Safely Riding the Monster Information-Sharing Wave
The Internet Era has made information-sharing a foundational aspect of business operations and personal interactions. Information now is available and shared to an extent almost unimaginable even 10 years ago. However, new technical capabilities and growing user expectations are converging to create an accelerating demand for even more information-sharing capacity.
Consumers mostly used dial-up networks to access the Internet as recently as the mid-1990s. A screaming-fast modem might have synced up at 28.8 or 33.6 kbps. Surfing the Web meant waiting a minute or more for a basic Web page to open -- and forget about sharing images or video. The good news, however, was that that the Internet was a relatively safe community back then, with firewalls and intrusion-prevention systems not yet even part of the common IT lexicon.
Fast forward 15 years. Email, social media and broadband Internet connections allow consumers to share data and multimedia files at speeds more than 100 times faster than dial-up. Businesses connect to the Internet at GB speeds and have adopted managed file transfer (MFT) solutions to exchange high volumes of data and information within their network environment and with partners. Features available in MFT solutions now include integrated security, auditing capabilities, performance monitoring, reporting, and other features that facilitate high-confidence, cost-effective file transfers.
While businesses have used MFT capabilities to deal with security and high data volumes, employees and individual consumers have continued to rely primarily on email and social media to share information. In today's business environments, file attachments represent the majority of data flowing through the email infrastructure. These file attachments may contain a wide range of data, including sensitive company information, and they typically travel unencrypted and otherwise unprotected after they leave the enterprise.
In addition, increasing file sizes -- driven by image and video content -- result in more instances of email being undeliverable. Assuming a valid delivery address, the primary reason for undeliverable email is that the aggregate size of the message (body and attachments) has exceeded the thresholds set by the sending or receiving mail system.
Know What You Know
To satisfy growing security and data volume requirements, businesses and individual consumers are driving increasing market demand for solutions that integrate the best attributes of MFT, email and social media. Integration of ad hoc file transfer capabilities within MFT solutions will allow industry to establish a new paradigm that frees individuals from the file size restrictions and many of the traditional management issues -- for example, lack of visibility into attachment-sharing -- associated with email systems.
To address typical file-size restrictions and attachment management issues, GlobalSCAPE, Accellion, and other MFT providers offer plug-ins for mail systems like Outlook and Lotus Notes. The MFT industry also has introduced Software as a Service (SaaS) file transfer solutions that operate through the cloud.
Email plug-ins and SaaS offerings provide a familiar user interface to send files up to several gigabytes, as compared to the typical 10 MB to 20 MB file attachment size limits established by email system administrators. The file transfers also can be managed and monitored using capabilities developed for traditional MFT solutions.
So what's the catch? One immediately apparent issue is that increased information-sharing potentially results in an increase in the exploitable attack surface. Threats range from poorly trained employees to unstructured hacker "hobbyists," to state-sponsored cyberwarriors with sophisticated attack tools -- and probably with intelligence agency or military training.
At the high end of the scale, the perpetrators of today's advanced persistent threats are deliberate, and often very patient, in their targeted attacks. Their persistence allows them to use a variety of cybersurveillance and intelligence-gathering techniques on a continuing basis, to prepare for an eventual attack.
Data leakage is a very real risk, as are spamming, impersonation, unauthorized redirects, service slowdowns, and even outright denial of service. Also, with so much information in motion and coming to rest in exponentially increasing volumes, organizations and individuals also must clearly "know what they know" -- and appropriately minimize what they don't know -- about their information-sharing. Otherwise, they will find it impossible to follow the risk management principles, based on consideration of assets, vulnerabilities and threats, that underpin IT operations in the Internet Era.
Most Critical Factor: People
The security, management, auditing and reporting capabilities of ad hoc information-sharing solutions based on MFT principles come into clear focus given the operational realities. Effectively orchestrating these capabilities requires consideration of the policy, people, technology and process aspects of the file transfer solution.
Organizations must determine their business policy with respect to information-sharing, keeping in mind the natural drive for information-sharing in this Web-centric environment. The information-sharing genie is out of the bottle, and there's no going back. Corporate policy should reflect this basic precept, while appropriately protecting the organization's sensitive information. Unreasonable policies drive unmanaged, if not invisible, employee work-arounds that actually increase risks.
People typically are the most critical factor in the success of an IT initiative. When implementing ad hoc information-sharing solutions, organizations should provide education and training for users and administrators as necessary to realize policy objectives, and drive compliance with standards and approved procedures. While doing so, organizations should continually monitor the user experience and security environment to identify as early as possible any need to revise policies.
From a technology perspective, ad hoc file-transfer solutions are increasingly easy to integrate with email systems and legacy MFT infrastructure -- or to operate as a SaaS solution. Data loss prevention solutions may become increasingly important, as will strong endpoint security (e.g., to defeat threats that may hitch a ride to internal systems through the information-sharing process).
It is easy to overlook the process aspects of an IT implementation while focusing on the technical attributes of a solution. While IT administrators certainly should seek ways to integrate new solutions into existing infrastructure, that now-enhanced infrastructure should not drive blind conformance with legacy processes. Rather, new technology provides a basis for considering corresponding evolutionary, or even revolutionary, process improvements. Remember this basic axiom: NT + OP = EOP, or "New Technology + Old Process = Expensive Old Process."
The beauty and curse of the Internet Era is that the confluence of technical developments and user demands will drive further evolution, if not revolution, in ad hoc information-sharing. The beauty is apparent in the emergence of technical solutions with ground-breaking capabilities. The curse is that legacy solutions will become outdated relatively quickly, by pre-Internet standards, and require ongoing development and integration of new-generation capabilities.
Someday in the foreseeable future, businesses and even consumers will be routinely sharing and collaborating on terabyte-size files. Bet on it. Safely riding the growing information wave will require adoption of ad hoc information-sharing solutions that provide the security, management, automation, and other attributes necessary to operate effectively today and into the future.
Craig A. Robinson is COO of Globalscape.