Three reasons data centric security finally enables collaboration

Three reasons data centric security finally enables collaboration

We recently had the pleasure of sponsoring and attending the Innovate Cybersecurity summit in early October and wow what a refreshing event. It was our first opportunity to really be face to face with the industry in a long time and the show provided a great platform to enable productive in person discussions. The reverse expo was a big hit!

In addition to being reminded how important in person contact is to build new relationships, Innovate reminded us that data centric security continues to be front and center in the CISO organization. Some organizations have successfully adopted a data centric security strategy, while others have barely started. If you are still unsure of what data centric security means, check out this blog post from the show where Michael Howden, Director of Security Services at Novacoast, does a great job summarizing it in more detail. 

What has changed with data centric security?

The concept of data centric security is not new. “Data is the new perimeter” has been a reality for more than a decade. What has changed is the accessibility of solutions that can accelerate a data centric security workflow while still enabling cloud-based collaboration. While CISO organizations embark on these data centric strategies, the question remains, will the business accept it or push back? Let’s face it, as the business has pushed for a digital strategy that enables cloud-based collaboration, security is often viewed as the roadblock to making this a reality. However, we believe (and have seen firsthand) that with a modern approach to data centric security, the business will embrace the controls instead of push back. 

Three reasons data centric security finally enables collaboration

1) Links reduce complexity

As organizations started to adopt cloud file sharing, they immediately changed when data needed to be controlled. Before people shared files with links in a central cloud, they would share with methods, such as email attachments, where security had to focus on trying to control the file at the time of sharing. This meant data centric security forced organizations to deploy complex policies to address endless scenarios that often led to false positives or encryption that nobody could use, ultimately leading to knowledge worker frustration. With links, you don’t need to control the file, you only need to control access to the file. This fundamental shift allows security to deploy more context aware policies that don’t lead to false positives and keep knowledge workers sharing in a cloud-based collaboration experience.

2) Labeling is a question of when, not if

Gone are the days that organizations need to convince themselves that data must be classified. It is now generally accepted that labeling is foundational to a data centric strategy. How an organization labels data will vary across a spectrum of 100% manual to 100% automated. Arguments can be made on both ends of the spectrum about what approach is better, but the recommended strategy really comes down to regulations, maturity, and organization size. Irrespective of approach, with labeling, users do not need to be part of the policy decision, they need to ensure the label of the file is correct. For the average knowledge worker, this is a much less daunting task then forcing users to determine whether the file needs to be encrypted or is even allowed to be shared with an external party. Instead, with labeling, knowledge workers just need to understand the sensitivity of the file. Yes, with an overly complex taxonomy this can be difficult, so we recommend keeping your taxonomy simple and to something that doesn’t require hours of training.

3) Modern data centric security solutions are born from the cloud

Knowledge workers want to collaborate from the cloud. They have been telling us this since the dawn of Shadow IT back around 2010. The good news is that modern data centric security solutions have been listening and now enable cloud-based workflows from the cloud. This architecture shift for the data security industry is critical not just to support your collaboration workflows of today, but the future of collaboration in your organization. The cloud drives innovation at a compounding rate and data security must be able to keep up. Knowledge workers do not want to be forced into workflows that take them away from the advantages of cloud collaboration (e.g. co-authoring) and cloud-based data centric security supports that mandate, well at least we do 😊

The last two decades have produced constant battles between knowledge workers and security. A lot of this friction has been created because, as an industry, security had failed to keep up with the pace of digital transformation. We believe that the next decade will be different. Harmony can exist between knowledge workers and IT through safe and frictionless collaboration with data centric security at the heart of it. 

Secure Data Collaboration using MIP Sensitivity Labels

e-Share Blog

Organizations are under increasing pressure to share more sensitive information with external parties to keep up with market demands while still complying with data protection rules and regulations. As a result, they turn to intelligence-based Secure Data Collaboration solutions that are contextually aware of data sensitivity.

Traditional approaches to secure the sharing of sensitive files, such as Data Loss Prevention (e.g., DLP), are flawed and do not meet the needs of organizations that are embracing cloud-based productivity solutions. These flaws manifest themselves in three principal ways:

  • File transfer, not sharing – Traditional approaches to secure file sharing, such as attempting to secure email attachments, result in files being given away forever. There are no controls available once the shared files are sent, let alone any ability to remove access to the file later.

  • Inflexible to the needs of the business AND security – Because files are shared without any controls, there is only one opportunity for the organization to decide if the file transfer is appropriate. Continuing with the email attachment scenario, a DLP system evaluates the content of file attachments when the file is being sent and either allows the user to send the email with the attachments to be sent or blocks the email. The binary nature of these choices results in data protections being diminished or the business being impacted. There is no win-win.

