So why bother with six locks on your door if you're going to leave your back door wide open? While this statement seems like common sense, it’s obviously not being followed when it comes to enterprise data security. IT teams assume that devices will take care of securing any content stored in them, when in fact emphasis should be placed on the software as well as the hardware. In the light of the numerous data security hacks in 2014, this is especially critical for all enterprises.
A 100% secured environment is not possible, so security needs to be built directly into software applications, both for mobile and web. All solutions need to be self-aware and self-protecting in our new era of ever growing data insecurities. This will alter the way that emerging companies create products, as they’ll no longer be able to push security down the list of priorities beneath user experience, it will have to be an integral part of apps moving forward.
One of the issues is that consumer-focused software is being introduced to enterprise networks via employees, and that kind of solution is more vulnerable to hacking. Take public cloud file sharing services, such as Dropbox, as an example. These solutions typically co-mingle data from different customers, which provides Dropbox with storage economies but reduces the control a customer has on where their data is stored and who has access to that information. Additionally, public cloud providers own the encryption keys to the data housed on their servers, rather than the customer, further increasing the risk of data exposure.
For most enterprise organisations these risks are too great and lead corporations and government agencies to select private cloud file sharing for the additional data protection they offer. With private cloud file sharing, enterprises retain control and ownership of their data. This means that the enterprise organisation is in control of who can access that data including any government agency that requests information or metadata.
Are hacks that lead to data leaks and breaches inevitable? Yes, I believe they are. Hackers are growing ever more sophisticated, and they’ll continue working to expose data to either improve their personal finances, or support their personal vendetta against corporations, governments, or both. However, that doesn’t mean that enterprises should give up the fight, and accept that their content is going to be exposed.
> See also: Transforming IT into a cloud service broker
Some initial best practices are to deploy the above mentioned private cloud based solutions, which include controls such as two-factor authentication, ownership of encryption keys, and provide audit logs to monitor data sharing and creation activities. Other solutions offer even greater control over data, such as DLP software, and end-point security solutions that operate across all devices.
Securing data is of paramount importance in 2015, as companies all scramble to ensure that their internal and customer information is secured against hackers. When companies begin to look at new solutions for their network, will they consider public cloud, or are the security risks too great?
By Claire Galbois, Director of Cloud Solutions, Accellion