Sharing content has become an integral part of the way that business gets done. However, it is not without its risks. For enterprise-level organizations, distributing rich media content can make it challenging to maintain data security. While most organizations want to use technology to disseminate important information, the simple act of sharing can expose them to major security breaches.
Not long ago, an ex-Raytheon employee’s home was raided by FBI agents. He was later stopped at the airport with a Raytheon laptop computer that contained information he was unauthorized to have. In this instance, the man was the former manager of Raytheon’s Warhead Lethality Group. While not every company works in the high-stakes defense industry, the impact of data theft remains constant whether selling warheads or wrenches.
The example above begs the question: Is this type of breach preventable? The answer: Yes. Through a secure system that confers the ability to distribute and track what users are doing with content, control access to the appropriate versions, and immediately turn off or expire access to content remotely, the enterprise can exert complete control over shared content. In doing so, it can avoid the financial repercussions of a company’s intellectual property falling into the wrong hands.
What are the costs of insecure content delivery?
According to the Digital Forensics Association, data breaches and content losses cost an estimated $156 billion over a six-year period. Its recent study, “The Leaking Vault 2011,” evaluated 3,765 publically announced data breach incidents that occurred during the years 2005 – 2011. The survey covered 806.2 million known lost records, averaging out to a loss of 15,000 documents per hour, per day.
In addition to the billions of dollars lost for the companies involved, there are also less measurable consequences when content security is breached. Data breaches can impact the long-term profitability of an organization because of public and peer perception. Partnerships with upstream or downstream partners can be at risk due to content control issues. There may also be backlash from data subjects whose information was put in harm’s way.
Clearly, there are major risks to lack of content control that organizations of all sizes need to plan for and manage to stay profitable. In order to avoid the fate of the corporations in the survey, organizations need to make content security a top priority. The Leaking Vault report revealed that document sharing was one of the top five sources of data breaches. Over 24 percent of the document sharing data breaches were the result of insider activity, 24 percent were the result of a third party and 38 percent were a result of an outsider’s actions.
How content distribution control is different
Content collaboration tools on the market today such as SharePoint, Adobe IRM and Dropbox create a secure online environment in which people can collaborate, share files and manage projects. These solutions secure the area around the content; in other words, they wrap access rights around the content to ensure that it can only be viewed by authorized users. What these tools don’t provide is insight into how the content is being consumed or control over what users can do with it (e.g., forward, modify, copy/paste, export, print, etc.) In other words, content control ends the moment you press “send. “
Protecting content for outbound distribution requires a different approach. It requires protecting the content itself, not just access to the environment in which it resides. In the past, some content collaboration solution providers tried to extend the content control to outbound distribution, but these efforts failed because the technology was too onerous to end users, requiring software installation and heavy infrastructure, which prevented them from being widely adopted.
Today, new content distribution control technologies are emerging that can provide greater content protection than ever before. Content Raven’s cloud-based solution, for example, does not require software installation by content recipients, thus encouraging seamless adoption while giving the sender complete control. The key capabilities that set this new distribution control technology apart from content collaboration solutions include:
- Content can be kept anywhere. These technologies deploy through the cloud, so content can remain wherever it’s stored. Files can remain within the internal network or private cloud where they are stored, and the content distribution solutions point to them, encrypt them, and set rules and parameters, without ever moving or copying the file. Documents, video and other files never exist on the recipient’s device, making it simple and easy to withdraw access, publish updates and changes, and effectively manage access.
- Content usage can be tracked. This approach provides insight into how content is being consumed with actionable analytics that enable companies to understand how the content is used, including the device it is viewed on, the geographic location of viewers, the frequency of views, duration of each view, and more. This data can be used to remove access, improve content and track data usage.
- Content can be terminated. When content is out of date, no longer needs to be shared, or reports indicate it has been corrupted or inappropriately viewed, the content owner is able to remotely terminate access immediately.
- Content is easy for end users to view securely. These new content distribution protection solutions are easy to deploy and use, requiring no installation by the end user. Content is delivered to a viewer built into any browser using existing APIs.
Drawing a road map to secure delivery
Mapping the path of content delivery, tracking content usage and having the ability to terminate content access from anywhere are all keys to content security. If these three capabilities are in place, content can remain secure no matter where it is sent across the cloud. For many companies, this understanding leads to the million-dollar question: How do I implement a content distribution control plan?
The first step is establishing a protocol and utilizing tools that allow users to securely push content from where they want to whom they want. An organization needs to map out the typical flow of content and then implement the use of tools that will help maintain security end to end. Ideally, the application would integrate into the existing fabric of enterprise architecture, no matter what that architecture is (e.g., storage tools such as Dropbox or Box, IBM’s SmartCloud, a private network server, etc.) This approach offers the most efficient solution for companies needing to securely distribute, control and analyze content.
Second, the organization will require tools for tracking content usage. In many cases, the data breaches that were part of the Leaking Vault survey could have been avoided if there were tools in place to track and manage content usage. Being able to see how, when and where content is being used can help organizations stop a breach before it starts or at least control the spread of information.
Finally, terminating content access can be a line of defense between corporations and data thieves. Whether the threat originates from an internal part, external part or other third-party source, terminating content access remotely and automatically can stop a data breach in progress.
Content security issues will only become more commonplace unless organizations embrace secure content delivery solutions that can work within a user’s existing workflow, thus encouraging adoption. Using a tool that lives everywhere content lives to map the flow of information, track its usage and terminate access if necessary can save an organization millions of dollars and preserve valuable business relationships.
A handheld fortress
It is also critical to take a similar approach with employees’ mobile devices. With the advent and subsequent popularity of BYOD (“bring your own device”), enterprises must now contend with sensitive information walking out the door daily.
As recently as 10 years ago, smartphones and tablets seemed like something straight out of science fiction. Now they are as important to people’s personal and business lives as coffee and sleep. Mobile devices have become mainstream necessities; as such, they change the way we do business. Ericcson and Cisco estimate that there will be 50 billion connected devices by 2020.
The tidal wave of mobile devices with capabilities exceeding basic laptops is nothing short of breathtaking; however, with this revolution comes risk. The digital age has brought a world of information to our fingertips, but it comes with some major violations and threats to digital intellectual property. The same intellectual property rights that apply offline apply to online information. The challenge lies with the format and ease of access that has blurred the lines between protected content and fair use, a phenomenon exacerbated by the high-performance attributes of modern handheld devices.
The wealth of information available online and being shared digitally between companies can easily be copied, downloaded and altered. Without content security measures in place, this information can be used in ways different from the original intention and in ways that are damaging to a company and its employees. The series of Wikileaks publications over the last two years underscores the importance of maintaining digital intellectual property rights in order to protect companies and institutions.
Not sharing information online or electronically is out of the question for businesses. Having access to important information with the click of a button is essential. Businesses that want to secure their digital intellectual property need a solution that is focused on protecting content across the cloud, tracking usage and ensuring that ideas, materials and designs are safe.
Joe Moriarty is executive vice president of global sales and marketing at Content Raven. He is an experienced salesperson and leader who specializes in sales and software. With a strong history of increasing sales and motivating his teams, He joined Content Raven in 2011.Prior to that, he was vice president of sales and marketing at Hybrivet Systems (later acquired by 3M). Joe’s background also includes positions with TR3 Solutions, Sterling Commerce (now IBM), Commerce One, AppNet, and Research and Planning.