  • Modern Collaboration is not extended to external parties – Productivity suites such as O365 have drastically improved the productivity of workgroups who can now create, edit, review, and collaborate around a single copy of a shared file. But when it becomes necessary to bring clients, partners and suppliers into these collaborations, what do we do? Continuing with the email attachment scenario, we typically email the external party a COPY of the file. Collaborators then struggle to figure out which copy of the document has the most recent changes, in many cases needing to merge multiple documents to create a final draft.

Link-Based Secure Data Collaboration

Link-based modern collaboration

A modern approach to external file sharing and content collaboration, using links to share files, eliminates these flaws and provides the organization and users additional benefits.

·        Shared files are always under the organization’s control – With links, the data is never beyond your control until the recipient downloads the shared file (if that is enabled). Our clients’ experience is that about 80% of recipients will not download the file even given the permissions to do so. In most cases, users don’t need nor want a local copy of the file.

 

·        Business AND security both meet their objectives – Because file links can be expired anytime and with view-only sharing meeting the needs of most use cases, security teams now have the discretion to allow business users to share increasingly more sensitive data without compromising the organization’s obligation to protect sensitive data.

 

·        User productivity is greatly improved – Internal users and external parties can now collaborate on the same version of a shared file. No more version confusion! And links can be the basis for a Virtual Data Room, allowing for the bidirectional sharing of multiple files and the inclusion of various parties within the data room. 

Secure Data Collaboration using MIP Sensitivity Labels

e-Share’s MIP Data Protection Extender

Realizing the promise of link-based modern collaboration with external parties using M365 is possible with e-Share’s MIP Data Protection Extender. The MIP Extender allows e-Share to apply controls to externally shared files based on their MIP sensitivity label. e-Share now has a full understanding of the content, context, and user identities surrounding the sharing of sensitive content. This enables a real-time, intelligence-based approach to external file sharing and content collaboration.

 

e-Share MIP Integration

How does it work?

When an internal user initiates a Trusted Share, the e-Share MIP Extender evaluates the shared document and its container (i.e., SharePoint Online Site) for a MIP sensitivity label. If a label exists, e-Share will apply the org-defined sharing policy that is mapped to that sensitivity label. The sharing policy defines the recipient’s authentication requirements and rights (e.g., view only), the Trusted Share options (e.g., the ability of recipients to invite others), and is optionally and uniquely assigned to a sensitivity label.

 

If both a document and site label are present, e-Share will apply the policy associated with the highest priority label. The priority ordering of labels is performed within the M365 admin center and is automatically imported into e-Share by the MIP Extender. In practice, the highest priority label is more protective of the shared data (i.e., fewer rights with higher authentication requirements).

When the recipient accesses the shared file(s) using the provided Trusted Share link, the file’s label is once again evaluated by the MIP Extender, in real-time. This setting allows the recipient’s rights to be determined at the time and place when the risk to the shared data is greatest – at the time of data access. This setting is important, as the file’s content may have been changed since the file was initially shared. This situation is common when multiple parties are contributing to the content of shared files. It also accommodates Trusted Shares created from folders (i.e., a Virtual Data Room use case), where the folder’s content changes over time.

In the diagram, we see a user sharing a Public-labeled file from a Confidential-labeled SharePoint site (Step 1).  Consistent with our more restrictive (i.e., least privilege) approach to Secure Data Collaboration, the Confidential sharing policy is applied to the Trusted Share. This policy allows the recipient to view and download the file, with password-based authentication being required.

Between the time the file is shared and the time the file is accessed the content of the shared file changes such that the label is altered to Restricted (Step 2). Perhaps there is now PII within the file.

When the recipient attempts to access the shared file, the MIP Extender sees the new label and applies the sharing policy associated with the Restricted label (Step 3). This policy steps the recipient’s rights down to view only, steps up the authentication requirement to include MFA, and limits access to approved recipient domains. Perhaps this is a list of approved vendors or organizations with which an NDA exists. It could also be a disallow list of domains (e.g., gmail.com).

Recognizing that sensitivity labels are imperfect and could interfere with the legitimate sharing of files with external parties, the MIP Extender allows the constraints placed upon shared files to be optionally relaxed for an org-defined period (e.g., 48 hours) upon the request of the recipient and the approval of the Trusted Share owner. A web-based workflow for both the recipient and owner makes this easy.

This temporary access meets the needs of the business in sharing the file while allowing the data owner and organization some time to alter the recipient’s rights on a go-forward basis, alter the content of the shared files, or adjust the labels applied to the shared files.

