It's Cold Out There: Protecting Data Outside the Enterprise Firewall
May 2, 2011 6:00 AM PT
Today's business has come to rely on mobility. Employees take their laptops home, work on tablets and collaborate anywhere via the Web. Unfortunately, these productivity advancements have paved the way for new cyber-vulnerabilities against an organization's private data and intellectual property (IP).
Can mobility continue to be a business benefit when attackers take advantage of security loopholes? Absolutely -- so long as the correct measures are in place to secure IP and keep business flowing.
As we emerge from the great recession, businesses find themselves operating in an increasingly Internet-centric world. During the downturn, many organizations turned to IT solutions that reduce capital and operating costs as well as enable businesses to operate more effectively. The proliferation of mobile technologies extended these capabilities and provided a new flexibility that allowed employees to take the enterprise anywhere -- both at home and on the road. Now that businesses are de-centralized through increasing smartphone, tablet and laptop use, information freely flows from internal terminals to external consumer products.
Open the Gates
From that point, a shift started regarding privacy concerns in the workplace. Employees increasingly demanded, and needed, the ability to work outside of the firewall. Given the economic climate, the ability to produce results was more important than the threat of a leak. Now that unrestricted mobility is a reality, criminals have begun to target attacks outside of the traditional firewall.
According to a recent Symantec report, 163 known vulnerabilities were found in mobile devices during 2010. This number was up a whopping 42 percent from 2009. Simply put, cybercriminals have found that the mobile enterprise is an attractive target because mobile attacks can provide access to big scores. Verizon's 2011 Data Breach Investigations report indicated that criminals are changing their targets by aiming to obtain IP and corporate information. For example, criminal interest in stolen credit card information has dropped while breaches involving authentication records has risen dramatically.
Currently, businesses find themselves in the middle of a shift from traditional, silo-based IT to cloud-based computing systems. This change is happening and will accelerate as rapidly as the Web's first business wave that hit in the 1990s. The bad news is that organizations switching to the cloud are more vulnerable and have not reevaluated their security measures. As such, businesses are constantly struggling to keep sensitive data from leaking outside of their organizations. In many cases, IT professionals are not even sure about the data that is leaving.
Traditional Solutions Losing Some Punch
Traditional IT security solutions like data loss prevention tools and intrusion prevention systems can slow down the classic sensitive information exfiltration campaigns by malicious users and cybercriminals. Unfortunately, these techniques have lost some punching power as businesses shed their virtual walls. This is mostly due to network-level security's ineffectiveness against monitoring outbound content. Information leaving organizations rarely receives the amount of monitoring needed. As a result, users can attach confidential documents to non-company email, instant messenger systems and peer-to-peer file sharing with frightening ease - what's worse is that no one in the organization is the wiser.
The reactionary thought to ending these leaks might be an attempt to reign in mobility and hope that data is kept in-house. The only way to begin to slow down the ease at which information is shared in a malicious way is NOT to turn away from the flexibility and collaboration that business mobility has provided. A completely closed enterprise is a thing of the past. The best way to secure outbound information in a security strategy is to provide the ability to maintain enterprise collaboration and have technology that provides the ability to track and trace files anywhere on the Internet.
Security Without Hindrance
Now, companies need to incorporate security policies and mechanisms that define and automate how sensitive information should be handled at the file level. Companies need to invest in solutions that make file protection simple, automatic, transparent and usable for everyone (authors, users and company IT). This helps companies proactively protect sensitive information and keeps it private against the growing number of breach and leak threats. Most important to day-to-day operations, this type of solution would not hinder the mobility that employees and customers have come to expect over the last few years.
Security initiatives have not adjusted to this new way of doing business and criminals will continue to capitalize on lagging mobile protection systems. The fact that 65 percent of IT pros surveyed at the RSA Conference admitted they do not have a handle on the files and data leaving their enterprises does not instill confidence in the security measures currently in place. Decision makers need to realize that business is moving outside of the traditional four walls of the enterprise. In order to effectively protect IP in a mobile environment, organizations need to adapt secure measures to extend outside of the server room. If not, their next great idea or confidential customer information could end up in the wrong hands.