Apply today for a FREE subscription to CIO Magazine!
Tue, Jan 22, 2008 12:46 EST
Data Leakage: How to Avoid Security Risks When Sending Large Files
|
Posted by: Yorgen in Best Practices Topic: Infrastructure
Current Rating: |
With 2007 now behind us, the issue of data leakage continues to top headlines. Of course, we’ve all seen the stories summarizing and ranking the worst breaches of 2007. Now, in 2008, articles are still popping up everywhere with advice on how to avoid becoming the next victim. Web security, identify management, secure application coding and virus protection software are being added to a growing list of technology solutions designed to protect enterprises from this ever-changing and complex problem. Yet the fundamental process for securing the terabytes of data passing in and out of companies through large file transfer remains predominantly overlooked.
I find it troublesome that though the problem is ubiquitous, very few companies are doing anything about it. This means that the average corporation keeps risking the safety and security of its own as well as its customers’ digital assets.
The impact of data going digital is affecting nearly every industry including healthcare, legal, engineering, marketing and advertising. In response to increasing file sizes and to the effects of large file attachments on networks, many organizations are tightening email policies. However, these policies put in place to protect an organization often do more harm then good as they push employees to look for alternatives ways of sending large files; typically non-compliant and un-secure workarounds. Let’s face it, at the end of the day the number one priority for employees is to get the job done. Addressing the issue head-on with a secure solution that end users will actually embrace is critical.
To help companies avoid many of the issues related to the transfer of large data files, I feel compelled to draw upon my company’s experience in solving these types of issues and share the following tips to enterprise folks concerned about preventing data leakage at the file transfer source.
1. Pick a business level solution. There is a difference between corporate and consumer file transfer offerings. If you are an enterprise customer, look for an enterprise file transfer solution. There are distinct differences in the level of security needed for enterprise vs. consumer file transfer and the different offerings reflect12 this.
2. Avoid IT overload. Pick a solution that easily integrates into your existing IT environment and requires minimal IT administration. Knowing IT workload today, I would recommend an “install and forget it” application solution—one that has no file size limitations and doesn’t require constant account creation administration and support headaches such as decryption software at every recipient; (why FTP is not the answer!).
3. Make it easy. It is best if large file transfer is integrated directly into email applications or standard web interfaces, but without suffering from size limitations. If a solution is not easy to use, users will find alternative means ~ often with glaring security loopholes ~ for sending large files.
4. Be compliant. Pick a solution that allows for complete auditing and tracking of information entering or leaving the organization.
5. Secure your data. Accept no less than business-level security. Automatic encryption and authentication check points that validate recipients provide an added level of security to show that confidential information has not been shared and exposed.
I hope this helps. I appreciate your thoughts and comments.
Yorgen Edholm, President and CEO, Accellion (www.accellion.com)
email, large files, sending large files
Rating:
We use a product called DirectXchange for Outlook. It allows users to send large files directly point to point by compressing and splitting files into multiple attachments. You can encrypt the archive for security.
http://www.pergenex.com/
Rating:
Isn’t this entire posting about avoiding security risks? How do you propose to do that with DirectXchange… it doesn’t offer security features? Another issue is the non user-friendliness of file zipping and splitting. If you wish to send a 100MB CAD file via DirectXchange it will zip the file (60MB) then split up the file into 10 - 6 MB pieces, attaching each piece to an email message. On the recipient end, they will receive 10 email messages each with a 6 MB attachment. Nobody is going to thank you for that.
Rating:
As discussed above, data leakage is a concern on every Executive management’s minds these days and it sit relatively high on the list of what keeps them up at night. What keeps them up at night, is that as we see more and more organizations try to stay ahead of their competition and curve by moving to doing business digitally and in real time with more and more regulations and compliance laws. The results of this is that more and more employees are now sending emails or large file where 10 years ago we sent our communications via, snail mail, messenger or overnight. It is fact this is the way we do business today in the real world.
I think however the real question is how do we ensure employees aren’t circumventing the system and sending things out via third party (gMail, Hotmail, etc). We don't, unless the company locks down access to third party sites. However if you lock these sites down you will have to give the employees another means to still send their files and communications. This is a drivers for technologies like (secure) file transfer solutions. As file sizes continue to grow so does the need to have technology in place to support those larger file transactions. This is where products like Accellion come into play, as well as others out there in the market place (Globalscape, Biscom and others).
