Three reasons data centric security finally enables collaboration

Three reasons data centric security finally enables collaboration

We recently had the pleasure of sponsoring and attending the Innovate Cybersecurity summit in early October and wow what a refreshing event. It was our first opportunity to really be face to face with the industry in a long time and the show provided a great platform to enable productive in person discussions. The reverse expo was a big hit!

In addition to being reminded how important in person contact is to build new relationships, Innovate reminded us that data centric security continues to be front and center in the CISO organization. Some organizations have successfully adopted a data centric security strategy, while others have barely started. If you are still unsure of what data centric security means, check out this blog post from the show where Michael Howden, Director of Security Services at Novacoast, does a great job summarizing it in more detail. 

What has changed with data centric security?

The concept of data centric security is not new. “Data is the new perimeter” has been a reality for more than a decade. What has changed is the accessibility of solutions that can accelerate a data centric security workflow while still enabling cloud-based collaboration. While CISO organizations embark on these data centric strategies, the question remains, will the business accept it or push back? Let’s face it, as the business has pushed for a digital strategy that enables cloud-based collaboration, security is often viewed as the roadblock to making this a reality. However, we believe (and have seen firsthand) that with a modern approach to data centric security, the business will embrace the controls instead of push back. 

Three reasons data centric security finally enables collaboration

1) Links reduce complexity

As organizations started to adopt cloud file sharing, they immediately changed when data needed to be controlled. Before people shared files with links in a central cloud, they would share with methods, such as email attachments, where security had to focus on trying to control the file at the time of sharing. This meant data centric security forced organizations to deploy complex policies to address endless scenarios that often led to false positives or encryption that nobody could use, ultimately leading to knowledge worker frustration. With links, you don’t need to control the file, you only need to control access to the file. This fundamental shift allows security to deploy more context aware policies that don’t lead to false positives and keep knowledge workers sharing in a cloud-based collaboration experience.

2) Labeling is a question of when, not if

Gone are the days that organizations need to convince themselves that data must be classified. It is now generally accepted that labeling is foundational to a data centric strategy. How an organization labels data will vary across a spectrum of 100% manual to 100% automated. Arguments can be made on both ends of the spectrum about what approach is better, but the recommended strategy really comes down to regulations, maturity, and organization size. Irrespective of approach, with labeling, users do not need to be part of the policy decision, they need to ensure the label of the file is correct. For the average knowledge worker, this is a much less daunting task then forcing users to determine whether the file needs to be encrypted or is even allowed to be shared with an external party. Instead, with labeling, knowledge workers just need to understand the sensitivity of the file. Yes, with an overly complex taxonomy this can be difficult, so we recommend keeping your taxonomy simple and to something that doesn’t require hours of training.

3) Modern data centric security solutions are born from the cloud

Knowledge workers want to collaborate from the cloud. They have been telling us this since the dawn of Shadow IT back around 2010. The good news is that modern data centric security solutions have been listening and now enable cloud-based workflows from the cloud. This architecture shift for the data security industry is critical not just to support your collaboration workflows of today, but the future of collaboration in your organization. The cloud drives innovation at a compounding rate and data security must be able to keep up. Knowledge workers do not want to be forced into workflows that take them away from the advantages of cloud collaboration (e.g. co-authoring) and cloud-based data centric security supports that mandate, well at least we do 😊

The last two decades have produced constant battles between knowledge workers and security. A lot of this friction has been created because, as an industry, security had failed to keep up with the pace of digital transformation. We believe that the next decade will be different. Harmony can exist between knowledge workers and IT through safe and frictionless collaboration with data centric security at the heart of it. 

4 Ways To Measure Secure Data Collaboration

One of the most important things you can do as a leader when trying to implement change is to measure the impact of that change through key performance indicators (KPI). While organizations have spent years tuning financial KPIs and even security KPIs (e.g., risk), not much discussion has been had about KPIs to measure Secure Data Collaboration. We are proposing four KPIs that would allow organizations to understand the effectiveness and adoption of Secure Data Collaboration.

One of the biggest challenges with KPIs is that there is no shortage of data. We were recently reminded of this by an information security and collaboration leader who often must report to executives that:

“the KPI should show me what we want users to be doing more of and the
kind of behavior we are trying to change.

With that guidance in mind, these are the four KPIs that we propose to measure Secure Data Collaboration. 

 

KPI #1: Are we keeping sensitive information in our control?

