Get actionable insights from industry and IntraLinks thought leaders to drive collaboration across your Extended Enterprise.
E-mail traverses the public Internet in plain text, and can be easily copied or intercepted. Just ask the Gmail users famously hacked in 2010 and again in 2011, or the U.S. Chamber of Commerce which had at least six weeks worth of e-mail data containing sensitive information stolen in a breach that was widely reported in December 2011.
Today, as increasing global competition drives the need for increasing inter-enterprise collaboration, the use of e-mail to share collaborative information with partners and geographically dispersed team members creates unacceptable security, compliance, and information governance risks. If your users are collaborating on a sensitive project and sharing a confidential document or data, the last thing you want them to do is e-mail it back and forth over the Internet.
"E-mail is the go-to for business people due to ease-of-use and familiarity. They are reluctant to adopt more secure solutions because they intrude on that ease of use," says Christopher Ford, Vice President, Product Management for IntraLinks.
Nevertheless, there are ways employees can share sensitive information with the ease of e-mail and yet with a central point of governance. For example, with secure file-sharing services integrated into your e-mail infrastructure, users remain in control of information — even after a document has been shared — and all communications can be logged.
This article explores several secure e-mail solutions and some of the choices and trade-offs involved in sharing documents securely via the Internet.
Consumer-oriented file-sharing solutions
Perhaps the most popular alternative to e-mailing documents is to use one of the dozens of consumer-grade file-sharing solutions, such as YouSendIt, Dropbox or Box.net. With these services, you upload your document to their servers and e-mail someone a link to it. Originally created as a way around e-mail attachment file-size limits, these sites became popular for synchronizing files between home and office computers and accessing files from smartphones. Users believe these familiar consumer tools help them get their work done faster.
But these services introduce risk into the enterprise. There are numerous examples of confidential information being inadvertently distributed, sometimes due to poor authentication protocols (Dropbox's authentication issues have been well documented here: http://dereknewton.com/2011/04/dropbox- authentication-static-host-ids/). The recent FBI raid on MegaUpload is an extreme example of one risk: even legitimate users of this file-sharing site (i.e., those not pirating copyrighted content) have lost access to their content and may have had confidential information stolen1.
In addition, using "bring your own collaboration tools" makes the activity invisible to the IT department. Even when IT is aware of their use, the services generally lack transaction logging, which makes document control and security problematic, and eliminates the possibility of tracking content at the enterprise level — for example, for litigation preparedness. Comprehensive transaction logging is critically important — in many cases, failure to log an electronic file-sharing event places a company at risk of non-compliance with industry and privacy laws.
Secure e-mail alternatives and add-ons
Many alternatives are available that enhance e-mail security, and all come with varying levels of ease-of-use and deployment difficulty.
Secure document sharing issues
As you evaluate any of the above services and solutions, consider the following issues concerning how you intend to share confidential information.
Conclusion: Integrate document-sharing services with your e-mail
A full-fledged, cloud-based platform for secure, compliant inter-enterprise content sharing is the ideal way for your enterprise to pursue the collaborative partnerships necessary to business success while maintaining security, compliance, and control. But few organizations can prevent their users from e-mailing sensitive documents.
That's why controlled, auditable file sharing, when integrated with email, is the most effective approach. It logs transactions, gives visibility to content throughout its lifecycle, gives users the speed and flexibility they want — and it keeps the Chief Compliance Officer happy and the company and out of the news.
Services such as IntraLinks' Courier enable the integration of secure document-sharing platforms with e-mail. "What we're really doing is hosting and posting files for secure access; we're not delivering files over e-mail. But we've packaged it in a way that it looks like e-mail so that the ramp-up for users is very quick, and the barriers to adoption are low," explains Ford.
Thanks to the familiar user experience services like Courier provide, their proven security, control and compliance features can make e-mail document sharing safe, after all.
Register now for this live, virtual town hall to hear leading CIOs discuss their strategies to enable the collaborative power of the BYOD (Bring Your Own Device) consumerization of enterprise information – without compromising security.
Ask questions in real-time and hear answers from CIOs and the global audience watching the live stream.