Balance Content Security and Content Access With Granular Governance

Balance Content Security and Content Access With Granular Governance

Every CISO knows that you can’t have privacy without security, however, you can have security without privacy. Multi-factor authentication, data encryption, and threat protection defend against external threats, but they do nothing to ensure sensitive content is handled correctly by authorized users. While users across your extended enterprise expect easy access to their sensitive content, they also expect complete confidentiality: transparent collaboration comprised of private communications.

CISOs must enable secure file sharing that balances the protection of sensitive content with the overwhelming need to share it, easing access while preventing breaches, ensuring privacy alongside transparency, and adhering to complex regulations without getting in the way of efficient communication. Each trade-off entails risks. This blog series explores these trade-offs and offers six guiding principles for creating a secure content sharing channel that enables work across the extended enterprise and protects your most sensitive digital assets.

Enforce Policy Controls to Govern Data in Motion

In my last blog post, I shared some of the pitfalls associated with providing simple, seamless access to content. Today, I’ll discuss the challenge organizations have in providing easy access to sensitive content, but also ensuring that content is shared with complete confidentiality.

Understand User Roles to Enforce Policy Controls

Confidentiality is the result of strong content communication governance – ensuring only authorized users can access, modify and share specific content in specific ways. It cannot be enforced at the network level—where most security controls are implemented, because it requires information like who, what, where, when, and how. It must be enforced at the user-application-content level, because that is where this information resides. For example, preventing a finance manager from sharing audited statements publicly prior to an earnings announcement requires an understanding of user roles, content type and timing of the request. These requirements echo my earlier blog post about the requirements for total visibility: connection to every user sharing endpoint and every content repository. Only now we need more than just a connection—confidentiality requires control.

Complete Content Confidentiality Requires Complete Content Control

Your secure content sharing channel must have very granular policy controls based on a wide array of inputs, including user roles and privileges, as well as content metadata, such as file size, type, location, read and write permissions, and content sensitivity. Consider file access at a hospital. Should a podiatrist have access to an obstetrics patient’s records? Should an admitting clerk be able to edit a patient’s prescription dosage? Not if the hospital wants to demonstrate HIPAA compliance. This is the baseline to govern data at rest. To govern data in motion as it enters and leaves your organization, policy controls need to incorporate sharing metadata, such as sender, receiver, origin, destination, time of transfer, and window of availability. The more granular the governance, the greater your ability to enforce confidentiality and strike the right balance between privacy and transparency.

In the next post, I’ll discuss how organizations can prevent employees from building their own shadow IT out of easily accessible, consumer cloud applications. Until organizations make it simple to share sensitive content securely, they will force employees to seek out less cumbersome, and also less secure, alternatives.

To learn more about providing easy access to sensitive content while also ensuring that content is shared with complete confidentiality, schedule a custom demo of Kiteworks today.

Additional Resources

 

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Share
Tweet
Share
Explore Kiteworks