% of Restricted data in our full control

The metric: Measures the percentage of files downloaded from a trusted file share (e.g. SharePoint) when shared externally, based on the data’s sensitivity.

With Secure Data Collaboration sitting at the center of security and collaboration, we believe it is essential that organizations understand whether they maintain control over their most sensitive information. While some organizations may want to block all downloads, that kind of control may not meet the needs of the business. We recommend having visibility on whether your most sensitive data (e.g., labeled as “Restricted”) stays in your control. This course of action allows organizations to meet the business need to share sensitive information with external parties.

 

KPI#2: Are our users using Microsoft 365 for external collaboration? 

External Collaboration Activity using M365

The metric: Measures the number of share creators as well as internal and external users actively collaborating within Microsoft 365.

 

Organizations are making significant investments in selecting Microsoft 365 (M365) as their platform for modern collaboration. However, some companies only use M365 internally while relying on point solutions for external file sharing, thereby missing out on the additional return of their M365 investment. Therefore, measuring how much your modern collaboration platform is being used to collaborate externally will provide great insight into how much return you are getting on your overall investment. If you are concerned about turning on external sharing or guest access in Microsoft 365, then feel free to give us a call, we can address the underlying security, privacy and compliance concerns 😊.

KPI #3: What type of data is being shared with external collaborators?

% of data shared externally by sensitivity

The metric: Measures files shared by the sensitivity-level with external recipients.

One of the challenges that information security often faces is reporting on a KPI that is easy to understand. We recommend a data classification strategy that be easily consumed by anyone (red = highly sensitive, orange more sensitive, yellow = somewhat sensitive, green = not sensitive). The goal of Secure Data Collaboration is to allow sensitive information to still be exchanged with external collaborators. As a result, this metric does not aim to sound a fire alarm if highly sensitive data is shared externally. Its purpose is to bring awareness to executives of potential exposure. Many industries have extremely tight rules around what type of data can be shared externally (e.g., Aerospace and Defense – ITAR); however, you still need to share data and collaborate with external parties. Better understanding the potential exposure allows companies to implement appropriate controls to enable Secure Data Collaboration policies.

 

KPI #4: What is our overall level of engagement with external parties? (customers, partners, suppliers) 

External Collaboration Engagement

The metric: Measures the type of file activity when information is shared. No file activity by the user would represent low engagement, file views by the user would be classified as a medium level of engagement and file opens and uploads by the user would be deemed as a higher level of engagement. 

Implementing a KPI dashboard will generate reams of data about the file-sharing activities of your customers. Analyzing this data will allow you to gain better insights into whether your customers are actively engaged with your organization and their potential revenue.

Bringing it all together

 

We would love to hear your feedback about the KPIs we are proposing in this Secure Data Collaboration dashboard. Please share any other ideas that you think could help effectively measure Secure Data Collaboration. If you would like more information on how to get access to these kinds of metrics, please feel free to reach out and we would be happy to walk you through it. Below is what a sample KPI dashboard could look like as a slide to report back up to your executives.

Secure Data Collaboration Dashboard

Top 3 Reasons Secure Data Collaboration is Disrupting Information Security

Secure Data Collaboration

Companies interested in adopting modern file-sharing and collaboration solutions typically consider two choices.

The first choice is to stay the course, with company security the paramount concern. By making it difficult and time-consuming to share information, this option impacts the level of collaboration conducted by the organization, which minimizes productivity. 

The second choice is to choose the course of full speed ahead as the company encourages sharing information and fostering collaboration. This strategy makes it easy for employees to collaborate within and outside the organization, ramping up productivity and hopefully revenue. The danger of this choice is dramatically increasing the chance of sensitive data loss (e.g., intellectual property) while also failing to comply with global data protection regulations.

However, there is a third choice, one that does not hinder data loss prevention efforts while allowing as much collaboration as possible. This choice is called secure data collaboration, and it is emerging as an information security strategy for our modern age.

What is Secure Data Collaboration?

Secure Data Collaboration (SDC) is sharing data between two parties securely and productively. BAE systems has a great definition: Secure Data Collaboration and Dissemination is a type of electronic information sharing capability in which two or more parties can each securely exchange their data with each other in an encrypted software environment – for collaboration on projects, for example, or dissemination of sensitive information – while always maintaining control of their data.

The key here is that SDC is not “encrypting the data itself” nor “preventing collaboration.” SDC is securely exchanging data in an environment that is already secure and globally adopted (e.g., Microsoft Teams, SharePoint Online, OneDrive).

