Better Safe than Sony’d: 4 Pillars for Secure Collaboration
Organizations need a governance framework that covers people, process, and technology. This is called the “Four Pillars” of secure enterprise collaboration.
24 December 2014
In a year where we saw about 145 million records lost by eBay, 76 million by JPMorgan Chase, and 70 million by retailer Target, the recent Sony breach still managed to stand apart. The volume of data Sony lost is certainly staggering, but it is the intention behind the attack that is unique. Rather than seeking financial gain, the hackers executed a concerted and sophisticated effort to wreak harm on a company.
Unfortunately, the hack appears to have been entirely successful.
Lessons We Can Learn From Sony
There is no “silver bullet” to block all Sony-scale attacks. Though we’re still not sure exactly how the data was stolen, the fault probably isn’t a result of one blunder or a single technical weakness. Rather, it was probably a combination of factors that were cleverly exploited by the attackers.
To respond to the reality of this sort of a threat, organizations must think holistically about their governance and the rules. They must consider the policies and systems that determine how decisions are made and business is conducted. This governance effort must involve a thorough approach that covers people, process, and technology, together. This is especially true for enterprise collaboration, particularly when it involves outside parties.
This governance framework is the first of what we describe as the “Four Pillars” of secure enterprise collaboration. The other three pillars are:
- Sharing Process Control: This pillar’s rules may define the capabilities permitted during collaboration (making it similar to governance). This pillar allows customers to control information access while maintaining visibility into information sharing processes.
- Content Lifecycle Control: This pillar defines capabilities that all organizations require to maintain control of their content from the moment the content is created, to when it is shared, all the way until the enterprises’ information governance rules dictate its final disposition.
- Technology Infrastructure Security: After an organization has defined and implemented information sharing rules of governance and business processes, selected a service provider, and implemented a solution, it must be certain that all aspects of that service provider’s solution are secure. Today’s enterprise must be able to audit and validate any tool’s capabilities, processes and people that provide the service, along with the physical security of the application after it’s deployed. Increasingly, organizations must provide document-level security that travels with the file, and provides protection across the content’s entire lifecycle.
The final point is this: a truly secure solution requires support of all four pillars. Having one or two in place (such as just the Technology Infrastructure Security pillar) is not enough, and can leave you susceptible to data leakage or theft.
Todd Partridge is Vice President, Product Marketing at Intralinks. He has broad industry experience in the enterprise information management (EIM) space, with deep expertise in all trends and technologies related to information governance, enterprise content management, document management, web content management, business intelligence, team collaboration, e-mail management, and enterprise records management practices. In his previous role at OpenText, Todd held several global positions ranging from sales, marketing, product management, positioning and strategy.