By Tim Mullahy
There was a time when administrators had complete control over what their users did, and how those users accessed corporate resources. Seems like another world, doesn’t it? The advent of mobile devices brought with it an era of Shadow IT - a new paradigm where control became decentralized from the IT department, and it was the user, not the administrator, who dictates how things work.
I’d like to think most businesses have adapted to this new way of doing things - at least, more or less. They understand that ease of use for employees is every bit as important as protecting their data. And they take the necessary steps to do so.
Unfortunately, reality has a way of throwing my idealism back in my face.
Fact is, most businesses aren’t anywhere near as secure as their decision-makers believe. Nowhere is this more evident than with file storage. By and large, sensitive documents seem to be neglected by most businesses. The spate of breaches we’ve seen over the past few years (Panama Papers largest among them) is ample evidence of that.
Honestly? That needs to change. Within your own organization, that change starts with you.
Here’s a framework for you to get started:
- Understand where your sensitive data is stored, and who has access to it. Log and monitor everything. The more attention you pay to your important files, the better your chances of responding if and when a breach occurs.
- Enforce strict access controls - only the people who need to use a particular repository should be able to see it. Broad access rights make it easy for an unauthorized party to sneak in and take whatever they want.
- The User Groups feature is critical. You also need to change SharePoint’s default permissions, and learn how the Limited Access feature works.
- Consider installing a third-party DRM solution that allows your IT department to maintain control of files that are removed from the repository. The big issue with SharePoint, after all, is that you lose control of a document once it’s removed - and people will remove them, because that makes working easier.
- I feel like a broken record for saying this, but...educate your employees. Teach them what a spear phishing scam is, go over best practices for protecting sensitive information, and ensure they know your company’s policies regarding file access.
- Encrypt and index everything wherever possible.
- Understand that file security isn’t just about the files. You need to make sure every endpoint within your organization is secure, as well.
There was a time when administrators had total control over IT infrastructure - and by association, security. That time is far behind us. In order to protect corporate data in the modern world, a different approach is necessary. You need to learn to work with your users, and place a premium on convenience just as on security.
Because if you don’t, your users will just find a workaround.
About Tim Mullahy
Tim Mullahy is the General Manager at Liberty Center One, a new breed of data center located in Royal Oak, MI.