Summary

MIP’s sensitivity labels and e-Share’s Secure Data Collaboration platform operate in concert via the MIP Data Protection Extender to enable easy but highly secure external file sharing and content collaboration with external parties. This allows MIP sensitivity labels to dynamically determine what data can be externally shared by whom, with whom, and with what rights. And because e-Share inherently requires nothing of the recipient other than an email address and a browser, e-Share extends MIP’s document protections and M365’s modern collaboration experience to anyone, anywhere.

If you would like to see a demo of e-Share’s Secure Data Collaboration in action, please contact us.

4 Ways To Measure Secure Data Collaboration

One of the most important things you can do as a leader when trying to implement change is to measure the impact of that change through key performance indicators (KPI). While organizations have spent years tuning financial KPIs and even security KPIs (e.g., risk), not much discussion has been had about KPIs to measure Secure Data Collaboration. We are proposing four KPIs that would allow organizations to understand the effectiveness and adoption of Secure Data Collaboration.

One of the biggest challenges with KPIs is that there is no shortage of data. We were recently reminded of this by an information security and collaboration leader who often must report to executives that:

“the KPI should show me what we want users to be doing more of and the
kind of behavior we are trying to change.

With that guidance in mind, these are the four KPIs that we propose to measure Secure Data Collaboration. 

 

KPI #1: Are we keeping sensitive information in our control?

% of Restricted data in our full control

The metric: Measures the percentage of files downloaded from a trusted file share (e.g. SharePoint) when shared externally, based on the data’s sensitivity.

With Secure Data Collaboration sitting at the center of security and collaboration, we believe it is essential that organizations understand whether they maintain control over their most sensitive information. While some organizations may want to block all downloads, that kind of control may not meet the needs of the business. We recommend having visibility on whether your most sensitive data (e.g., labeled as “Restricted”) stays in your control. This course of action allows organizations to meet the business need to share sensitive information with external parties.

 

KPI#2: Are our users using Microsoft 365 for external collaboration? 

External Collaboration Activity using M365

The metric: Measures the number of share creators as well as internal and external users actively collaborating within Microsoft 365.

 

Organizations are making significant investments in selecting Microsoft 365 (M365) as their platform for modern collaboration. However, some companies only use M365 internally while relying on point solutions for external file sharing, thereby missing out on the additional return of their M365 investment. Therefore, measuring how much your modern collaboration platform is being used to collaborate externally will provide great insight into how much return you are getting on your overall investment. If you are concerned about turning on external sharing or guest access in Microsoft 365, then feel free to give us a call, we can address the underlying security, privacy and compliance concerns 😊.

KPI #3: What type of data is being shared with external collaborators?

% of data shared externally by sensitivity

The metric: Measures files shared by the sensitivity-level with external recipients.

One of the challenges that information security often faces is reporting on a KPI that is easy to understand. We recommend a data classification strategy that be easily consumed by anyone (red = highly sensitive, orange more sensitive, yellow = somewhat sensitive, green = not sensitive). The goal of Secure Data Collaboration is to allow sensitive information to still be exchanged with external collaborators. As a result, this metric does not aim to sound a fire alarm if highly sensitive data is shared externally. Its purpose is to bring awareness to executives of potential exposure. Many industries have extremely tight rules around what type of data can be shared externally (e.g., Aerospace and Defense – ITAR); however, you still need to share data and collaborate with external parties. Better understanding the potential exposure allows companies to implement appropriate controls to enable Secure Data Collaboration policies.

 

KPI #4: What is our overall level of engagement with external parties? (customers, partners, suppliers) 

External Collaboration Engagement

The metric: Measures the type of file activity when information is shared. No file activity by the user would represent low engagement, file views by the user would be classified as a medium level of engagement and file opens and uploads by the user would be deemed as a higher level of engagement. 

Implementing a KPI dashboard will generate reams of data about the file-sharing activities of your customers. Analyzing this data will allow you to gain better insights into whether your customers are actively engaged with your organization and their potential revenue.

Bringing it all together

 

We would love to hear your feedback about the KPIs we are proposing in this Secure Data Collaboration dashboard. Please share any other ideas that you think could help effectively measure Secure Data Collaboration. If you would like more information on how to get access to these kinds of metrics, please feel free to reach out and we would be happy to walk you through it. Below is what a sample KPI dashboard could look like as a slide to report back up to your executives.

Secure Data Collaboration Dashboard

What does riding a horse have to do with modern collaboration?

