Seclored: The Data Security News Blog

The Gaping Hole in Your EFSS Security

Category: Data Security, EDRM

I use several Enterprise File Sync and Share (EFSS) systems every day with co-workers, partners and vendors. And often I’m sending information that contains my company’s strategy. Sure I have a digitally signed Non-Disclosure Form (NDA) that says they won’t share information but truly I can’t enforce it. I can’t even control what they do with the information once they download it from the EFSS system. Once sent, forever out of my control. And I like being in control!

To me this is a gaping hole in my data security infrastructure. Gaping actually means “wide open” and the opportunity to lose sensitive information is, well, wide open. You may trust employees, partners, contractors and vendors and hope they will do the right thing, but people switch companies all the time. Bringing company confidential and sensitive information with them and/or sharing it with competitors is not uncommon. And how many times have we heard of a disgruntled employee leaking information?

The EFSS market has grown rapidly in the past five years ($1 Billion in 2015), and is only building momentum. As this technology’s usage increases, so will the risk that sensitive files are being distributed outside the organization. Some EFSS vendors may be adding security features such as key management (where the company holds the encryption key), or view and edit rights on files, but it’s just not enough security to ensure the file/data is protected once it’s downloaded.  Nor does one know where the information will eventually be stored once it is downloaded from the EFSS system. The lack of control is especially difficult for companies that have security regulations on how they govern data.

Enterprise Rights Management (ERM) Seals the Gaping Hole

What’s really required to fully ensure that collaboration is secure is an Enterprise Rights Management system. The 2015 Gartner Magic Quadrant for EFSS ranks vendors who lack an Enterprise Rights Management system (referred to as Digital Rights Management) as a security “caution” and those having ERM capabilities as a “strength.”

ERM provides persistent, file-centric control over the usage of a file wherever it travels or resides, from the time it leaves an owner’s desktop, through the EFSS system and on to the recipient, allowing you to stay in complete control of the data. Imagine your M & A activities, financial data, patented intellectual property, sales and product information, published materials, contracts in negotiation, and so on being shared in an EFSS system and becoming defenceless once it leaves the EFSS system.

Connectivity is Key to Security

IT leaders are faced with employees using several EFSS systems as more and more vendors have entered the market. Even if IT chooses to deploy one EFSS vendor company-wide, often employees want to stick with what they know and already use – I’m guilty of this. Having an ERM system that can integrate with any EFSS solution will safeguard data, regardless of the EFSS system used, ensuring data doesn’t get shared unprotected. Additionally, look for an ERM system that uses Policy Federation to fetch permissions in an EFSS system and automatically map them to granular usage rights.  That will make it easy to rapidly add ERM to your EFSS system without extensive ‘policy definition’ efforts.

EFSS has changed the way we collaborate for the better.  Connecting ERM to your EFSS system will ensure that all sensitive files are automatically protected, offering optimal collaboration, without a security gap.

Abhijit Tannu

Abhijit Tannu is advisor and co-founder at Seclore. Abhijit is a technology architect at heart and entrepreneur by profession and has contributed to the development of innovative products and applications for enterprise security. A fitness enthusiast, you can find Abhijit trekking or hiking in his spare time.

Related Posts