Frank Schlupp

Can You Defend Your Documents?

Many companies have spent millions of dollars on technology to protect data against external threats. Unfortunately, some of those same companies have failed to take adequate steps to protect their data from internal agents. The Bradley Manning case should serve as a reminder that sometimes the greatest danger to an organization’s data can come from within. Verizon’s 2011 Data Breach Investigations Report found that internal agents were involved in 17% of all data breaches reported last year. In the healthcare industry, the insider problem is even more serious. Privacy Rights Clearing House found that 3 of the 6 worst breaches in 2011 occurred in the healthcare industry. A recent study by Veriphyr, found that in the last 12 months 70% of organizations had suffered one sort of breach or another involving Protected Health Information (PHI). Compromised PHI data often includes social security numbers and payment account information which is used to steal a patient’s identity. The Veriphyr study found that insiders were responsible for over 60% of the data breaches involving PHI.

The insider problem is more than just disgruntled employees with malicious intent. Many high profile breaches are due to simple mistakes made by otherwise well meaning employees. A laptop is left on a city subway. A set of backup tapes are left in a car. A password is shared with a coworker helping a customer. These simple oversights often lead to catastrophic (not to mention highly publicized) data breaches. The dilemma many organizations face is how to implement the right amount of control while not bringing productivity to a grinding halt. Based on the growing number of serious breaches, it would not be wrong to conclude that many companies have chosen to do nothing to address the issue. This is unfortunate because when it comes to data security, an ounce of prevention is worth several tons of data security.

There are basic precautions every company should take to mitigate the risk of an internal breach. First, sensitive data should be encrypted while at rest and during transmission to provide an added layer of protection against attacks launched from inside the firewall. Encryption can also help protect data stored on a lost laptop or backup tape if it falls into the wrong hands. MetaSource recently released Secure Store for ApplicationXtender to meet the growing need to protect documents inside the firewall. Second, companies that need to share information with third parties should implement some form of Information Rights Management (IRM). When applied to content management systems, IRM for ApplicationXtender can continue to protect documents once they are shared beyond the firewall by embedding policies into an encrypted copy of the document. IRM for ApplicationXtender allows organizations to maintain complete control of critical documents no matter where they reside.

Finally, information access should be audited and regularly reviewed to promote accountability and security. ApplicationXtender is a secure repository for storing sensitive documents and data. ApplicationXtender tracks document access and maintains a complete Audit Trail, which helps support corporate compliance goals. These simple precautions can help any organization minimize risk and avoid costly breaches. To find out how MetaSource can help defend your data and documents, give us call.
 

0 Comments

Add A Comment