File Sharing Encryption

Recently we had a great debate at e-Share about file encryption and secure data collaboration. The discussion centered around a claim that if you are a modern collaborator, you do not need to encrypt shared files since links are used to access files stored in the cloud. 

How we came to a consensus was with an analogy about riding horses and driving cars.

Before the car was invented, people rode horses. Intelligent horseback riders would wear helmets or protective gear to ensure they would not get hurt if they fell off the horse. After the car was invented, people did not wear helmets while driving since the car’s frame would give them protection. Cars have become even safer than riding a horse over the past century, with the advent of seat belts and airbags. Most people other than race car drivers do not wear helmets because it is redundant.  

Traditional file sharing and content collaboration is like riding a horse. The sharing of data is built around an on-premises file transfer solution. Using encryption (putting a helmet on) makes sense as the data (the horseback rider) is exposed and needs protection as the data leaves the premises. Modern collaboration is like driving a car; the file is already and always stored in a trusted container (e.g., SharePoint Online), and adding encryption (wearing a helmet) is redundant. The critical thing to focus on is ensuring the correct privileges are established to access the information (the keys to access the locks to get in and start the car).

 

The other great thing about modern cars is their navigation system. They can track where you are always going. The same is true with modern collaboration. Link-based sharing allows you to ensure your data can be audited and always tracked at the time of access, not just at the time of sharing. This is a critical distinction. With secure links, the file is never downloaded by the recipient, and therefore you are not securing a file; you are controlling access through a least privilege model.  

Show the difference between modern and traditional sharing

But people still ride horses…

Yes, horses are still ridden for work, transportation, and leisure but cars have replaced horses as the most popular form of transportation. We see a similar evolution in organizations. While most of the business is shifting to modern collaboration that protects data with a Secure Data Collaboration strategy, some people still share and download files. We do not argue that applying encryption (putting on a helmet) is a bad idea in those instances.

 

Please let us know if you would like to learn more about how your company can implement a solution that allows secure data collaboration. You can find us down at the stables trying to convince the modern collaborator holdouts. Giddy-up! 

5 Lessons Learned Deploying Microsoft Information Protection (MIP) Labeling

Microsoft Information Protection

Like our customers, e-Share strives to leverage all the modern collaboration tools we have at our disposal. As a Microsoft customer eager to deploy MIP labeling, we have optimized the business value attained with current licensing and cost-justified our adoption journey for productivity tools as well as Microsoft Information Protection.

With this suite of Microsoft products, we want to use OneDrive, SharePoint, and Teams not just internally but also for external collaboration. As we looked to achieve our own Secure Data Collaboration goals, it became clear that we could benefit from the adoption of MIP labeling. As a team, e-Share has deep experience building and managing data loss prevention and data classification products. Naturally, with this kind of background, deploying our own labeling taxonomy should be a breeze – right?

After a few more meetings than we anticipated, we had defined a taxonomy that we could all agree on and met the requirements of our SOC 2 driven Information Classification Policy. Here is where our e-Share taxonomy landed using MIP labeling:

  1. Public:
    • This is information that is suited, and in many cases created, for public disclosure.
    • No control policies but requires business justification if a user selects this label.
  2. Confidential:
    • This is information that is related to everyday business activities, such as product and marketing documentation
    • This is our default label
    • All Confidential data must stay within e-Share’s control, which means e-mail attachments will be stripped (using e-Share’s Secure Mail Gateway) and placed into a trusted share on SharePoint
    • External users will not require a login to the trusted share
    • However, every action (open, edit, download, etc.) will be logged and be visible in our Microsoft Power BI analytics reports
  3. Restricted (includes all Confidential policies):
    • This is all customer custodial data and customer data
    • Login to the trusted share will be required from external users (OpenID, OTP)
    • Anything regulated found with auto-labeling would be tagged at this level
  4. Private (includes all Restricted policies):
    • This is information that only a minimal amount of people should have access to
    • Investor, financial, internal-only documents
    • Allow list (limited to 20-30 people/domains)
    • Headers and footers are applied

So, what did we learn deploying MIP labeling?

1) Always start with why – then talk about the labels.

With labeling, people tend to overly focus on the actual names of the labels, resulting in many hours/weeks/months/years of discussion. However, if you are not clear on the “why,” there will be an endless loop of frustration. In this case, the why is what controls do we want to have? At e-Share, since we use our product, the discussion focused on the kinds of access we will grant external recipients to our Trusted Shares based on the label. To accomplish this, you need to think hard about who you interact with the most daily and compartmentalize policies to those categories. This then leads to lesson number two.

