Information security is a big arena, and it seems like there are more and more holes to plug every year. Most organizations focus on perimeter-based security intending to keep out the bad guys. Unfortunately, that doesn’t address the accidental or malicious exposure of sensitive information by trusted insiders. Enterprise based data-centric security is security for individual files that keep data safe even after it’s left a company’s secure network — and that can be a lifesaver.
To understand why let’s look at the story of Company X. The Company was a strong, growing, medium-sized enterprise that was earning a reputation in its field. Leadership was aware of the need for strong data security, and the top-level executives invested a lot of time, effort, and money into securing the Company’s network and backing up all files. Its information security efforts focused both internally and externally: they went far beyond a firewall to keep out hackers, implementing smart policies and security controls on internal users to prevent intentional or accidental breaches of sensitive files.
They did everything correctly, right?
Not quite. Their security-savvy measures did not include enterprise-based data-centric security, and that became a fatal weakness when the company sent one of its VPs to a major conference (yes they are coming back).
Like most leaders, the VP—let’s call him Rob—needed to work while he traveled. In addition to presenting and networking at the conference, he reviewed progress on a new project still in development. This included both getting reports from team members back at the office and working with a few other colleagues who had come to the conference.
Rob had remote access to the Company’s secure server and was able to work on files on his secure laptop. All of this was fine until he needed to share something. While talking with one of his Company X colleagues at the conference, Rob shared a draft of one of the files. He moved it to a shared Dropbox folder so the colleague could see it.
What Rob didn’t realize was that this folder had already been shared with other, non-Company peers at the conference. In other words, the competition.
When a few curious conference goers saw the file, they opened it. They weren’t asked for a password or any kind of authentication. And now they had Company X’s trade secrets for the yet-to-be-unveiled project.
Situations like this are not uncommon. Rob certainly didn’t mean to leak secrets or betray his company. It was an honest mistake. And if Company X had had enterprise-based data-centric security, it would have been a harmless mistake. Instead, the lack of data-centric security meant that Company X’s secrets were out in the open, never to be secured again. All they could do is hurry forward on their project and hope to minimize the damage. And, most likely, rethink Bob’s tenure.
Contact us today and protect your business tomorrow with enterprise-based data-centric security.
Photo credit DonkeyHotey