan instead of Ciara Gallagher) make it so easy to send information to the wrong person, sometimes without us even knowing it. Let’s face it we’ve all done this once! This little gem of functionality completely mitigates this risk.
- Protect: set up encryption with permissions to ensure only authorised users can access the file, so even if a file containing sensitive data gets emailed to somebody in error, they are unable to open the file. A word of caution here, is NOT to label everything sensitive with encryption. If you do, you will indeed impact your people’s productivity and inhibit a sensible level of data sharing
- Monitor: track shared files everywhere they go. Not only is this great to see who has reviewed your work? But If a file does get sent to an unauthorised user in error then you get notified and you can recall the document immediately.
So you can see how technology can help protect your sensitive data in motion but a key factor is adopting a culture where your teams truly understand why you must be vigilant and what their roles is in the process. Most breaches are not made through malicious intent but by human error.
Technology is making great strides in helping you to create a secure framework for your organisation’s sensitive data, whereby you mitigate risk but your people and your processes will always be at the heart of the solution.
If you would like to learn more about implementing your own underlying data protection policies and framework. Watch our OnDemand webinar series.
- “McAfee Finds Eighty Percent of Employees Use Unapproved Apps at Work.” McAfee. December 4, 2013. http://newsroom.mcafee.com/press-release/mcafee-finds-eighty-percent-employees-use-unapproved-apps-work (accessed 1/26/17)
- “Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security® Survey 2016.” PwC. 2016. 24. http://www.pwc.com/sg/en/publications/global-state-of-information-security-survey.html
- “Creating trust in the digital world: EY’s Global Information Security Survey (GISS) 2015.” EY. 2015. 4. http://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2015/$FILE/ey-global-information-sec urity-survey-2015.pdf
- “Cost of a Data Breach Study: Global Analysis.” Ponemon Institute. June 2016.
- “Bring your own device: Security and risk considerations for your mobile device program.” EY. September, 2013. http://www.ey.com/Publication/vwLUAssets/EY_-_Bring_your_own_device:_mobile_security_and_risk/%24FILE/Bring_your_ own_device.pdf (accessed 1/26/17).