Data Breach or Exposure – It’s all up to you!
Unless you are responsible for security at your organization, a data breach or confidential data exposure isn’t on the top of the majority of business users minds when they come to work. In a research survey, released in July, by Workshare, it doesn’t seem that many organizations have control over information leaking deliberately, or accidently into the wrong hands. According to the research, “68% of professionals are exposing their businesses’ most confidential information by failing to remove hidden data from documents they share with customers, suppliers, or colleagues”.
To some extent I guess the business user is at fault. On the other hand, shouldn’t the enterprise be actively securing content that contains whatever the organization has defined as confidential? It’s ironic that when applied to search, we beg people to tag content, and when we ask them to secure it, we beg them to remove tags. According to Ponemon Institute, the majority of data breaches are caused internally, either intentionally or unintentionally. Remember Edward Snowden?
It is not a radical idea that software can identify confidential information in content and route it to a secure repository and prohibit download. Organizations are struggling with security applications as the context, or meaning of content is not able to be retrieved, or is too obscure to understand. Our software can do it. But, one of the challenges that I see, is that you might want this process to work in two different directions. For example, I write a document that contains confidential information regarding a new product problem. Associated with the document and within the document are tags and descriptive terms that would be considered confidential. The organization obviously does not want any customers who have purchased the product to realize there is a problem, but the organization does need to send information to the manufacturer to fix the problem. Rather a two edged sword. Quite accidently, the customers, or even a customer could receive the confidential information, even through a conversation from an internal source who read the document, or just ‘heard about it’.Farfetched? There has never been an organization that I have worked for that didn’t have gossip mongers at every water fountain.
Executives are beginning to wake up and fear the dreaded data breach, but most don’t seem to be tackling it aggressively, to at least reduce the risk or seriousness of confidential leaks or breaches. Some breaches can be nipped in the bud through software, others, like the above scenario, still remains in the hands of business users who must perform due diligence and be trained by the organization.