Protecting Shared Files from Compromise
Andrew Klein - Senior Product Marketing Manager
According to the folks at Privacy Rights Clearinghouse, since 2005 there have been over a thousand data breaches leading to over 320 million compromised records in the United States alone. These records contained personal, financial and corporate information – none of which was encrypted.
The term “record” might imply a database record, but a majority of the breached records were not stored in a database, but instead were stored in “files” such as spreadsheets, documents and log files. These files were stored on laptops, desktops, CDs and USB drives, which were stolen, lost or compromised. Some were files transferred in-the-clear over unprotected networks. There were also breaches which occurred when personal financial information was posted on a web site, Social Security Account Numbers were printed on envelopes, and credit card numbers were faxed to Congress. Such physical (mental?) errors were thankfully a minority of the cases.
Encryption technology can be used to protect individual systems such as laptops and devices such as USB drives. But what about protecting files on a file server where multiple people share a given file? Using file permissions (per user read and write) to protect the file doesn’t protect the contents of the file itself, providing little protection if the file system is compromised. Even the simple act of dragging a file to the wrong folder, a public folder perhaps, increases the risk of data loss. In short, the file needs to be encrypted, but the encryption of the file must allow multiple people to share it without getting in the way of the collaboration process and protect it even if it is moved or copied elsewhere.
How about if the person who owns the file is able to encrypt it and also specify who can use that file once it’s encrypted? For files on a server, multiple people could access and share the file as allowed by the owner, but to everyone else the file is encrypted. This is what PGP NetShare does. The file owner, who could be the IT administrator or someone else, decides which shared files to encrypt and who can use them. To the allowed users, the experience of using the file doesn’t change, except for the little lock icon on the file. In addition, the encryption protection stays with the file. This way, if the file is moved to another location, it is still encrypted. So if the file is ever stolen, lost, hacked, or just accidentally copied, it remains protected. In summary, don't rely on "permissions" to protect files - secure their contents using encryption so even if your systems are breached, your data is safe.
For more information, view our webcast on “The Day in the Life of a File” where we present the challenges of protecting files and how encryption technology can be utilized to best protect the files in your organization.