alphaspirit - Fotolia
The exponential growth of corporate data consumption has made mobile security a bigger challenge than ever before.
With more ways to share information, the growth in data transfers makes it harder for a business to control where its corporate content is going and who can see it. Because of this, there is greater risk of exposure and stricter security compliance guidelines for IT departments to uphold.
To make matters more complex, experts often say there is not a singular security tool that can protect a business from every possible type of attack, so it is important for businesses to have a layered security model.
A growing trend in IT security is using file encryption software to have a layer on the actual documents themselves. Some tools IT admins consider include Microsoft Rights Management Services (RMS) and German software company, Brainloop Inc. While Brainloop also works in containerization, it can secure files individually. Microsoft RMS allows IT admins to secure files through authorizations.
FinalCode Inc. arrived last year, and is focused on securing files through encryption and rights management.
"The growing trends in file use leading to leakage and compliance issues are essentially creating a perfect storm to bring data protection down to the file level," said Scott Gordon, COO at FinalCode, based in San Jose, Calif.
FinalCode's file security software of the same name encrypts documents individually, allowing IT departments to protect the files internally and when shared outside of the company network or cloud container. The enforces usage policy and can alert IT admins when a file is in the wrong hands or if someone tries to access it without the proper authentication. The tool allows admins to remotely delete documents, preventing confidential information from being shared, and logs where a document is sent, as well as who has access to it.
FinalCode launched version 4.3 of its file security software in the U.S. in April and has 80 corporate customers of all different sizes, specializing in healthcare, financial, government, manufacturing and other industries.
Despite the abundance of companies hit with major breaches in recent years, the top two forms of data leakage may not even be malicious, according to a survey from IT research firm, Enterprise Management Associates Inc. (EMA), set to be released later this year.
In the survey of over 150 enterprise IT and security professionals, the two most frequent sources of data leaks are files inappropriately shared both in and out of the company, with files stolen by hackers being the third most common.
Files shared with the wrong individuals often goes unreported, as professionals don't want to draw negative attention to themselves, said David Monahan, research director of security and risk management at EMA, based in Boulder, Colo. Often times, when these files are shared with someone outside of the company network, the IT department has no control over it, and this can be detrimental.
David Monahanresearch director of security and risk management at EMA
"The key issue we're dealing with is you have all this collaboration and data sharing going on right now," he said. "Owners are concerned data is being shared with people who don't really need to know."
The pressure is on IT departments to secure their respective corporate networks and content, as PCI and HIPAA compliance is viewed as strict, with fines getting even bigger for those who are falling short, Monahan said.
In the EMA survey, 75% of respondents said they were highly concerned about sensitive data being leaked to unauthorized users. Just a quarter of respondents were moderately concerned, while no one expressed "low to no concern."
File-level protection is a growing trend in IT, Monahan said.
"This type of a technology gives the business a better ability to better manage the data proactively," he said. "You can say upfront, these individuals are allowed and these aren't."
One chief information security officer (CISO) from a global moving services company based in North America, with over 3,000 employees, speaking on condition of anonymity in accordance to the company's security policy, said some of these security tools can be costly, as they require businesses to hire additional administrators. His company is testing FinalCode and, so far, they've determined it's easy to use without additional IT staff.
Documents are housed on enterprise servers that may leak data, he said. File encryption software securing the data at the document-level negates that risk. The CISO noted he found FinalCode appealing, as it allows IT to remotely delete a file, it prevents users from copy and pasting within a document, and if a document is printed, it's watermarked.
"We can control who can read what and from what device," he said. "I can see a great use for this."
A virtual appliance subscription of FinalCode starts at $22,000 for 100 users, with no charge for the FinalCode viewer, the company said.
Ramin Edmond is a news writer with TechTarget's End-User Computing media group. Contact him at [email protected].
Finding the right secure file transfer tool
Startup brings mobile security to the file level
Can cloud file sharing improve data security?