 

2) Do not overcomplicate (KISS – Keep It Simple, Stupid)
As organizations start to think about their labels and classify the different groups and privileges, things can get complicated quickly. Therefore, the moment you feel discussions getting out of control, communicate the importance of simplification. Less is more. Strive to find the few things that can make a real difference.  If you try and build a label with sub-labels for every interaction that might exist, the taxonomy will become overburdened and useless. e-Share decided to stay very simple (which is hard) and stick to four labels with no sub-labels. It is essential to consider the level of maturity and readiness of your end-users regarding data protection. Giving users too many options will cause analysis/paralysis, diminishing the classification process.

3) Consider how this will impact sharing with external users.
Often labeling discussions get focused on data inventory and internal data flows, but perhaps more importantly, you should consider how these labels will impact external sharing. As you can see from the e-Share taxonomy, our data classification policy is more heavily focused on what this means for external users and their access to our data. Of course, it is vital that certain internal information is kept private (e.g., investor relations). So we accounted for that with a label that provides policy granularity at a user/domain level.

4) Focus on newly created data first, then data at rest and in motion.
Even as a small company, e-Share has a ton of unstructured data; however, we started our labeling journey with data that is newly created and deployed MIP to all users in the business first. From there, we used Microsoft Cloud App Security to apply document labels to existing files in OneDrive and SharePoint so that we can control access to any and all externally shared files based on label policies (e.g., Restricted files require a user login through OpenID).

5) Defaults can help when used correctly.
There is always a great debate around using default labels. If you are not careful, they can create complacency and confusion. For e-Share, as you can see, we opted to stay away from an Internal label and instead used Confidential as our default label. We have found that 90% of our data is Confidential, so let us not get in our employees’ way. However, if they downgrade to Public, we have a business justification workflow to ensure the downgrade is warranted and tracked.

Microsoft Information Protection labeling is something to consider for every company which uses Microsoft products and collaborates externally. If you want to talk more about labeling and even see a demo of our taxonomy in action, we would be happy to walk you through it. Please click here to contact us

Top 3 Reasons Secure Data Collaboration is Disrupting Information Security

Secure Data Collaboration

Companies interested in adopting modern file-sharing and collaboration solutions typically consider two choices.

The first choice is to stay the course, with company security the paramount concern. By making it difficult and time-consuming to share information, this option impacts the level of collaboration conducted by the organization, which minimizes productivity. 

The second choice is to choose the course of full speed ahead as the company encourages sharing information and fostering collaboration. This strategy makes it easy for employees to collaborate within and outside the organization, ramping up productivity and hopefully revenue. The danger of this choice is dramatically increasing the chance of sensitive data loss (e.g., intellectual property) while also failing to comply with global data protection regulations.

However, there is a third choice, one that does not hinder data loss prevention efforts while allowing as much collaboration as possible. This choice is called secure data collaboration, and it is emerging as an information security strategy for our modern age.

What is Secure Data Collaboration?

Secure Data Collaboration (SDC) is sharing data between two parties securely and productively. BAE systems has a great definition: Secure Data Collaboration and Dissemination is a type of electronic information sharing capability in which two or more parties can each securely exchange their data with each other in an encrypted software environment – for collaboration on projects, for example, or dissemination of sensitive information – while always maintaining control of their data.

The key here is that SDC is not “encrypting the data itself” nor “preventing collaboration.” SDC is securely exchanging data in an environment that is already secure and globally adopted (e.g., Microsoft Teams, SharePoint Online, OneDrive).

Before every organization in the world accelerated to the cloud in 2020, one might argue that these environments were not that accessible; how many Global 2000 organizations deployed and used OneDrive globally? Fast forward to 2021, and in the past year, the adoption of M365 accelerated faster than anyone could have predicted. As a result, most organizations have access to these secure cloud containers and are now ready to become modern collaborators. It is during this transition to modern collaboration that SDC will disrupt traditional information security solutions, and here are the top 3 reasons why:

  1. Traditional information security solutions were built on an assumption of prevention: Locking data down or stopping data from leaving the organization are disabling collaboration, not enabling it. This attitude does not work for modern collaborators who want to accelerate productivity and service delivery for their customers. However, SDC is built on the assumption that organizations want to share data with 3rd parties; they need help managing the access controls to the secure container (e.g., Microsoft Teams).

  2. Secure Data Collaboration is built from the cloud for the cloud: Information Rights Management (IRM) and Data Loss Prevention (DLP) were initially built to support traditional enterprises, mainly operating on-premises. Modern collaboration demands security solutions that are purpose-built from the cloud and for the cloud. Collaboration is constantly changing, and on-premise solutions are not adaptive. SDC requires a solution that assumes change.

