Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

IT LESSONS FROM iCLOUD: THE INCREASING NEED FOR FILE-CENTRIC SECURITY

cldsrvcpt - Global Banking | Finance

Written by Ryan Kalember, Chief Product Officer, WatchDox

I don’t need to tell you about the Apple iCloud hack: the lurid details have been exhaustively documented elsewhere. However, I do want to tell you what your organisation should take away from it: it is critical to think about the security of your information at the file-level, rather than the device level. Data-centric protection is critically important, particularly in business, and particularly for files, whether they are selfies or strategy PowerPoints. With the relentless growth of Dropbox and iCloud, the walls around the typical organisation have disappeared. The only solution is to build new walls around the data itself.

For a long time, information security groups like the Jericho Forum have worked to help organisations understand that their firewalls were no longer protecting their data in any meaningful way. As the iCloud attacks make abundantly clear, files are now moving between clouds and devices in both automated and manual ways, most of which involve exactly zero choke points for IT to control that data flow. In the iCloud attack for instance, the prevailing theory is that celebrities’ iCloud accounts were compromised via what amounted to elaborate social engineering, and the backups of their personal photos were synced not to their own devices, but to devices belonging to the attackers.

This type of compromise is exceedingly difficult to defend against. An IT organisation considering the security of the files that nearly all its users work with will find few good options. Using mobile device management software to turn off iCloud may be an option, but that will push users (who are, after all, chiefly interested in getting their work done) into the arms of free or freemium file sync and share services. The simple truth is that many businesses suffer from a false sense of security when it comes to popular box storage services. Right now employees are using these services to access sensitive company data without really being aware of the vulnerabilities inherent in these freemium services. The content stored in them is only as secure as the people accessing it, with access controls disappearing the moment a user sync files to an unmanaged device or opens a file in a third party app. Additionally, these services create a lot of confusion around who owns what, especially when an employee leaves.

File sync and share technologies have evolved significantly as enterprises have begun using them en masse. The critical feature to ensure is that they can be safely used by organisations with sensitive data to protect. Keeping files encrypted until an authorised user authenticates to work with them, enabling organisations to control functions like sharing and printing, as well as establishing an audit trail of actions taken with the files on any authenticated device. Additionally, these technologies (also known as information rights management, or IRM) enable organisations to revoke access to the sensitive files whenever they choose, leaving attackers, former employees, or disgruntled insiders in possession of a lump of encrypted data and not the corporate crown jewels, regardless of where the file has been copied, synced or sent.

Ryan Kalember

Ryan Kalember

Critically, though, IRM cannot be a hindrance to users if this is all to work as designed – there are simply too many workarounds in every app store. IRM must work across all devices (and the web), and technologies that use it must meet the twin challenges of making files both secure and usable everywhere they need to go in the course of a business workflow. That means enabling work wherever you are and with whomever you are working; using any device suitable or available to read, or annotate a document; sharing work-in-progress with a few, and publishing authoritative content to the many; protecting intellectual property and sensitive information (whether at rest or in transit) on-premises, in the cloud, or on a device; satisfying the different needs of the casual user and the power user; being as useful on a mobile device as on a traditional computer; and working with line-of-business and collaboration systems that the business already owns, as well as those that it is thinking of getting.

Business efficacy, regulatory compliance, information security, and employee productivity are all affected by the way employees create, edit, process, and share documents, so the selection of enterprise file sync and share products is very much on the critical path of IT-related business investments. Let’s face it: one of the key challenges facing CIOs and IT managers today is managing BYOD and how they try to regain control of enterprise content without impacting on productivity and creating mass user disenchantment.

Considering how digitally advanced we have become, we are still remarkably naïve about basic Internet security. The most common techniques used by hackers have been the same for years: social engineering, phishing attacks, remote access tools (RATs), and password recovery and reset prompts. While these aren’t overly sophisticated methods, users fall victim to them time and again. Enterprises need to make secure mobile and online practices a priority. They also need to consider a more file-centric security approach – especially if content is going to be accessed by employees from personal mobile devices or shared with external business partners. Phishing attacks may be more sophisticated — poorly written emails from foreign princes giving away their fortunes are increasingly rare — but these attempts are still fairly obvious if you know what to watch for. Therefore frequent security training should also be a requirement to ensure employees know how to identify and avoid these ploys.

While most enterprises aren’t concerned that their own privacy will become fodder for public consumption in the way that celebrities’ selfies are, this should serve as a cautionary tale about consumer-based cloud services that every enterprise employee and employer should consider

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post