The true cost of metadata

'The reality is that federal bodies across most countries are unknowingly gaining access to data from service providers'

 The true cost of metadata


It seems like every day, there’s a headline surrounding a new phishing scam, surveillance breach, data leakage, or other act of cyber warfare that reveals the extent to which online data can be exploited.

Whether it’s an act of government snooping or online business gathering personal information for ad campaigns, people are growing wary of federal agencies and associated technology companies collecting data.

This pervasive distrust can cause startling financial afflictions; Forrester Research recently predicted that the U.S. cloud computing industry alone stands to lose up to $180 billion by 2016 as a result of the National Security Agency (NSA) PRISM project being made public.

The reality is that federal bodies across most countries are unknowingly gaining access to data from service providers and therefore, unlimited insight into corporate data. 

>See also: How to avoid becoming a big data liability

A lack of transparency from the “powers that be” is forcing businesses to quickly rebuild their strategies around privacy and trust to protect their intellectual property and ensure that employees act responsibly in this same vein.

But this is increasingly difficult considering the amount of information that businesses develop, store and share on a daily basis, from a multitude of devices. Cisco predicts that there will be 25 billion devices connected to the Internet by 2015 and 50 billion by 2020, resulting in an unthinkable amount of data traveling between different systems and devices. This data boom is leaving business struggling to make sense of information, let alone protect it.

Part of the problem with this information overload is that it is simultaneously increasing the amount of metadata. While invisible to the naked eye, metadata – or hidden information within documents – can actually cause more damage if exposed than the visible data would.

Metadata exists in various documents in many shapes and forms, from track changes in a Microsoft Word document and geolocation data in a digital photo, to document properties, such as title and subject author, in PDF files.

Additionally, beyond this traditional understanding of metadata, analysts increasingly consider metadata integral in Big Data strategy, as it underpins all content that resides in the enterprise. 

While metadata is valuable for organisations to leverage internally, if shared externally, it can expose highly sensitive information to undeserving recipients and create gaping security holes, not to mention cause extreme reputational risk.

One recent incident involved a financial institution in the UK that mistakenly released the personal data of more than 2,000 residents, including names and details about their sexuality, histories of domestic abuse and health problems.

The accidental release occurred because the official that released the PowerPoint did not realise that the graph within linked back to an Excel sheet containing personal information.

With a laser sharp focus on privacy and trust, businesses are increasingly considering metadata a significant component of corporate intellectual property that must be protected in order to uphold customer loyalty and trust.

Companies in highly regulated industries like healthcare and finance are particularly keen to protect all content within documents, given that much of it is highly sensitive and confidential customer information.

Gartner even predicts that 80 per cent of highly regulated organisations will embark on aggressive awareness campaigns focused on metadata by 2013’s end.

Today’s increasingly complex threat landscape makes it even more difficult to protect metadata. Aside from publicised events, today’s new working habits are also increasing the likelihood of confidential data being exposed, whether the data is personal information or just comments that shouldn’t have been shared with a client.

Key to this is the rise in workforce mobilisation, which exacerbates enterprises’ vulnerabilities to metadata leakage.

Knowledge workers today require access to documents outside of the office and often use their own mobile devices and unsecure, free, file-sharing platforms to share corporate information.

In fact, a recent survey of more than 5,000 global corporations revealed that 72 per cent of knowledge workers are relying on unauthorised file sharing services, raising major concerns over the security of corporate documents.

To regain control over corporate documents, businesses in highly regulated industries are increasingly turning to enterprise-class file sharing and collaboration applications, which strike the balance between corporate data security and user agility.

These applications contain policy-driven protection to reduce the risk of employees inadvertently sharing hidden information in documents sent outside of the organisation.

The solutions can work across an organisation’s network as well as multiple mobile devices to ensure any confidential data remains private from all vantage points.

Businesses are forced to survive in a high-risk environment where there are innumerable channels through which corporate data can be leaked.

>See also: 5 ways to balance BYOD security and employee freedom

Take the online surveillance practices underway today, add in the vast amount of data that is produced and sprinkle in the various devices that workers use to communicate and you have yourself a recipe for a security disaster.

To combat this, organisations first must recognise that if the data they develop is indeed their most valuable asset then metadata is an opening door to this.

The solutions they implement to safeguard and control their data must treat them as equal and as they would ensure all visible information is checked and protected, so should the same practices be put in place for any invisible information – such as hidden metadata.

Businesses that look at the bigger picture will see that the technology landscape is always changing, but if they continuously adapt to uphold the tenets of privacy and trust, giving employees the tools to do their jobs, they will maintain the security and integrity of the business through it all.


Sourced from Anthony Foy, CEO of Workshare

Comments (0)