Mistakes, Misconceptions, Myths
- By Steve Duncan
- Jul 01, 2008
As technology evolves, more and
more enterprises become targets
of highly sophisticated criminal
organizations. Their purpose is to illegally
obtain valuable data to commit any
number of crimes against your organization
But which companies are easy targets?
Which organizations have gaps in
enterprise security that leave sensitive
information, customer data and intellectual
property unprotected? Is your organization
Learn the following common mistakes
that could leave your information, brand
and customers vulnerable, and what
proactive steps can be made to ensure
your company is properly secured—and
out of the headlines.
Relying on the unreliable. No
offense to enterprise end users—who are
typically educated, savvy people—but
relying on them to unequivocally follow
proper procedures isn’t practical or fair.
Your work force shouldn’t be required
to understand or execute enterprise security.
They have many roles and responsibilities,
but manually encrypting e-mail,
requesting user certificates or managing
permissions for dynamic workgroups are
certainly not some of them.
Enterprise security should be completely
transparent and automatic to end
users. Assuming they are upholding their
end of the secure infrastructure only
places your organization’s brand, intellectual
property and customers at risk.
Too much confidence in boundary
security. The security of your network is
extremely important. But as the sophistication
of online criminal organizat ions
evolves, what happens if external threats
bypass your boundary safeguards and
gain access to your network, not to mention
its valuable intellectual property,
sensitive information and customer data?
It’s important to instill a sense of confidence
in both external and internal security
measures. If your external security solutions
are bypassed, internal content needs
to be encrypted as an automatic countermeasure.
Without it, external parties could
access sensitive data should they circumvent
boundary security defenses.
Each year, dozens of trusted brands
fall prey to these types of security breaches.
Regardless of enterprise scope or vertical,
any organization can fall victim to
the sophistication of today’s online criminal
tactics. It’s the proactive steps your
organization takes before this occurs that
count toward leaving your customers’
trust intact and your brand unscathed.
Network security does not equal
data security. Your network is secure
from outside threats. That means your sensitive
data is protected, right? Absolutely
incorrect. It’s one of the most widespread
misconceptions of enterprise security.
Your network may be extremely wellsecured,
but that doesn’t have any bearing
on how or if your data is protected.
The external risks may have been
addressed, but what about threats from
internal parties? Even if an organization’s
network is so-called “hacker-proof,” anyone
within the enterprise could access,
copy, print or transfer sensitive unencrypted
data. The only safe course of action is to
encrypt this valuable information.
According to a survey at the
Infosecurity Exhibition Europe in 2007,
one third of IT staff admitted to accessing
confidential information through legitimate
access privileges. This means your
authorized IT personnel could be taking
advantage of their complete access to
view, copy or send sales data, customer
information and corporate salaries. So,
like most organizations, if you rely on IT
to protect sensitive data, there’s a good
chance they’re also looking at it.
In addition, relying on access control
lists to prevent users from accessing
information they aren’t authorized to see
is a major security risk. ACLs are only
effective if the operating system security
is not bypassed. This feat can be achieved
by just about anyone.
Minimize these internal threats by
automatically and transparently encrypting
files and folders stored on your network.
Maintain seamless control over
who has authorization to access which
files, folders, directories or workgroups.
Full-disk encryption is safe enough,
protects everything. While extremely
important, full-disk encryption often provides
a false sense of security. It’s a great
strategy for preventing data on lost devices
from being accessed. What it doesn’t do,
however, is safeguard that data when it
needs to be shared or collaborated.
Full-disk encryption doesn’t secure
our shared network files or folders, which
are used for group collaboration. And it
can’t protect your organization from sensitive
files being copied, e-mailed or
moved. It’s a solid point solution and has
an important role in a layered security
strategy, but it falls short of protecting the
enterprise data if relied upon alone.
Leave no co-worker behind. Well, at
least don’t leave the authorization behind.
One of the most blatant miscues in enterprise
security occurs when access for former
employees remains even after they
have left the organization.
Employees often copy groups of files
to take with them when they leave—an
innocent practice in most cases. But
while you may have disconnected them
from the network so they can’t access
updated data, their older files still contain
large amounts of sensitive information,
customer data and intellectual property.
If those files are encrypted with persistence,
you remain protected regardless
of what they do with the files and folders.
Because the encryption remains with the
files or folders, once their authorization
is revoked, their access to the information
Many Concerns, One Solution
So now you’ve figured out you’re
making one of these mistakes, or maybe
all five. What are the next steps? Entrust
Entelligence Group Share can help solve
each of these challenges.
A key component of a layered security
strategy, Entrust Entelligence Group Share
provides organizations with transparent,
automatic and persistent encryption of
sensitive enterprise files and folders.
Invaluable information remains encrypted
even if it is copied, saved, moved or sent
outside the enterprise’s boundary. An easyto-
manage solution, it promotes the sharing
of ideas and information without the
typical burden of security technology in a