Why Encryption Isn't Enough When It Comes to Business File Sharing
by Andrew Mullen on May 23, 2016
Encryption is the go-to solution when it comes to securing business data, whether at rest or in transit. Any security product, storage solution, or cloud service you look at will tout their encryption as one of their strongest selling points. But encryption isn't all you need when it comes to data protection and security for business file sharing. Here's why, and what you can do about it.
Companies Aren't Always Protecting Data They Should
Some sensitive data isn't even inside the parameter of encryption protection. Is your employee database as secure as that of your customers? It should be.
The first issue is not with encryption itself, but with gaps in what is and isn't properly encrypted. For instance, one study found that while businesses typically used strong encryption and other solid protocols for securing their customers' data, they weren't using it for securing the data on their own employees -- even though their employee data contained more information on the individuals, including healthcare information protected by HIPAA regulations. Make sure you're utilizing strong encryption (plus other security methods and mechanisms) for all the data that someone might want to hijack or corrupt.
If They Can't Break Encryption, They Just Find a Way Around
When hackers, government spies, or other interested parties can't manage to break encryption, they just start looking for a way around it. That means exploiting backdoors in software systems or even stealing encryption keys.
According to whistleblower Edward Snowden, the best way to get to encrypted information is to just go around the encryption. This is what the government agencies like the NSA are known for doing. While the government lacks high-tech equipment like quantum computers to break encryption, they depend on lower-tech means for getting around it. Hackers and saboteurs intent on corporate espionage do this, as well. For instance, in the case of Silk Road mastermind Ross Ulbricht, the government simply stole one of his encryption keys from his laptop. Similarly, hackers and others can exploit backdoors left in software or firmware to get around encryption.
Encryption is Just One Piece of the Security Puzzle
For these reasons and others, encryption needs to be just one piece of the overall security puzzle. While encryption itself is very good (even the top government agencies can't crack the best encryption), it's still just one piece to the big security jigsaw puzzle. First, you need to address the potential for insider threats. According to Snowden, if your enemies can't find a way to your data from the outside, they're highly likely to send someone within your ranks to open a door from the inside.
Additionally, consolidate your data, either in a private cloud on premises, or in a public cloud that can offer enterprise-grade security, such as Microsoft Azure. From there, you can allow business file sharing according to each individual user's level of access, meaning that Sam in accounting can't access HR data, and Phyllis in operations can't get into your legal department's database. Consolidation puts all of your data into a single repository, which is far easier to monitor and secure than lots of disparate systems and databases across the organization.
Would you like to see how this business file sharing solution works? Come take a look at this demo video.