Information Security: What Does it Really Mean for Cloud Service Providers?
A common theme across the way work is rapidly transforming is the enterprise requirement to securely share information and collaborate beyond boundaries.
13 February 2015
The very nature of business work is rapidly transforming — new cloud and mobile device technologies; universal employee mobility; a ‘technology native’ workforce; redefinition of the enterprise, with key roles played by consultants, temporary employees, and partners; a shift from vertical command-and-control to horizontal collaboration; and increasingly complex business processes that stretch across multiple companies.
A common theme across this work transformation is the business requirement to share information beyond the boundaries of the enterprise. Instead of centering both individual productivity and company processes on central IT-controlled processes, devices, and systems, employees now use personal mobile devices to access business documents, cross-company teams collaborate on shared documents, and entire business processes depend on participation from multiple companies.
As increasingly valuable information is stored and shared through the cloud, the business risk from security breaches, IP leakage, and regulatory non-compliance is also growing. And, the security, risk, and compliance models that enterprise IT built for internal work are not enough because:
- Identities and entitlements of external collaborators must be managed alongside internal users
- Governance processes designed for employees and internal information sharing must be redesigned for cross-enterprise work and collaboration
- Compliance and risk reporting must cover all information exchanges — not just internally-tracked sharing
- Access controls and security must extend beyond the enterprise to wherever information is shared
- High-value information must be protected and controlled even while hosted by third parties.
In this environment, the risks for enterprise IT of an ad hoc, reactive approach to external content sharing are growing rapidly. Fragmented governance, gaps in control and auditability, and loss of control of shared information are real threats that must be managed effectively.
These new challenges require enterprise IT to think beyond traditional enterprise-centered security, risk and compliance models. Where information is physically stored — whether in an enterprise data center, a cloud vendor or an employee device — is less important than how the information is tracked, secured and protected.
Instead, enterprises must manage security, risk and compliance at the firewall, identity and content levels — enabled by both process change and new technology capabilities — to meet all collaboration needs of the enterprise.
We call this, the four pillars of secure enterprise collaboration. We have defined a four pillared approach that includes Enterprise Governance, Sharing Process Control, Content Lifecycle Control, and Technology Infrastructure Security. If viewed and addressed independently, the organization opens itself to the risk of gaps in security and subsequent unsanctioned data leakage.
In order for today’s enterprise to realize the benefits that come from fast, efficient collaboration while maintaining the data security vital to their livelihood, it must embrace a solution that encompasses all four of these areas collectively.
Todd Partridge is Vice President, Product Marketing at Intralinks. He has broad industry experience in the enterprise information management (EIM) space, with deep expertise in all trends and technologies related to information governance, enterprise content management, document management, web content management, business intelligence, team collaboration, e-mail management, and enterprise records management practices. In his previous role at OpenText, Todd held several global positions ranging from sales, marketing, product management, positioning and strategy.