OneDrive for Business Security Exposures? Create a Taxonomy
Metadata and the protection of confidential information. A match made in heaven. The caveat being, as long as you have reliable metadata. Our clients use this functionality all the time, so I thought I would share it. It’s actually quite simple and straightforward.
Any security package worth its salt has standard descriptors, even the Office 365 Security and Compliance Center. But these descriptors are typically limited to social security numbers, driver’s licenses, and other such, predictable descriptors.
But what about confidential information? Do you know what’s being loaded to OneDrive for Business? I bet you don’t.
According to Skyhigh Networks, in its Office 365 Adoption and Risk Report, the average company uploads 1.37TB of data to Office 365 each month, and 17.4% of the documents uploaded contain sensitive data, so pose potential security risks.
Now, 17.4% may not seem like a substantial amount, but think about it. Do you know that every month, your potential security incidences could grow by 17.4%? Pretty ugly isn’t it. Well, it is if you are responsible for cloud security.
For example, the average Office 365 enterprise has 204 files that contain the word ‘password’ in the file name stored in OneDrive for Business. I am shaking my head, but I have a document called ‘signons’ that contain all my passwords – so I am much safer, right? Right.
Let’s talk about confidential information. Government organizations are very aware of the numerous types of confidential content. But most organizations seem to be satisfied with covering the basics of PII, PHI, and PCI.
Confidential information can be anything an organization deems confidential, which should be secured, either externally or internally. Things like payroll, financial, and acquisition information, as well as new product details, schematics and product drawings, competitive material, and client data. The list is as unique as the organization itself. How can these assets be secured?
Back to our clients. They create a taxonomy, or multiple taxonomies, and auto-classify content in real-time – unlike Data Loss Prevention, which works after the fact – and create workflow rules that contain the words they consider confidential.
In this instance, let’s say ‘Holiday Bonuses 2016.’ The auto-classification process will find any instance of ‘Holiday Bonuses 2016’, remove it from search, route it to a secure repository for disposition, and prevent from portability.
I know, you are thinking, “OK, but it’s difficult to create a workflow rule.” Actually it’s easy. These rules are designed for use by business professionals, not IT teams, so take just a couple of minutes to create, plus testing time. It really is quite that simple.
Are you concerned that every month 17.4% potential security violations are added to OneDrive for Business? Are you concerned that Data Loss Prevention works after the fact? Do you have other confidential information that isn’t addressed through standard descriptors?
Our webinars also address the topics explored in our blogs. Access all our webinar recordings and presentation slides at any time, from our website, in the Recorded Webinars area, via the Resources tab.