By Jim Morris
The birth of modern risk management in the ‘90s gave us a means through which IT security professionals could consider and assess vulnerabilities, threats, and assets simultaneously. In theory, at least, it allowed us to effectively identify and mitigate our largest information security risks. Widespread refinement and acceptance of this basic premise meant that, in the business world, we had appropriate confidence as we shared information externally with partners and customers and as we exchanged information within our own enterprises
This confidence, no doubt, influenced the way many organizations invested in security infrastructure for information exchange. Over the past two decades, we’ve seen various tools such as email, secure and managed FTP servers and clients, and EDI systems, become the norm for secure information exchange. For many companies, these tools have replaced homegrown and “old school” methods of sending information, such as basic insecure FTP servers or even burning data on a CD and sending via FedEx.
However, although it may seem surprising, many organizations today still rely on older insecure methods. For the companies that do roll out more modern solutions, there may be little – if any – uniformity in the way businesses implement these various techniques. Companies are essentially lacking oversight of who’s sending what information to where, and of how and when they’re sending it.
Take, for example, the typical problems that arise with email attachments. Marketing may be up against a deadline trying to get approval on a promotional video for a new product launch. They need to send a massive file across the country or world to a vendor with whom they’ve never worked before. They can’t send it as an email attachment because of size restrictions. They’re desperate. They resort to other options that will likely be more expensive and time consuming, and less secure, than management and IT realize.
The issues inherent in this basic example will become more prevalent in the future. The raw quantity of data and information exchanged across today’s networks is staggering. The diversity of ways in which we distribute those digital assets – not to mention their sheer size – is even more impressive. With businesses collaborating on a global basis 24/7, data exposure vulnerabilities and threats both inside and outside of the workplace seem, at times, unmanageable. To help mitigate these threats, we MUST take a hard look at our approach to information exchange.
The Secure Info Exchange blog will explore the many ongoing issues around compliance, risk, governance, and performance that define the world of secure information exchange. We hope to provide ideas and insight about how to facilitate collaboration in accordance with sound policies and practices, while operating within budgetary constraints. While doing this, we also must appreciate the complexities of heterogeneous IT infrastructures and often-conflicting organizational objectives. Ultimately, we hope to outline best practices and evangelize trends that help you better secure your critical business information – whether it’s data at rest or on the move.
