The Notifiable Data Breach Scheme now in effect in Australia acts as an important reminder to all organisations. How do you securely enable file sharing whilst maintaining control over your data’s location and sovereignty? In a recent article, Data Insider seeks to answer this very question.
Data security and breach statistics regularly point to “risky” user behaviour or unsecure file sharing as a major cause of data breaches. Beyond the potential loss or corruption of critical operations data, this could cause a massive regulatory headache for many organisations.
Recently, Data Insider asked a group of 34 cyber-security experts how they would convey to IT users, in any organisation, “how companies can best communicate the security risks associated with file sharing and cloud storage to employees”. two key factors were highlighted:
- Email is inherently unsafe for sharing documents
- Cloud and public file-sharing services, (EG.”box” type services) are not sufficiently secure and customers have no control over their data location
The issues surrounding “sufficient security” goes to the encryption security model (if encrypted at all). Critical to the assurance provided by the encryption model are encryption key management and key exchange, including who holds the keys and how keys are stored.
The latter issue of data location control refers to data sovereignty – an increasingly important issue today. A recent survey of enterprise and government organisations, conducted by Senetas at industry data security events, indicated that 70% of Senior Managers saw data sovereignty (customer control over data location) as an important data security issue.
The importance of data encryption is highlighted within both the Australian Data Breach Notification Scheme and the impending gold standard of international data security regulations – the GDPR. This extends beyond network data transmitted across private infrastructure to include file sharing and collaboration across public cloud infrastructure. When it comes to file-sharing applications, data encryption, location and sovereignty will come under the spotlight.
Much of the emerging legislation is concerned with the privacy of individuals. Whilst regulatory compliance is, of course, a major consideration for all organisations, they must also be concerned with the protection of commercially sensitive data or intellectual property. A breach of this data could prove catastrophic to a wide range of stakeholders.
Many vendors use superlatives to describe the level of data protection they offer, but organisations need to be aware that not all encryption solutions are the same.
In order to offer a truly robust encryption platform, a solution needs to include:
- certification by independent testing authorities
- high-assurance security features (e.g secure key management, standards based algorithms and authentication)
- crypto-agility, enabling long-term data protection in the post-quantum world
- zero impact on application performance or user experience
SureDrop, from Senetas, is the secure file sharing application that was specifically developed to offer an optimal user experience while incorporating high-assurance features such as secure key management (with access limited to the key owner only) and 100% control over data location and sovereignty.