SBN

Preserve IP and PII With Dynamic Governance Over External Workflows

Preserve IP and PII With Dynamic Governance Over External Workflows

Internal file threats entail a breach of sensitive information from secure content stores to unauthorized third parties. To prevent them, you must ensure that all sensitive files are saved to the correct repository, and then tightly control who, when and how files can be retrieved. Assuming you have shrunk the threat surface with enterprise content integration, making it safe and easy for users to save and retrieve files, then the next step is to inspect every attempted retrieval and block unauthorized requests.

The modern enterprise spends millions of dollars on cyber security, yet the modern CISO can’t say in any specific detail what information is entering and leaving the firm. If you can’t see it, you can’t defend it. Everyday workflows where employees exchange sensitive information with external parties expose the firm to constant threats, including leaks, phishing, malicious files, and compliance violations. These external workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and leaving your organization.

On-premise or private cloud repositories are best suited for protecting IP

In my last blog post, we discussed hardening the threat surface by restricting access to sensitive data. Today, I’ll discuss defending the threat surface against data breaches by employing tight governance over all file transfers.

Webinar What Are the Key Trends and Benchmarks You Need to Know About Sensitive Content Communications

Limit Content Access and Analyze File Transfer Metadata

Enterprise content access should be tightly governed with highly granular user-level permissions that ensures data privacy. The most sensitive content should be segregated, so that additional security measures can be easily applied, such as multi-factor authentication. This is all standard best practice. However, a CISO Dashboard that monitors the entire file transfer path—the end-to-end threat surface—enables real-time application of stronger security measures based on transfer metadata, such as sender, receiver, origin, destination, and time of transfer.

Discover How Rick, The Risky Rabbit,Got Flagged for InsecurelySharing PII Data

Deploy Data Loss Prevention as an Additional Line of Defense

On a file-by-file basis, DLP can be deployed to deny unauthorized requests based on the content. This process can be accelerated by implementing a data classification standard that allows DLP scans to be performed offline and requests for sensitive content to be processed in real-time. This type of context-aware, content aware dynamic security and governance can only be applied along the natural threat surface of external workflows: users, applications and files. It is impossible to apply it at the network and physical layers, because the relevant data is either unavailable or encrypted.

In the next post, I’ll discuss defending the threat surface against external threats by inspecting every file to block malicious attacks. Future posts will cover concepts like building a holistic, proactive defense that spans the entire threat surface.

To learn more about defending the threat surface against data breaches by employing tight governance over all file transfers, schedule a custom demo of Kiteworks today.

Additional Resources

*** This is a Security Bloggers Network syndicated blog from Cyber Security on Security Boulevard Archives - Kiteworks | Your Private Content Network authored by Cliff White. Read the original post at: https://www.kiteworks.com/third-party-risk/preserve-ip-and-pii-with-dynamic-governance-over-external-workflows/

Avatar photo

Cliff White

Cliff White is Chief Technology Officer (CTO) at Accellion. Mr. White joined Accellion in 2011. He has more than 15 years of experience in the software industry and web-based technologies. He has also managed global engineering teams and advised C-level executives on software product engineering and best practices. Before joining Accellion, Mr. White developed highly scalable software for imageshack.com, an online media hosting company and one of the most visited websites on the internet. Previously, he led the engineering function for rentadvisor.com, a peer review and recommendation website for rental properties before it was acquired by apartmentlist.com.

cliff-white has 28 posts and counting.See all posts by cliff-white