Before every organization in the world accelerated to the cloud in 2020, one might argue that these environments were not that accessible; how many Global 2000 organizations deployed and used OneDrive globally? Fast forward to 2021, and in the past year, the adoption of M365 accelerated faster than anyone could have predicted. As a result, most organizations have access to these secure cloud containers and are now ready to become modern collaborators. It is during this transition to modern collaboration that SDC will disrupt traditional information security solutions, and here are the top 3 reasons why:

  1. Traditional information security solutions were built on an assumption of prevention: Locking data down or stopping data from leaving the organization are disabling collaboration, not enabling it. This attitude does not work for modern collaborators who want to accelerate productivity and service delivery for their customers. However, SDC is built on the assumption that organizations want to share data with 3rd parties; they need help managing the access controls to the secure container (e.g., Microsoft Teams).

  2. Secure Data Collaboration is built from the cloud for the cloud: Information Rights Management (IRM) and Data Loss Prevention (DLP) were initially built to support traditional enterprises, mainly operating on-premises. Modern collaboration demands security solutions that are purpose-built from the cloud and for the cloud. Collaboration is constantly changing, and on-premise solutions are not adaptive. SDC requires a solution that assumes change.

  3. Productivity will always outweigh security: This has been an ongoing debate since the dawn of information security; however, the last year has proven that organizations will do whatever it takes to ensure their employees can remain productive. We thought organizations that would take another five years to “go digital” did it in weeks and accepted that the security controls would be playing a bit of catch-up. Traditional information security solutions that continue to put roadblocks in front of productivity will no longer cut it. SDC is focused on truly striking that balance for its users.

If you would like to learn how e-Share can deliver a modern solution that secures your company data while enabling employee collaboration, please contact us to arrange a demo. The e-Share team will be writing more about secure data collaboration  in the coming weeks, and we are excited to share more developments on this topic.

Extend Your File Sharing and Content Collaboration to Include 3rd Parties

e-Share Blog

The individuals you share files with outside of your organization are seldom the only ones who require access in order to meet the business need for sharing the file in the first place.

For example:

  • a supplier to whom you’ve sent and RFP may need to pull in a product manager in order to respond,
  • a private wealth client with whom you’ve shared a statement may want their accountant to have access to the same file for tax purposes, and
  • an R&D partner to whom you’ve sent a Joint Venture agreement will almost certainly need their legal counsel to review the contract.

When the need to re-share files arises, you and the outside party have options, but all come with significant drawbacks.

The recipient of a shared file could download the file (assuming you allow this) and pass this onto the other party. But if online editing and co-authoring of the document was your intent, the other party can’t participate.

The recipient could reach out to you and ask you to send the file to the other party or add them to the list of persons authorized to access the shared file, but this is a hassle for both of you and will take some time to coordinate.

But why not allow the recipient of a shared file to assign their rights to access the file to a 3rd party?

e-Share - Invite

With e-Share this can be easily done, either on a policy-basis or a case-by-case basis. And you can optionally require the data owner’s approval for this re-sharing. Better still, you can require this approval:

  • never…all re-sharing is automatically approved,
  • in all cases…all re-sharing must be approved, or
  • only when the additional recipient is not within the same organization as the original recipient.

There are many advantages to allowing 3rd parties to participate in a collaboration.

  • it’s productive for all involved,
  • it encourages more file sharing via links (versus email attachment), and
  • it reduces the need for downloads, eliminating data duplication and versioning issues and improving data protection.

Schedule a demo with us to learn more.

Visit the e-Share web site for details on use cases, success stories and product features.

Sharing & Collaboration in the Age of Epidemics

e-Share Blog

We live in interesting times. As the large enterprise struggles through digital transformation in the Age of AI, it now has to grapple with operating in the Age of Epidemics.

“we see a world that is more connected than ever by international travel, but that has also succumbed to growing isolationism and xenophobia. We see a time when scientific research and the demand for news, the spread of misinformation and the spread of a virus, all happen at a relentless, blistering pace.”

Photo - people using mobile phones

Every organization has curbed business travel and has staff working from home – but they can’t drop the ball with business partners and customers.

