Data Leakage: How to Avoid Security Risks When Sending Large Files

With 2007 now behind us, the issue of data leakage continues to top headlines. Of course, we’ve all seen the stories summarizing and ranking the worst breaches of 2007. Now, in 2008, articles are still popping up everywhere with advice on how to avoid becoming the next victim. Web security, identify management, secure application coding and virus protection software are being added to a growing list of technology solutions designed to protect enterprises from this ever-changing and complex problem. Yet the fundamental process for securing the terabytes of data passing in and out of companies through large file transfer remains predominantly overlooked.
I find it troublesome that though the problem is ubiquitous, very few companies are doing anything about it. This means that the average corporation keeps risking the safety and security of its own as well as its customers’ digital assets.

The impact of data going digital is affecting nearly every industry including healthcare, legal, engineering, marketing and advertising. In response to increasing file sizes and to the effects of large file attachments on networks, many organizations are tightening email policies. However, these policies put in place to protect an organization often do more harm then good as they push employees to look for alternatives ways of sending large files; typically non-compliant and un-secure workarounds. Let’s face it, at the end of the day the number one priority for employees is to get the job done. Addressing the issue head-on with a secure solution that end users will actually embrace is critical.

To help companies avoid many of the issues related to the transfer of large data files, I feel compelled to draw upon my company’s experience in solving these types of issues and share the following tips to enterprise folks concerned about preventing data leakage at the file transfer source.
1. Pick a business level solution. There is a difference between corporate and consumer file transfer offerings. If you are an enterprise customer, look for an enterprise file transfer solution. There are distinct differences in the level of security needed for enterprise vs. consumer file transfer and the different offerings reflect12 this.
2. Avoid IT overload. Pick a solution that easily integrates into your existing IT environment and requires minimal IT administration. Knowing IT workload today, I would recommend an “install and forget it” application solution—one that has no file size limitations and doesn’t require constant account creation administration and support headaches such as decryption software at every recipient; (why FTP is not the answer!).
3. Make it easy. It is best if large file transfer is integrated directly into email applications or standard web interfaces, but without suffering from size limitations. If a solution is not easy to use, users will find alternative means ~ often with glaring security loopholes ~ for sending large files.
4. Be compliant. Pick a solution that allows for complete auditing and tracking of information entering or leaving the organization.
5. Secure your data. Accept no less than business-level security. Automatic encryption and authentication check points that validate recipients provide an added level of security to show that confidential information has not been shared and exposed.
I hope this helps. I appreciate your thoughts and comments.
Yorgen Edholm, President and CEO, Accellion (www.accellion.com)

You do not have flash or javascript support.

Average (1 vote)

Sign-up for the Blogs & Discussion Newsletter

Tue, Jan 22, 2008 15:20 EST

Recommended product

Posted by: Anonymous
Rating:

We use a product called DirectXchange for Outlook. It allows users to send large files directly point to point by compressing and splitting files into multiple attachments. You can encrypt the archive for security.

http://www.pergenex.com/

Reply to this comment | Post new comment | Report as spam

Tue, Jan 22, 2008 16:43 EST

Shirley you can't be serious

Isn’t this entire posting about avoiding security risks? How do you propose to do that with DirectXchange… it doesn’t offer security features? Another issue is the non user-friendliness of file zipping and splitting. If you wish to send a 100MB CAD file via DirectXchange it will zip the file (60MB) then split up the file into 10 - 6 MB pieces, attaching each piece to an email message. On the recipient end, they will receive 10 email messages each with a 6 MB attachment. Nobody is going to thank you for that.

Tue, Jan 29, 2008 18:11 EST

Data Leakage in many forms

As discussed above, data leakage is a concern on every Executive management’s minds these days and it sit relatively high on the list of what keeps them up at night. What keeps them up at night, is that as we see more and more organizations try to stay ahead of their competition and curve by moving to doing business digitally and in real time with more and more regulations and compliance laws. The results of this is that more and more employees are now sending emails or large file where 10 years ago we sent our communications via, snail mail, messenger or overnight. It is fact this is the way we do business today in the real world.

