SBN

Balance Content Security and Content Access With Granular Governance

Balance Privacy with Transparency

Every CISO knows that you can’t have privacy without security, however, you can have security without privacy. Multi-factor authentication, data encryption, and threat protection defend against external threats, but they do nothing to ensure sensitive content is handled correctly by authorized users. While users across your extended enterprise expect easy access to their sensitive content, they also expect complete confidentiality: transparent collaboration comprised of private communications.

CISOs must enable secure file sharing that balances the protection of sensitive content with the overwhelming need to share it, easing access while preventing breaches, ensuring privacy alongside transparency, and adhering to complex regulations without getting in the way of efficient communication. Each trade-off entails risks. This blog series explores these trade-offs and offers six guiding principles for creating a secure content sharing channel that enables work across the extended enterprise and protects your most sensitive digital assets.

Enforce Policy Controls to Govern Data in Motion

In my last blog post, I shared some of the pitfalls associated with providing simple, seamless access to content. Today, I’ll discuss the challenge organizations have in providing easy access to sensitive content, but also ensuring that content is shared with complete confidentiality.

Understand User Roles to Enforce Policy Controls

Confidentiality is the result of strong content communication governance – ensuring only authorized users can access, modify and share specific content in specific ways. It cannot be enforced at the network level—where most security controls are implemented, because it requires information like who, what, where, when, and how. It must be enforced at the user-application-content level, because that is where this information resides. For example, preventing a finance manager from sharing audited statements publicly prior to an earnings announcement requires an understanding of user roles, content type and timing of the request. These requirements echo my earlier blog post about the requirements for total visibility: connection to every user sharing endpoint and every content repository. Only now we need more than just a connection—confidentiality requires control.

Balance Content Privacy With Transparency

Confidentiality means ensuring only authorized users can access, modify, and share specific content in specific ways. It must be enforced at the user-application-content level, because that is where this information resides. [source: Accellion secure file sharing and governance platform]

Complete Content Confidentiality Requires Complete Content Control

Your secure content sharing channel must have very granular policy controls based on a wide array of inputs, including user roles and privileges, as well as content metadata, such as file size, type, location, read and write permissions, and content sensitivity. Consider file access at a hospital. Should a podiatrist have access to an obstetrics patient’s records? Should an admitting clerk be able to edit a patient’s prescription dosage? Not if the hospital wants to demonstrate HIPAA compliance. This is the baseline to govern data at rest. To govern data in motion as it enters and leaves your organization, policy controls need to incorporate sharing metadata, such as sender, receiver, origin, destination, time of transfer, and window of availability. The more granular the governance, the greater your ability to enforce confidentiality and strike the right balance between privacy and transparency.

In the next post, I’ll discuss how organizations can prevent employees from building their own shadow IT out of easily accessible, consumer cloud applications. Until organizations make it simple to share sensitive content securely, they will force employees to seek out less cumbersome, and also less secure, alternatives.

Don’t want to wait? Download the eBook now!
The Risky Business of Online Collaboration

The Risky Business of Online Collaboration

Discover the 6 principles for securing sensitive content without getting in the way of efficient communications with this informative eBook.

*** This is a Security Bloggers Network syndicated blog from Cyber Security on Security Boulevard – Accellion authored by Cliff White. Read the original post at: https://www.accellion.com/blog/balance-content-security-and-content-access-with-granular-governance/

Avatar photo

Cliff White

Cliff White is Chief Technology Officer (CTO) at Accellion. Mr. White joined Accellion in 2011. He has more than 15 years of experience in the software industry and web-based technologies. He has also managed global engineering teams and advised C-level executives on software product engineering and best practices. Before joining Accellion, Mr. White developed highly scalable software for imageshack.com, an online media hosting company and one of the most visited websites on the internet. Previously, he led the engineering function for rentadvisor.com, a peer review and recommendation website for rental properties before it was acquired by apartmentlist.com.

cliff-white has 28 posts and counting.See all posts by cliff-white