  3. Productivity will always outweigh security: This has been an ongoing debate since the dawn of information security; however, the last year has proven that organizations will do whatever it takes to ensure their employees can remain productive. We thought organizations that would take another five years to “go digital” did it in weeks and accepted that the security controls would be playing a bit of catch-up. Traditional information security solutions that continue to put roadblocks in front of productivity will no longer cut it. SDC is focused on truly striking that balance for its users.

If you would like to learn how e-Share can deliver a modern solution that secures your company data while enabling employee collaboration, please contact us to arrange a demo. The e-Share team will be writing more about secure data collaboration  in the coming weeks, and we are excited to share more developments on this topic.

Top 5 Reasons External File Sharing is Difficult and What To Do About It

Sharing files with external parties is fraught with a mix of uncertainty, risk and complexity, for both the individual and the organization. This is especially so when the files to be shared:

  • contain regulated data,
  • are many in number and/or size,
  • require modification by the external party,
  • are created within and shared from internal collaboration systems (e.g., Teams), or
  • are sent to clients, for whom you want the best possible experience.

Under these circumstances users are struggling, IT is burdened and/or information security intervenes. But this does not have to be. There are steps you can take to improve the productivity of your file sharing and content collaboration with external parties, while not compromising on data security.

Here are the Top 5 issues we see users and organizations confronting, and the steps they’ve taken to eliminate them.

1.  Users have to get IT involved to move large/bulk files

With email being a non-option for most (more on this later), users turn to IT for help, often by opening a ticket with the unhappy expectation of a several days turnaround while IT sets up an SFTP folder/account, creates a SharePoint site, or takes some other action.

The alternative is to provide a self-service file sharing capability, preferably one that allows the user to share files without the need to copy files into a new environment. For example, if the user’s files are already in OneDrive, SharePoint or Teams, allow them to share files from these locations. If there are missing security controls for you to allow this, consider providing these controls via e-Share.

2.  Users have too many tools to choose from

This embarrassment of riches leaves users confused, IT struggling to maintain overlapping capabilities, and security burdened with maintaining multiple DLP policies.

The solution is to adopt a single platform for external file sharing that allows users to share files using the tools and workflows they are already familiar with. For organizations that have deployed O365, this is Teams, SharePoint Online, OneDrive, Outlook and Office Apps. The common platform allows the organization to define a uniform set of sharing policies, no matter how files are shared. It also creates a single audit log for compliance reporting, risk assessment and investigations. e-Share can be that single platform, leveraging the strengths of O365 and providing the controls, branding and ease-of-use features that organizations require.

3.  Your O365-equipped organization does not allow file sharing via Teams, SharePoint and/or OneDrive.

Your users want to share files using the applications and workflows they are already using, but you are forcing them to seek other tools and, in most all cases, copy the shared files into those tools, manage file updates and changes between two copies and master yet-another application for file sharing.

The solution of course is to allow your users to stay within Teams, Outlook and Office Apps, and for your files to stay within SharePoint Online and OneDrive…all while securely sharing files externally. This is precisely what e-Share allows.

4.  It is difficult to manage file versions and often impossible to co-author documents

By forcing your users to store and share files outside of O365 you are preventing them from benefitting from the modern collaboration it makes possible. For example, they are left exchanging multiple copies of contract, hoping that redlines are not conflicting and using ‘merge and compare’ to avoid a catastrophe. That’s the stuff of the last decade, not this one.

The best way to avoid version confusion and truly co-author documents is to provide recipients a link to shared files, not the file itself. This modern collaboration capability is easy with e-Share, which natively integrates with Office Online and uses OneDrive and SharePoint Online to store all shared files.

5.  Email is surprisingly unpredictable and inflexible

Past experience prompts many questions when sharing files as an email attachment. Is the file size too large? Will a secure mail system unexpectedly kick in and create a bad experience for my customer? Will I run afoul of a compliance policy? Can I reliably recall an email sent to the wrong person? At the root of these questions is the organization’s inflexible approach to email, especially in the presence of regulated data. Email works, until it doesn’t.

Taking the mystery out of email can be achieved through well communicated security policies, DLP rules that offer more than allow or deny as outcomes, and a modern approach to secure email that provides a great recipient user experience. e-Share can help you realize the latter two, with the ability independently protect the body and attachments of an email and optionally replace all email attachments with links.

Taken together, the steps outlined here allow organizations to take the pain away from their external file sharing, enabling users to more easily, confidently and securely share files and collaborate with external parties to drive better business outcomes.

