January 2011

In our age of data breaches, Roy Adar from Cyber-Ark Software suggests some ways in which companies can keep their data safe.

Global business operations depend on the effective sharing of sensitive information between parties. Whether it’s a document sent over email, or a database saved on a USB drive or CD, information is constantly being transmitted.

However, in an age where data breaches have turned into a commonplace occurrence, organisations need to assess the security of their data transfer systems, questioning the tools commonly used to share sensitive information. After all, whilst data breaches may have lost their shock value in the media, the financial and reputational damage that can ensue is getting more severe by the second.

The data breach problem

You only have to look at the headlines to be aware of the alarming number of data breaches that continue to take place in the UK. Recent research conducted by the Ponemon Institute, found that 71 per cent of UK organisations have suffered a data breach in the last year.

In the past couple of months alone, we’ve seen UBS lose $10m worth of business on one deal through an incorrectly sent email; and Hertfordshire County Council suffer a £100,000 fine, the first six figure penalty to be dealt out from the Information Commissioner’s Office (ICO).

Unsurprisingly, such incidents can be - and have proven to be - enormously costly to businesses. However, it’s not just a heavy fine, or that missed deal that needs to be considered.

Companies have to dedicate an enormous amount of time, money and resources to establish how best to escalate the incident and deal with any fallout, while also determining how to repair a damaged reputation and minimise the risk of losing customers.

Moving away from a culture of complacency

More often than not, it is through the loss of mobile data storage devices - such as CDs and USB drives - that such breach incidents occur in the first place. Employees taking work home, information being sent via post or courier, or a simple act of losing a device, all contribute to this growing problem.

Portable devices are, by their very nature, easy to lose, as well as being easily replaceable. It is therefore all too often the case that users forget that the real value lies not within the device itself, but with the irreplaceable data it holds.

But it’s not just devices like CDs and USB drives that should be a cause for concern. Newer means of file transfer, such as websites that allow you to send or host files for another person to access, can also be considered highly insecure, or at least not fit for business use.

Such sites may well be cost-effective, but they have not been engineered to offer a secure means of file transfer. For example, how do you know where the data is stored and under what laws; and is the data deleted after use?

The idea behind these file transfer websites isn’t necessarily bad, but if employed for business use, companies could find themselves with missing data and a series of business challenges to contend with.

So what is the solution?

By combining the benefits of automated governed and managed file transfer in one centralised, highly secure platform, organisations have the flexibility to implement more modern, efficient file transfer processes, easily add new partners, and deliver innovative business services to customers with unprecedented time-to-market.

Specifically, organisations can easily upgrade their file transfer technology platform to automate and significantly increase the efficiency of business processes, while still maintaining the ability to exchange documents with their business partners that are using legacy systems.

Overall, organisations that rely on the safe transfer of data can’t make assumptions about the security or manageability of traditional vehicles - especially those that can’t be easily tracked and audited. But it’s also important to recognise that there doesn’t have to be a trade-off between security and productivity - it is possible to be secure and to guarantee the integrity of business operations.

For example, with secure file transfer solutions that takes sensitive documents out of the email exchange - delivering access to the files through a secure link - employees can enjoy a far quicker and less congested inbox.

With this clear benefit, workers stop seeing security processes as a hindrance to their performance, but rather as an enabler. This is key to winning over and educating staff, resulting in improved understanding of security risks and adherence to protocol.

From a compliance standpoint, centralising all file-transfers into a single secure, scalable governed file transfer platform enables organisations to comply with regulations such as PCI, SOX, HIPPA and Basel II by ensuring strong authentication and tamper-proof audit logs. This can be further enhanced by implementing role-based segregation of duties, ensuring that access to content is provided only to those that really need it.

Investing in the right technology and processes now will go a long way to getting ahead of the growing volume of data transfers while meeting the demand for providing a better, faster service at lower cost, as well as affording a larger set of services in order to increase business volume and profits.

Looking ahead

There can be no question that technology has advanced sufficiently to render many mobile data storage devices redundant in the enterprise. Through the countless data breaches we’ve seen in recent years, these often insecure devices have proven difficult to manage and secure.

And with the ICO sharpening its knives, no doubt eager to issue more fines for serious breaches of the Data Protection Act, businesses must consider any potential insecurity in their IT infrastructure sooner rather than later.

The only way that 2011 will see a reduction in the security breaches arising from data transfer will be if there is continued education in the area and a growing adoption of suitable file transfer technology.

http://www.cyber-ark.com/