GSN Aug/Sept Digital Edition

More documents

Recommendations

Info

Cybersecurity and ConvergenceCloud File Sharing – Pandora’s BoxBy Scott Gordon, COO,FinalCode, IncKudos for the Departmentof Justice to take advantageof the economics of cloudbased storage and the meansto accelerate file collaborationacross agencies and jurisdictions.Moving to cloud-basedenterprise content managementsystems, such as Box.com and others,offers great benefit but with thatcomes inherit security risks.Gartner in its “Cool Vendors inPrinting and Imaging, 2015” reportnoted that: “<strong>Digital</strong> documents arevery easy to share, but once youshare them, you lose all control overwho else might receive them, whichis a big problem. With the rightcloud-based tools, you can both distributedocuments easily and controltheir distribution.” More so,they recommend, “Departmentalmanagers must recognize the opportunitiesand risks in documentcentriccloud services. Teams andindividuals will find them a veryquick and easy way to manage companyinformation, but you mustwork with the IT organization toprevent them from creating securityrisks and a confusingmess that others willbe left to clean up.”According to Sky-High networks CloudAdoption and RiskReport Q1-15, the averageemployee users3 cloud file-sharingservices regularly.This report cited 22% of files uploadedto a file-sharing service containedsensitive or confidential dataand and 8% of external collaborationand 8% of external collaborationrequests went to 3rd party emailaddresses. That’s a lot of confidentialinformation floating in cyberspace.When employees place a file in asanctioned, reputable cloud-basedfile storage or collaboration application,organizations can gain pieceof mind that systems communicationand storage should be secureand audit-capable. These systemstypically rely on the use of securecontainers on the endpoint. Whilethe files are stored in the cloud orwithin the container, organizationshave comprehensive and strong securitycontrol. But what happenswhen that file leaves the protectedcontainer. That’s when the security22model can denigrate.When online or in a container,file owners have visibility and control.You can readily update, recalland wipe files, and gain insight intofile use within the container. Butwe’ve all shared files with others inthese systems…. And then copiedthe file onto our device, forwardedto another device or possibly sharedit with another user we trust thatmay be outside the scope of identifiedrecipients. Once that file leavesthe container, is typically unprotected.For example, maybe the fileis locked with a simple password,but how often do users send thoseAdobe documents with the passwordin the body of the same email.Peeling back the onion even more,organizations may have encrypteda file in storage and transport… butthen what happens when that file issend/retrieved outside the networkand cloud container? Furthermore,what are the permissions associatedwith the users and the documentto prevent saving, copying, pasting,printing or even screenshots,and what happens across states andcountries. In a digital world, theseare some of the control risks thatneed to be considered with regards
to files containing sensitive, confidentialand regulated data.According to Privacy RightsClearinghouse, nearly 305 millionrecords have been leaked in theUnited States for the past five yearsdue to unintended disclosure, hackingor malware, insiders, and lostor discarded mobile and stationarycomputing devices. We have all seenthe likes of Snoden, Anthem, Sonyand Home Depot. But in the wakeof potentially 25.7 million individualswho were affected by the Officeof Personnel Management (OPM)data breach, it is clear that data protectionrequires a layered approach.Since agencies can not hold backthe tide or advances in file collaboration,they will need to examinethe potential consequences of dataleakage given the ease at which filescan be shared and sensitive data canbe exposed on unsanctioned email,web and mobile applications, lostUSB thumb drives, malicious websitesand wireless access points, andpoorly maintained systems.Scott Gordon, COO at FinalCode,Inc., is an accomplished leader whohas helped evolve security management,network, endpoint and datasecurity, and risk assessment technologiesat both innovative startupsand large organizations. An infosecauthority, speaker and writer, he isthe author of “Operationalizing InformationSecurity” and the contributingauthor of the “Definitive Guideto Next-Gen NAC.” Scott holds CIS-SP-ISSMP certification.23
Page 1 and 2: Government Security NewsAUGUST/SEPT
Page 3 and 4: NEWS AND FEATURESDriver arrested af
Page 5 and 6: officials, Ricky Shawatza Hall wasd
Page 7 and 8: city reduced the number of complain
Page 9 and 10: our system is secure with CINCH - t
Page 11 and 12: U.S. MARINE CORPS declares theF-35B
Page 13 and 14: complex weapon system in an operati
Page 15 and 16: Here’s how different the immigrat
Page 17 and 18: DHS Science & Technology Directorat
Page 20 and 21: New from Government Security News:P
Page 24 and 25: Cybersecurity and ConvergenceNew Gu
Page 26 and 27: Cybersecurity and ConvergenceAdvanc
Page 28 and 29: Cybersecurity and Convergencemised.
Page 30 and 31: Cybersecurity and ConvergenceCyber
Page 32 and 33: Cybersecurity and ConvergenceUnited
Page 34 and 35: Cybersecurity and ConvergenceComput
Page 36 and 37: Cybersecurity and ConvergenceFrom a
Page 38 and 39: Disaster Preparedness and Emergency
Page 46 and 47: Business leaders, elected officials
Page 48 and 49: Protecting data in motion:A look at
Page 50 and 51: DHS Science & Technology Directorat
Page 52: Secure accessto cloud, dataand door

GSN Aug/Sept Digital Edition

Create successful ePaper yourself

Delete template?

Save as template?