My opinion is that organizations are still faced with the potential threat of data leakage regardless of the technologies you implement to steer your employees away from third party technologies. As much as we want to trust our employees are following the corporate rules and protocols, this is real life and today. You can give your employees the tools to help transfer those files but the question is what content resides within those files being sent? So how do you know that corporate information of a sensitive nature isn't leaving your networks? The fact is that with a solution like Accellion you are giving your employees keys to the moving van with out the ability to really have insight to what the moving van is taking or in this case sending.
Accellion yes is good to send large file but at the same time these files could be as large as whole hard drives. Who's to say that a so called trusted employee isn’t sending out back up copies of their hard drives or other information? You don't.
The only way to ensure you are protected from both accidental and intentional data leakage is to have DLP technology build into your current offering or the ability to integrate third party DLP technologies into existing technologies, both of which Accellion doesn’t presently provide within their offerings.
So as we continue to evolve into the digital future large files or other digital communications are only going to continue to grow. The nature and content of these communications and the need to secure the content of those files in transit will also grow. This will mean more content moving in and out of a network which will result in organization needing to make sure what content intending to leave your network satisfies corporate policies.
To do this you will need to look at more closely at your file transfer solutions to ensure DLP solutions are integrated or can be integrated from a 3rd party. This way the organization can prevent data leakage before it occurs. By placing DLP technology ahead of the horse you can ensure your companies, name, reputation and corporate assets. Then you can give the employees the technology and freedom to send those large files and digital communications without any worries of keeping the executive up at night.
Data leakage will not end by giving your employees a tool to send large file but by having the technology in place to prevent this from happening in the first place.
Rating:
My company was experiencing heavy overloads with our email server due to large attachments, and we didn't want to set up an FTP server because of the many headaches that are involved with managing it.
We decided to go with a vendor called LeapFile because their solution solves our need for a large file transfer system that has the security and business/enterprise features mentioned in this article.
We evaluated several other companies/sites, but all of them are either to "consumer" focused or are hardware based, which I do not want to manage. I went with Leapfile because of these reasons, and also because they seem to have a successful track record of serving businesses. I highly recommend them.
Job Survival Tips: What to Do When You're Set Up for Failure, Before You're Fired
Posted by Meridith Levinson in Questions | 18 comments
Open Source, Can You Afford Not Considering?
Posted by bcrowell in Best Practices | 4 comments
Microsoft Cloud Computing Vision: Self-Serving and See-Through
Posted by Laurianne McLaughlin in News | 4 comments
Week 41: Tracking Your Job Search Efforts Critical to Your Success
Posted by Mark Cummuta in Best Practices | 8 comments
The Impact of Globalization on Executive Job Searches and Economic Prosperity
Posted by Mark Cummuta in Best Practices | 3 comments
Got something to say? We want to hear it! Click the Post button to get started. GO»
Job Survival Tips: What to Do When You're Set Up for Failure, Before You're Fired
ERP Lessons from Rich People Who Stink at Golf
Microsoft Cloud Computing Vision: Self-Serving and See-Through
SanDisk Intros 16GB microSDHC Memory Cards; Which BlackBerry Will Support Them?
Finding Out What's Wrong With the New Facebook (With a Little Help From My Friends)
P&G Flirts with Google Apps and Scares the Bejesus Out of Microsoft
RIM Touch Screen BlackBerry Storm 9530 "News" Roundup
Dr. BlackBerry: Two Free--and Easy--Ways to Diagnose RIM Smartphone Ailments
Help! We Need ERP and CRM Software, But We Can't Afford It Right Now!
The SnoozeFest That Was OpenWorld
advertisement
|
|
From Laggard to Leader: Transforming the Data Center
This webcast offers an understanding of how customers are transforming their data centers, the successes and challenges of each approach, and how IT can become the driver to provide real business value and competitive advantage.
Sponsored by HP
Register for this Webcast »
Ensuring Business Services Delivery
Join Forrester Research and Fluke Networks for this unique round-table webcast, moderated by Gary Beach, Publisher Emeritus of CIO, that will touch on:
- * How Application Performance can effect overall delivery of Business Services
- * Best practices for managing Application Performance in a converged and distributed environment
- * How to utilize forensics to optimize use of your internal resources
Sponsored by Fluke Networks
Watch this webcast. »
Learn how replacing multiple wireless clients with one Universal Wireless Client can cut support and help desk costs, increase end user satisfaction, improve security, and help implement Network Access Control.
Sponsored by Fiberlink
Read this White Paper »
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Sign-up for the Advice & Opinion Newsletter