Top 5 Reasons to Replace All Email Attachments with Links

Email is the collaboration and file sharing tool of choice for most of us for many reasons. For some it is a muscle-memory thing. It is how we collaborated before Skype, Yammer and Teams emerged. Email has the advantage of ubiquity and virtually always working. When you hit Send you have great confidence that the recipient will quickly receive your message with zero friction.

All of this came to mind upon reading a Linkedin post from an astute industry colleague, which stated that: 

“Behind every problem at this company is a spreadsheet. In an email.”

I suspect this problem resonates with most of us, but our attention may mistakenly (IMHO) focus on email being an inadequate method to share a sensitive file. But the underlying issue is that in almost all cases, attachments result in data being given away forever. But this does not have to be the case as the attachment can be replaced with a link to the file. Here are the Top 5 reasons to do so.

  1. Links can be expired

    An emerging best practice is to have a default link expiration duration, for example 60 days. Long enough to meet the business need in sharing the file in the first place. And if requesting and approving an extension is easy (as it is with e-Share), there is virtually no impact on the sender or the recipient.

    And if you have sent an email in error (have you ever succeeded in recalling an email?), or you have terminated a business relationship, or have reason to believe a recipient’s mail server has been compromised, you can immediately expire any/all attachment links.

  2. Links allow rights management

    Perhaps attachments should be available for viewing only, with no download. Perhaps downloaded attachments should be dynamically watermarked. And perhaps the sharing of an attachment with a co-worker is okay, but sharing outside of the recipient’s organization requires the sender’s approval.

  3. Attachments are not sitting in the recipients email system

    Attachment links allow you to keep your shared files safely tucked away in your cloud file storage (e.g., the sender’s OneDrive). The recipient can view an attachment at any time, without having the file in their mail system, accruing risk by the day, long after the business need in sharing the file has been met.

  4. 80% of recipients do not need a local copy of the file

    Even when the recipient has the right to download an attachment, 80% of recipients will not. They prefer to preview the file, perhaps to approve it or to determine what action is needed. Knowing they have access to the file at some later point is good enough for 80% of recipients. Attaching a file in the absence of a link is grossly oversharing, adding no business value and accumulating risk.

  5. Links enable modern collaboration

    Platforms like Microsoft 365 (formerly Office 365) allow for online editing, co-authoring and redlining of shared content, but not if that content is shared as an attachment. Links make modern collaboration possible, as does e-Share’s native integration with Microsoft Office Online.

  6. Bonus Reason: Links eliminate version confusion

    Links ensure all parties are working from the same version of a shared file. No longer are drafts of contracts being merged and compared. And you can update an attachment link even after you hit the send button.

With attachments links, email can remain your user’s preferred method for for initiating their collaboration and file sharing while providing the organization the control it needs over shared files.

You can read here how a leading Health Insurer has implemented attachment links to protect PHI and improve the customer experience. And you can see the sender and recipient experience, including modern collaboration around attachments, in our virtual demo.

Better yet, schedule a demo with us to learn more and discuss use cases of specific interest to your organization.

Initiating Your External File Sharing & Content Collaboration from Within Microsoft Office Apps

e-Share Blog

e-Share’s Add-in for Microsoft Office allows users to initiate their external file sharing and collaboration from within the apps they use to create most of their shared content…Word, Excel and PowerPoint. This improves productivity by eliminating the task and app switching that would otherwise be required to share newly created content.

Digital Transformation at the Micro Level

Organizations are increasingly looking to optimize their business processes and use digital technologies to transform their business to achieve better outcomes for clients, employees and shareholders. With the e-Share Add-in for Microsoft Office Apps, this transformation can extend down to the individual user and document level, to the time and place that content is created within Microsoft Office and the business need to share new content emerges.

Sharing at the Time & Place of Content Creation

The add-in allows users to create a “Trusted Share” from within Word, Excel and PowerPoint that contains the document being newly created. The Trusted Share is made available to recipients, both inside and outside of your organizations, with access and usage rights determined by the selected sharing policy.

e-Share - share policy

These policies are defined by your organization and can include a wide range of controls…e.g. view, edit, co-author, download, watermark, expiration, share with others, and authentication. Because Trusted Shares are a collaboration object, not merely a pointer to a shared file, recipients can optionally upload files into a Trusted Share…e.g. perhaps a counter proposal to a shared document.

