Around our office there is a lot of talk about “hybrid Cloud” as we help our customers create strategies to safely migrate from on-premise to cloud storage and applications. A hybrid cloud strategy provides both flexibility and peace of mind, enabling organizations to ease into utilizing the Cloud at their pace. The actual challenge however is not finding the right balance between on-premise and the Cloud, but coping with the multitude of cloud options.
Archive for ‘Information Spillage’
We often talk to our customers and prospective customers about the various benefits of using classification, such as stopping the malicious insider, ensuring your sensitive information is secure, keeping internal information from inadvertently leaking, and many more.
But, what about the basics? What about the dreaded ‘reply all’?
Generally, we think about ‘reply all’ incidents as a source of embarrassment and potentially an information leak. But not every ‘reply all’ scenario impacts your reputation. I’m talking about the scenario of hitting reply all…and there are 840,000 colleagues on the distribution list. Uh oh…
On 28th May 2018, the European Union (EU) General Data Protection Regulation (GDPR) will come into force with harsh fines and onerous implications. The primary goal of GDPR is to harmonize the protection of personal data across all EU member states. It will have an impact in the EU and around the world, affecting any organization that handles the personal data of EU residents. Don’t let that seemingly distant date delay you from starting to prepare.
Recently, a colleague of mine attended the 2016 CISO Leadership Forum in San Francisco where he had the opportunity to listen to Steve Zalewski, Chief Security Architect for Levi Strauss & Co., discuss the state of his cybersecurity resources. “I don’t need more hammers,” Mr. Zalewski stated, “I need more people to swing them.” The current shortage of cybersecurity experts is creating a “perfect storm” that could spell data disaster for a lot of organizations, both public and private. While cyber threats are growing more sophisticated and dangerous, a recent Cisco report highlights that there are 1 million open cybersecurity positions globally. This is a significant talent gap that is not going to be remedied quickly and is already causing significant difficulties.
So where can a data security team find more people to swing the data security hammers?
As a Brit who thinks our country is great, but also a European who spends a large part of his time travelling around the continent, I was shocked to find that the UK electorate voted to leave the European Union! If I’m honest with myself, I didn’t see it coming. My general impression of the British public is that, on the whole, we are conservative with a small “c” and typically vote to maintain the status quo. – the grass is very rarely greener…
What would happen within your organization if it was faced with the unenviable process of e-discovery? Calm, quick assembly of relevant information, or pure chaos? My guess is that it would lean heavily towards the latter; in fact, many companies are opting to settle out of court rather than deal with the resourcing and financial hardships which come from the process of e-discovery.
Why? Because companies are sitting on huge piles of data; sure, much of it is relevant business information, but I’d wager that a large percentage is ROT (redundant, outdated, and trivial). This type of data comes from the many versions of files created but never deleted, documents from employees who have long since left the company and are no longer useful, and the myriad of files which were once useful but have long since passed their shelf life (marketing campaigns from 6 years ago, anyone?).
I think that I communicate with my colleagues almost as much via email as through verbal communications – even those I share an office with. In fact, probably about a third of the verbal communications are social interaction rather than direct business discussion. In email, however, most of the communication with my colleagues contains business information, sometimes including large attachments containing sensitive strategic plans. And unlike a verbal conversation which is lost to the ether, email endures. So, while talking about business plans outside the office where someone might overhear has some risk to the company, sending an email to the wrong recipient can be significantly more damaging. Yet, organizations are still not protecting themselves from these accidental breaches.
As a case in point I offer you this example from the National Football League (NFL). It is reported that on July 1st, the New Orleans Saints intended to send an email to the NFL head office regarding their plans to pick up a player who was just put on waivers (released) by the Cleveland Browns. The email, however, was accidentally addressed to the entire league. In other words, they broadcast their plan to all of their competition.
We’ve all been there; heart racing, palms sweating, and gasps of remorse while frantically pressing the email recall button and praying you haven’t done what you think you have just done. You guessed it, I’m talking about the “oops” email – the email that you should not have just sent. The email that could cost you your job, your reputation and a sizable amount of regret!
Suggesting that IT is responsible for protecting today’s data is like suggesting a car dealership is responsible for the safety of drivers. Ultimately, you can buy a car from a dealership, but it’s your responsibility to be safe and avoid accidents. IT alone can’t cover the “oops” email or any other user blunders. As we move forward in a world where users are responsible for creating and handling an organization’s most important asset – data – it’s imperative to make users aware of their responsibility. After all, users are often much more aware of the sensitivity of a file than a machine can be.
I hear you asking: “Why is it my responsibility when we have all these great security systems?”
Each year, International Privacy Day reminds us how important it is to question where sensitive data resides, who has access to it, and how to best value and protect private information. As large enterprises hire the next generation of social media savvy employees, it is also a good time to question whether these millennials understand the value of data. Do they know what information should stay private vs. what can be shared?
Working with a generation that readily connects, collaborates and shares information online, companies are faced with educating employees on balancing the need to share with the need to protect. In an era of digital business, company brand and customer loyalty and retention depend on it.