CORONAVIRUS UPDATES: Get all the info about how we're responding. Learn more

By: Carlos Delatorre
March 26, 2019

The Last Mile Needs should be your First Priority

“No good deed goes unpunished”… so it is in life, and in technology.  Organizations are deploying massive sums of money and people in a valiant effort to make their users’ lives easier by moving to cloud-based collaboration solutions promising dramatically better user experience and far less friction.  But many fail to appreciate potentially catastrophic security risks…

Recently, TechCrunch reported that “dozens of companies leaked sensitive data thanks to misconfigured Box accounts”.  The negative consequences stemming from breaches of sensitive information can be significant.  Anthem Blue Cross Blue Shield will pay $115M to settle a claim related to 79 million patient records breached. Marriott recently learned that 500 million Starwood customers’ information had been breached and analysts estimate the cost to Marriott could top $1B.

These chilling incidents may tempt InfoSec executives to “lock down” environments, ban cloud services, and implement new, restrictive policies.  But businesses can’t afford to forego the value that cloud solutions present. For example, cloud collaboration solutions like Box, Dropbox, and SharePoint Online enable organizations to generate huge value in a myriad of ways.  They can collaborate with external experts on a contract basis or reduce costs through labor arbitrage or increase employee productivity. The possibilities are endless and exciting! And if IT departments attempt to implement controls that users perceive as overly restrictive, then they will merely circumvent them by establishing personal accounts (aka “Shadow IT”).

For all the value that cloud collaboration offers, there are risks that should be addressed.  How can corporate IT maintain visibility and control to files containing sensitive information about customers, employees or intellectual property?  How can they revoke access to sensitive files when an employee is terminated, or a supplier relationship is severed? How can they be alerted when bad actors attempt to compromise sensitive data that has left the corporate network or cloud collaboration environment? Further, how can they enforce policies that account for the varying needs of specific users or groups and the hierarchies of trust or of sensitivity of information?  

Some user/file combinations may require “view only” access with watermarking while others may require the ability to edit while maintaining restrictions, such as, printing, screen capture, etc. The numerous combinations require the ability to define and enforce granular policies that take several factors into account.

They may apply to individual users or entire groups defined in a corporate directory Microsoft Active Directory.  Or they may apply to individual files of various types including CAD files, media files, Microsoft Office documents, PDFs or others. They may apply to folder structures or environments including users’ hard drives, file servers, Box, Dropbox, SharePoint and others.

Organizations need a data security solution that is agnostic to file types and repositories so they can secure all forms of sensitive data with access policies that are dynamic and persist no matter where the file ends up.

Specifically, it’s imperative to have:

  • Granular visibility and centralized control to understand how content is used, by whom, and to proactively investigate unauthorized access attempts
  • Access control on sensitive files even after they have been shared with external users via cloud collaboration tools, email, or other means
  • Ability to adopt cloud collaboration solution(s) without risking unauthorized third-party access to sensitive data

The Box data leakage snafu shows that out of the box (no pun intended) configurations can cost companies in the long run. This isn’t the malicious insider or intrusive external bad actors penetrating security defenses. This is just people making innocent mistakes trying to do their job. Protecting sensitive data over the “last mile” without impacting user productivity has long been an unfulfilled promise of IT security.  The emergence of cloud collaboration opportunities makes addressing this issue an urgent requirement. And VERA makes it possible and straight-forward now.

VERA has been chosen by organizations of all sizes including General Electric, Silicon Labs, and Pokémon to secure data in their cloud collaboration tool.

If you’re interested in learning more, check out the white-paper on how to leverage modern cloud collaboration tools securely.

By, Carlos Delatorre

Chief Executive Officer