Easy & Highly Collaborative File Sharing

As with all Trusted Shares created through the use of e-Share, the recipient receives a notification of the Trusted Share and, once accessed via the provided link, sees a fully branded file sharing and virtual data room portal. The entire experience is branded per the needs of e-Share’s clients…their logo, colors, and terms of use. Even the URL for the portal and all file links use a subdomain and associated certificate belonging to our client (i.e. files.your-company.com).

e-Share - share policy

This 100% white labeling capability promotes the brand of our client’s, instills trust, addresses recipient phishing concerns and prevents the link blocking common to file sharing directly from Box, Dropbox, Google Drive, OneDrive and SharePoint.

And with our optional Secure Conversations capability, the recipient can message the owner of the Trusted Share, perhaps acknowledging receipt or providing a requested approval.

The Trusted Share owner can see any replies from recipients within the Add-in and optionally reply. They can also open the Trusted Share associated with the shared document to change sharing options, expire the share, add/remove recipients, add additional documents, view any files uploaded by the recipient, and generally manage the Trusted Share.

e-Share - share policy

How do I get the add-in?

The Add-in for Microsoft Office is a user or organization installed extension to Microsoft applications that is available from the Microsoft Store. Once added to Word, Excel or PowerPoint, either in Office Online or Desktop app, it will be available across all instances of Word, Excel and PowerPoint, accessed from the toolbar ribbon.

e-Share - MS Office toolbar ribon

Share the Way You Work

e-Share’s Add-in for Office, coupled with the existing Add-in for Outlook and Bot for Teams, allows users to share files with external parties using whatever workflow they are most comfortable with. In all cases this sharing is performed using a common set of org-defined sharing policies that meet the collaboration needs of the business while assuring compliance with the organization’s data protection and governance policies.

A fuller description of the e-Share platform for external file sharing and content collaboration can be found on our site.

Schedule a demo with us to learn more.

Visit the e-Share web site for details on use cases, success stories and product features.

Keep Your External Collaborations Secure and on Track with e-Share and Microsoft Power BI

e-Share Blog

In meeting the external file sharing, secure email and content collaboration needs of our clients, e-Share has always sought to leverage applications, storage and work flows our clients already have in place. The goal being to increase productivity and drive down IT costs wherever possible.

This extends to the reporting and analytics our clients require to understand what information is being shared with outside parties and how this information is being used. This visibility into how and with whom external collaboration happens allows our clients to keep their information secure and their teams on track.

Though many of our clients output e-Share event logs to Security Information and Event Management (SIEM) products like Splunk, they are always looking to better collect, analyze and act upon the untapped value of the data e-Share generates, giving them the insights to improve the productivity and security of their external collaborations. With the accelerating adoption of Office 365, Microsoft Power BI is increasingly the platform of choice to provide these insights.

e-Share has fully embraced Power BI by creating dashboards and drill down reports that present a variety of views into the e-Share audit data. These reports are hosted in e-Share’s Power BI workspace, running in Microsoft Azure, and published for secure access by our clients using their Power BI license. We can optionally output the e-Share audit data to the cloud file storage of our client’s choosing (e.g. SharePoint Online), from where they can create their own Power BI reports, using our standard report as a starting point for their work.

Power BI

In the report example above we see a high-level view of the external file sharing an organization called Bank2Trust has done. 910 files have been shared by 50 users, with those files being shared from a combination of OneDrive and SharePoint and this sharing increasing over time. A spike in activity occurs on August 4th that invites a closer look. By selecting that peak in the timeline (see the image below), the graphs are now scoped to that day alone, where I can see that the majority of that activity is attributed to file sharing done by Nikos and that these activities are mostly file updates, which are in most all cases innocuous. Note the many filters available to further drill down into the considerable detail that e-Share logs related to Trusted Share creation and usage.

Power BI

The two reports shown above provide an overview, but often times a much more detailed view into Trusted Sharing is needed. For this we provide a much more detailed report, which additionally includes the recipients of Trusted Shares, the specific files that were shared, the rights granted to the recipients, and the actions taken on these shared files by the recipients (see the image below).

Power BI

It may be interesting to look at specific user, data and action combinations to identify external sharing that is worrisome from a data protection standpoint. In the report below we’ve scoped the report to download events only. We see that the majority of recipient downloads are being performed by the recipient organization “e-Share” from Trusted Shares created by Alice. If Alice is a supply chain manager and e-Share a known supplier with an NDA, this activity is not concerning.

Power BI

If I were to be curious about the specific files involved and when the downloads occurred, scrolling down in this report yields further details (see image below). As with all of the reports, powerful filters are available to home in on the activity of specific interest.

Power BI

Trusted Share reporting and analytics via Power BI provides the visibility into how and with whom external collaboration happens so that you can keep your information secure and your collaborations on track.

Schedule a demo with us to learn more.

Visit the e-Share web site for details on use cases, success stories and product features.