Leadership teams that weren’t prepared for this shift found themselves dealing with team mis–alignment, incoherent communication, unexpected expenses, missed revenue – even unhappy consumers. And here’s a reality check: depending on how your company’s journey to the cloud has progressed, you may have few or no external sharing and collaboration options

Trying to use cloud file storage to share files with folks outside your company like auditors, consultants, regulators, partners – even customers – is unfortunately a non-starter for most organizations. The world is dangerous. Bad actors are constantly imitating OneDrive, GDrive, Box and Dropbox for nefarious purposes – like phishing. The reality is that the built-in sharing options are not designed for external users. Their use of their own domain (e.g. box.com and sharepoint.com) for links (among other issues) makes them hard to verify. So they’re usually blocked by large or regulated recipient organizations. [More…]

The good news is, you can add e-Share to your existing O365 or GSuite installation and make sharing quick and easy for all employees! Our enterprise grade platform includes:

  • Out-of-box Integration with Microsoft O365, Teams, OneDrive, SharePoint, Azure Blob storage and more
  • Operation under your company’s domain, SSL certificate, logo, colors and legal terms – so recipients know it’s safe to share and collaborate
  • Full support for SSO, auto-provisioning, with no hardware or storage required
  • Powerful sharing features including requiring recipients to login with OpenID, without requiring software download or plug-ins
  • Web based portal allows completely self-service administration 

Find out why some of the most demanding large, regulated enterprises including leading Asset Managers, Health Insurers, Global Manufacturers and Retailers depend on e-Share!

 Schedule a demo with us to see and learn more.

Enterprise API Data Sheet Now Available

e-Share Blog
e-Share - Monitor upload & download

The e-Share Platform enables secure external file sharing collaboration between your organization and external recipients of any kind using your existing applications and cloud file storage. Using our Enterprise APIs, organizations can now swiftly implement automated data exchange with external partners at scale without building and managing complex, expensive new infrastructure, or accepting non-compliant solutions.

Our new Enterprise API Data Sheet provides complete details!

DOWNLOAD ENTERPRISE API DATA SHEET

Feel free to schedule a demo if you’d like to see them in action, anytime.

Drive Partnerships with Zero Trust?

e-Share Blog

This is the era of the network effect. Volume drives value. The question is, if you don’t have enough volume to create the value you need, how do you get more?

In e-commerce, recommendations are one answer. According to McKinsey, NetFlix obtains more than half of its usage from recommendations.

If you are not an e-commerce company, one answer is partnerships. A strategic partner can provide a path-to-market, often with a fraction of the effort otherwise required. The work is really to enable the partner. The more time and material you share, the better the partnership will go.

Last year our most liked post noted that “partnerships require data exchange”. But, how can you enable a strategic partner to take your product to market without sharing sensitive product material with them? To say nothing of the ad hoc discussions that need to take place as the sales process unfolds.

And selling is just one angle for partnering. Want to reduce costs and engage a supplier to perform a non-core function? You’ll need to share with that supplier. Need to streamline your patent portfolio by bringing in outside counsel and figure out what needs renewing? You’ll have to share with the attorneys and their experts, who are usually contractors. What could go wrong?

If you approach the network effect with fear – as they say in Twin Peaks, it will utterly annihilate you. It’s better not to partner if you can’t share efficiently enough to get the value from it.

To maximize the ROI from partnerships, you must adopt a sharing strategy. We recommend zero-trust:

  1. Don’t share anything unless it is required.
  2. If they don’t need a copy, share in view-only mode
  3. If they do need a copy, sharing must be easy, auditable, traceable and retractable
  4. All shares must expire after some pre-set period

The good news is, the e-Share platform makes this possible in a matter of weeks. Here are some of the sharing scenarios supported out of the box:

Enabling Secure External Collaboration – “Large and especially regulated companies depend more and more on an eco-system of consultants, contractors, freelancers and services. To say nothing of auditors, regulators and even customers. Yet, as firms move to the cloud, excited by the prospect of being able to collaborate with anyone, anywhere – users find they’ve gone backwards…”

Create Virtual Data Rooms for Ad Hoc Collaboration – “A space where an extended team can upload and share content, then negotiate and collaborate – all securely and compliantly, with risk automatically managed per your organizational policies. You can create a VDR in literally one minute by sending an email…”

Sharing From Within Microsoft Teams – “an increasingly popular platform for document collaboration. But sharing conversations and files with non-employees after the debate can be very challenging – especially at large or regulated companies. This encourages non-compliant behavior like using a personal email address, or third party file sharing. (On the plus side, the latter approach probably won’t work.)”

