Practical Implementation and Operational Challenges of External Data Sharing
Protecting data inside your company is one thing—keeping it secure when it’s shared with vendors, partners, or customers is another. In Part 2 of our conversation with Ron Arden, we focus on the real-world challenges organizations face when trying to secure sensitive information beyond their walls.
Ron walks us through the practical side of external data sharing: what makes it difficult, which technologies help, and how to strike the right balance between security, compliance, and collaboration.
We continued the conversation by asking Ron how organizations can manage the risks and complexities of sharing data externally:
Q: With the rise of sophisticated supply chain attacks and increasing regulatory pressures (e.g., GDPR, CCPA, upcoming AI regulations), how do organizations balance the need for seamless external collaboration with stringent data protection requirements?
A: The data security perimeter is no longer the same as your network perimeter. Gone are the days when you could rely on firewalls, VPNs, traffic analysis, MFA, and other basics to control access to sensitive information when collaborating with customers and partners. Analysts refer to data as the new perimeter when it comes to protecting your most sensitive information.
The challenge most organizations have with their supply chain is ensuring that when you share something sensitive, it remains in your control. Unless you control your data throughout the collaboration process, this is tricky. Say you are a manufacturing company and share drawings for parts with numerous suppliers. You can and should conduct security audits of your suppliers and include data protection clauses in your contracts as ways to mitigate your risk. This shows your partners that security of your data is an important part of doing business.
While legal controls are a good start, you need to understand how best to collaborate securely without impacting business processes. You can use a secure portal to share your design drawings and other sensitive information. These require users to authenticate when accessing documents and allow you to limit who can access them. Since most platforms provide encryption at rest, you can prove to regulators that data is protected in the portal, and you are controlling its access.
Q: What are the key technical and organizational challenges companies face when trying to implement effective controls for externally shared data, and what strategies have you seen work best to overcome them?
A: The main challenges are requiring recipients to maintain the same level of security on your documents as they do with their own. While the manufacturer I mentioned earlier can protect the data when accessing it in the secure portal, once a user downloads it, the security is gone. The company has no control over the data or visibility into its location or use.
How do you know if your partner is protecting your data? Conducting regular audits is helpful, so you can understand the processes and technology they use. But controlling the technologies your partners use to protect their data is not practical.
A better approach is to implement technologies that provide end to end protection as users download and share documents. This means implementing a secure collaboration platform that allows your recipients to access the data, but in a way that you control.
Q: What role does encryption play in external data sharing, and are there limitations organizations should be aware of?
A: The best way to protect your data regardless of location is to encrypt it and apply advanced data security controls on it. You can apply encryption to data at rest, in transit and in use. Most endpoints and sharing platforms have a way to encrypt data at rest which protects it in storage. We all rely on TLS through HTTPS and other transports to protect documents as users download, upload, and share them.
There are simple methods of encryption, such as encrypting documents with a password to control who can access the content inside. This is a form of protecting data in use. The limitation is you need to share the password with all those who want to access the document. Once in the wild, you can’t control who has the password and you can’t change it after you distribute the document.
Make sure your collaboration platform encrypts documents as users download them. This way you can control access and prevent inadvertent sharing with people who should not see your data.
Q: Beyond traditional encryption, what advanced technologies or methodologies do you believe are critical to ensure the security of data throughout its lifecycle, especially when shared with third parties?
A: Controlling what a user does when opening a document is critical to security. While guaranteeing only authorized users can download and open a file is important, if a user can copy and paste the content anywhere, you still have a risk. You need to add granular controls to limit editing and printing, for example, when the user has the document open. Providing granular controls that limit editing, copying and pasting to an unsecure container, like an email, or even taking a screenshot of the content will provide better security for your sensitive data.
It’s also important to limit data access by requiring users to authenticate whenever opening documents. You may share a document with a partner and then want to remove access later. You could set an expiration date or just remove access at any time. This is not feasible without requiring continuous authentication and authorization to the documents.
Q: What are the most common risks organizations face when sharing sensitive data externally, and how can they mitigate those risks effectively?
A: The biggest risk is losing control of your data and allowing your partners to share it with other parties without your knowledge or consent. Your partner may inadvertently or deliberately share your documents with your competitors or other unauthorized users. If it’s your IP, this could result in financial loss or legal action. If it’s regulated data, you are now the object of a data breach with its fines and legal complications.
The best way to mitigate the risk is by controlling access to your documents throughout the collaboration process. By encrypting documents and assigning advanced security controls to them, you decide who can access the content and what they can do with it. If your partner wants to share documents with their partners, you can decide if and for how long it is valid. As I mentioned earlier, revoking access to a document when you decide or through an expiration date simplifies the control.
Q: How does Fasoo’s approach help organizations maintain visibility and control over data even after it leaves their internal systems?
A: Fasoo uses a data-centric approach that prioritizes security on the documents, rather than on locations. This allows organizations to control, manage and track each document individually, regardless of its location. You can encrypt documents and assign different permissions through dynamic policies, including a validity period.
When a user opens the document, they must authenticate and be authorized to access it. Granular permissions control if a user can view, edit, print, take a screenshot or share the document. Audit logs show document actions in a centralized log, so it’s very easy to have complete visibility into your document usage. If you need to change the security policy on a document, the next time the user opens it, the new policy is enforced automatically.
Fasoo is agnostic when it comes to how you share documents, since we focus on the document itself and not the transport or location. You can email it, upload it a cloud location, or hand it to someone on a USB flash drive. It doesn’t matter. The document is always protected and in your control.
By using this approach, you mitigate the risk of losing data when using more traditional approaches to data sharing.
Conclusion
Securing data beyond the organization’s walls is one of the most complex and pressing challenges businesses face today. As Ron highlighted, true protection doesn’t stop at the network perimeter—it follows the data wherever it goes. From secure portals and persistent encryption to dynamic access controls and policy-based management, the key is to stay in control at every stage of the data lifecycle.
It’s clear that successful external collaboration requires more than just legal agreements or conventional encryption. It takes a data-centric strategy built on trust, visibility, and adaptability—without sacrificing usability.
Stay tuned for the final installment of our interview series with Ron Arden: Part 3 – Looking Ahead and Lessons Learned, where we’ll explore the future of data security and the key takeaways that can help your organization stay resilient in a rapidly evolving threat landscape.