I think however the real question is how do we ensure employees aren’t circumventing the system and sending things out via third party (gMail, Hotmail, etc). We don't, unless the company locks down access to third party sites. However if you lock these sites down you will have to give the employees another means to still send their files and communications. This is a drivers for technologies like (secure) file transfer solutions. As file sizes continue to grow so does the need to have technology in place to support those larger file transactions. This is where products like Accellion come into play, as well as others out there in the market place (Globalscape, Biscom and others).

My opinion is that organizations are still faced with the potential threat of data leakage regardless of the technologies you implement to steer your employees away from third party technologies. As much as we want to trust our employees are following the corporate rules and protocols, this is real life and today. You can give your employees the tools to help transfer those files but the question is what content resides within those files being sent? So how do you know that corporate information of a sensitive nature isn't leaving your networks? The fact is that with a solution like Accellion you are giving your employees keys to the moving van with out the ability to really have insight to what the moving van is taking or in this case sending.

Accellion yes is good to send large file but at the same time these files could be as large as whole hard drives. Who's to say that a so called trusted employee isn’t sending out back up copies of their hard drives or other information? You don't.
The only way to ensure you are protected from both accidental and intentional data leakage is to have DLP technology build into your current offering or the ability to integrate third party DLP technologies into existing technologies, both of which Accellion doesn’t presently provide within their offerings.

So as we continue to evolve into the digital future large files or other digital communications are only going to continue to grow. The nature and content of these communications and the need to secure the content of those files in transit will also grow. This will mean more content moving in and out of a network which will result in organization needing to make sure what content intending to leave your network satisfies corporate policies.

To do this you will need to look at more closely at your file transfer solutions to ensure DLP solutions are integrated or can be integrated from a 3rd party. This way the organization can prevent data leakage before it occurs. By placing DLP technology ahead of the horse you can ensure your companies, name, reputation and corporate assets. Then you can give the employees the technology and freedom to send those large files and digital communications without any worries of keeping the executive up at night.

Data leakage will not end by giving your employees a tool to send large file but by having the technology in place to prevent this from happening in the first place.

Thu, Jul 3, 2008 21:41 EDT

Secure File Transfer Solution for Businesses

Posted by: Larry
Rating:

My company was experiencing heavy overloads with our email server due to large attachments, and we didn't want to set up an FTP server because of the many headaches that are involved with managing it.

We decided to go with a vendor called LeapFile because their solution solves our need for a large file transfer system that has the security and business/enterprise features mentioned in this article.

We evaluated several other companies/sites, but all of them are either to "consumer" focused or are hardware based, which I do not want to manage. I went with Leapfile because of these reasons, and also because they seem to have a successful track record of serving businesses. I highly recommend them.

Tue, Oct 27, 2009 14:12 EDT

A service..

An option that seems to be nice is File Apartment (http://www.fileapartment.com). Easy to use, secure, and safe...

Data Leakage: How to Avoid Security Risks When Sending Large Files

Topic: Infrastructure

Post new comment

Ex-Microsofties Look Back in Anger

The Price of IT Outsourcing

The iPad and Netbooks: Comparing Them Is Stupid

Enterprise IT's Top Enemy: Its Own Arrogance

Rating ERP Vendor Names: Good, Bad and the Ugly

TECHNOLOGY

LEADERSHIP

Missing boat after boat...

IT arrogance or ignorance?

Re temporary job vs holding out

UN ERP

How the wacky media sees every organization

Thanks for the recommendation

Another Ex-Microsoftie

SaaS for managing energy, waste & water consumption

Where the VC firms will invest

LEO PAYS THE PRICE OF HIS STRATEGY

DUNCAN MCALYNN

The Microsoft Muse

C.G. LYNCH

The Collaboratory

KATHERINE WALSH

Green IT

DAVID ROSENBAUM

Cranky Old Guy

Sign-up for the Blogs & Discussion Newsletter