Future Outlook, Lessons Learned, and Strategic Recommendations
Future Outlook, Lessons Learned, and Strategic RecommendationsIn the final part of our interview with Ron Arden, we shift the focus to what’s next. From lessons learned through real-world incidents to the impact of AI and emerging threats, this section is all about helping organizations think ahead.
Ron shares what keeps security leaders up at night, the technologies shaping the future of secure collaboration, and the practical steps companies can take today to better prepare for tomorrow.
We wrapped up the conversation by asking Ron for insights and advice based on what he’s seen and where he sees things going:
Q: Could you discuss a real-world scenario where inadequate data security practices during external sharing led to significant consequences, and what lessons can be learned from such incidents? (Without naming specific companies, of course.)
A: We had a situation where a company delivered a customer quote to one of its resellers, and the reseller sent it to a competitor. This was a very competitive situation, and the competitor knew the company was in a good position to win the business. The competitor drastically undercut the price to see how far the company would go. The customer told the company if it could meet that price, they would win the business. Unfortunately, that price was more than a 70% discount from the original price. The company reluctantly agreed because it was a marquee account, and they wanted to establish a foothold in that industry.
It’s still unclear if sending the quote to the competitor was inadvertent or deliberate, but you can be the judge. Unfortunately, all of us have inadvertently fat-fingered an email address and sent something to the wrong person. Even though the company had an NDA and other contracts with the reseller for data protection, the damage was done. Because the company had no controls to prevent the reseller from sharing the quote with anyone, it was easy to email it to the competitor. The monetary damage was significant, and the company later decided to implement a secure sharing solution so they could prevent this from happening in the future.
Q: Looking ahead to the next 3-5 years, how do you anticipate AI and machine learning will both enhance and challenge data security efforts, particularly when identifying and protecting sensitive data shared externally?
A: Companies can use two approaches to identify and protect sensitive data. They can do it as users create and save documents, or as users share them. The hardest thing to overcome is identifying the context of the data to determine if it’s sensitive. There are already tools using AI to help identify sensitive data with more speed and accuracy, and they will only improve in the coming years.
The challenge with identifying and protecting sensitive data when sharing it is that there may be a way around it, bypassing your controls. Companies use DLP tools to block the sending of sensitive documents, but there are many ways to avoid or get around them. It’s better to protect the sensitive data before sharing it. Since encryption plays a vital role in securing sensitive data, AI will enhance encryption techniques, perhaps even using adaptive encryption modes that adjust based on detected threats or perceived risks. I see AI being able to flag anomalies in external data sharing patterns and adjust protection levels accordingly in the future.
Q: For an organization just beginning to seriously address its external data sharing security posture, what would be your top three recommendations to get them started on the right path?
A: The first thing is to identify the sensitivity of your data and decide what you can share externally, and with whom. For simplicity, you can divide the data into internal and public. If it’s IP or subject to regulations, it’s sensitive and therefore internal. Next, you should protect the internal or sensitive data with Enterprise Digital Rights Management (EDRM) to apply encryption and usage policies to individual files. You can define who can share files with external users and for how long. Lastly, you need to monitor sharing and document usage and adjust policies appropriately. Business requirements and relationships change, so you need to change or revoke access for both internal and external users as needed.
Q: As a leader in a data security company, what emerging threats related to external data sharing keep you up at night, and what proactive measures should organizations be considering now to mitigate them?
A: Most businesses use email and file-sharing platforms, like Box and OneDrive, to share data with external parties. They also use thousands of SaaS applications, like Salesforce and Microsoft 365, for both internal and external access. Millions of data loss incidents can be attributed to these systems because of inadequate controls and visibility. There are insider threat risks associated with this, but also inadvertent mistakes made by users trying to do their job. Generative AI tools like ChatGPT and Microsoft Copilot are also inadvertently exposing sensitive data. Threat actors target these commonly used systems with zero-day exploits and social engineering to access sensitive data. New AI tools are making it easier to attack these systems and to fool employees with more realistic phishing and deep fakes. Without proper access controls and monitoring, it’s difficult to track who has access to shared files, making it hard to manage and secure data.
Encrypting sensitive documents and applying granular access controls, including zero-trust principles, ensures you always have control of your sensitive data. You can control access regardless of location, so you don’t need to worry about where it goes. By expiring access to documents after legitimate use, you immediately reduce your risk. Even if a hacker or nation-state threat actor gets your sensitive documents, they can’t read the content. For AI tools, you should enforce input and output restrictions to limit exposure of sensitive data.
Q: What emerging technologies or trends do you see shaping the future of secure data sharing?
A: I see AI-driven data governance simplifying the process of securely sharing sensitive data. Improving the ability to automatically detect, label, and protect sensitive data in real time will reduce risk, since you won’t have to rely on users to make those decisions. Enhancements in anomaly detection of usage patterns will flag suspicious sharing behavior and automatically act to either block sharing or add protections automatically, such as file encryption and access controls.
Q: What advice would you give to CIOs and CISOs who are just beginning to rethink their external data sharing strategies?
A: Traditional perimeter defenses are no longer sufficient in hybrid and multi-cloud environments. Focus on data-centric security, which protects the documents themselves rather than their location. When sharing sensitive data, use a zero-trust approach to authenticate users every time they access documents. Do not ignore training and continuous learning when it comes to educating your workforce and your partners on the importance of security when sharing sensitive data. A combination of enhanced technology and better security awareness will make a big difference.
Conclusion
As our conversation with Ron Arden comes to a close, one thing is clear: the challenges of securing externally shared data are only growing, but so are the opportunities to get ahead of them. From the rise of AI-driven threats to the importance of building a culture of continuous awareness, security is no longer just about technology. It’s about strategy, adaptability, and acting before something goes wrong.
Ron’s perspective reminds us that while the threat landscape is evolving, the fundamentals still matter: know your data, protect it at the source, monitor continuously, and stay agile. For organizations just starting to take external data sharing seriously, or looking to mature their approach, there’s no better time to reassess and retool.
Because at the end of the day, it’s not just about protecting information. It’s about protecting the business.