Compliantly Using a Partner’s Infrastructure Choice – “A common security concern regarding both collaboration and storage platforms is the level and uniformity of auditing. For regulated data, this is absolutely essential to get right. Google Drive, for example, shows all users all activity. This might not be suitable for some situations…”

Replace Ad Hoc Data Exchange Infrastructure – “Recently CIOs and CISOs have become concerned with the proliferation of legacy “data exchange infrastructures”. These can be moved to the cloud with no security compromises…

Receiving Files Securely From Anyone – “…fax has huge advantages over email, but there’s a better alternative to both when documents for your organization…

Tell us how you drive partnerships below, or, better yet, schedule a demo to see how e-Share can provide Zero Trust sharing for your organization.

What if your collaboration partner wants to use Dropbox?

e-Share Blog

Should you say yes? What if your large/regulated company blocks that service? How long will it take, and how much effort will it take, for IT to change that. What approvals will be required? And what if they have questions?

A common security concern regarding both collaboration and storage platforms is the level and uniformity of auditing. For regulated data, this is absolutely essential to get right. Google Drive, for example, shows all users all activity. This might not be suitable for some situations. Microsoft OneDrive is more restrained.

Dropbox

Another concern might be the level of control provided during collaboration. Many services only offer collaboration by providing a copy of any documents or other files in question. What if it’s sensitive, and the user doesn’t need a copy? Does the collaboration platform offer a view-only option?

Box share options

You can solve all these issues and enable secure, compliant collaboration on any platform by adding e-Share. We’re already integrated with Dropbox, Box, OneDrive, O365, GDrive and GSuite. Our uniform auditing has passed muster with some of the most sensitive and regulated data.

e-Share - Audit search

In addition, our fine-grained sharing options go way beyond giving away a copy, allowing additional authentication including requiring the user to login with their Google or Microsoft account, specify an access code, view and edit-only options – and much more.

Schedule a demo today to see how you can say yes to most any collaboration platform – and make IT and your security team happy!

e-Share Collaboration Bot Now Available in MS Teams Store, AppSource

e-Share Blog

e-Share is proud to announce that our External Collaboration Bot for Microsoft Teams is now available in the Teams Store as well as Microsoft AppSource.

In brief: very often the result of a Teams collaboration are files that need review or other use by outside parties – consultants, suppliers, even customers. With the e-Share Bot, you can securely share files and conversations from within the app – without enabling “External Guest Access” for the entire company.

e-Share’s fine grained sharing options, defined by your organization, can restrict access to view-only, require watermark with the recipient’s email and IP address for download, limit to editing online via O365 – and more. The bot even notifies share owners as recipients access content, or upload their own.

Learn more about the bot here. Or contact us to schedule a demo anytime!

Support the Mission by Enabling External Collaboration

e-Share Blog

As companies transition from “no cloud” to “cloud-first” models, they quickly discover the “external sharing problem.”

e-Share - Timeline

It’s actually much more frustrating when it happens in “cloud first” environments, because sharing is a required consumer feature we all depend on. But sharing is more complicated in the enterprise. Core platforms like Office 365 and GSuite are designed to enable internal collaboration, but offer poor support for external users.

As a result, IT typically turns off these features. Or, if you own IT does not, the IT department at the companies your employees want to share with, typically blocks the incoming links. (There are so many good reasons for this.)

Teams disabled

Here’s the problem. Sharing and collaborating with external parties is an essential business activity. It’s required for partnerships, consultants, design firms … even auditing!

How else would you drive value via strategic outsourcing and/or the network effect? If you want your auditor to make sense of your financial reports, they’ll need to see them, at least. The problem is legacy sharing solutions don’t support external collaboration effectively. They likely require on-premises hardware and/or installation of software or plug-ins by recipients.

Employees who work with partners, strategic vendors, etc will find a way around these limitations if they have no other choice. They know they have to succeed in their mission to get ahead.

Do you want shadow IT taking hold in your organization??

e-Share - Devices

Companies, even large/regulated ones, can support the employee mission by enabling secure external collaboration in concert with existing cloud file storage (OneDrive, Dropbox, Google Drive, Box) and collaboration tools (O365, GSuite, Teams, Slack) by adding e-Share. Our enterprise-grade platform provides the essential elements for secure external collaboration, including:

  • Operating under your corporate domain, with your SSL certificate. Everything is verifiable, and unless a recipient is actively blocking your company, links and notifications will not be blocked. (Sharing from any of the cloud storage providers is likely already blocked, as they are notorious sources for phishing attacks.)

Please, register for a demo to see e-Share in action, and learn how you can deploy it for your organization in just a few days.