Security – Who’s Wearing the Mask?
In a previous blog I talked about the investment Microsoft has made in security, specifically for OneDrive for Business. From the same article, Cloud, Data Security Remain Top Concerns Heading into 2016, written by David Weldon for Information Management, Rajiv Gupta, CEO of SkyHigh Networks offered some more insight.
In the article, Gupta stated that, “Cloud service providers have improved security to the extent that breaches on the provider side will become few and far between,” Gupta notes. “This leaves enterprise employees as the weak link. Ninety percent of companies experience at least one cloud insider threat per month. Whether malicious or unintentional, your own employees will be your greatest cloud security threat.”
According to the article, 17.4% of information loaded just to OneDrive for Business should be secure. 93.2% of end users still use SharePoint on-premises, which would store the greater quantity of content that should be secure.
Organizations have and are spending money on security. A breach is not inexpensive and bad publicity. One of the issues is exactly what Gupta, and a slew of others, are just now starting to bring to the forefront. Most threats are coming from inside the organization. The trusted employees. Most security vendors who deal with content will identify all the major descriptors, which is good. But what they don’t do, is recognize organizationally defined confidential information, phrases, concepts, and a whole host of verbiage that does not fall under the definition of a descriptor.
The other issue, is after the fact. It’s important and valuable to identify any type of insider threat, no matter how unimportant it appears. But to stop a potential breach of security it should, or should I say must occur before it happens. Our software, conceptClassifier for Office 365 or SharePoint, provide easy to set up rules to identify any content the company wishes to secure such as financials, employee information, customer information, mergers and acquisitions, engineering, and the list goes on as each company is unique. The product provides identification of all descriptors and defined verbiage, as well as verbiage that contains the same concept, within content as it is created or ingested, resulting in averting a security breach.
That’s what vendors and organizations need to stop an inside breach before it happens. And it will happen.