Mistakes, Misconceptions & Myths

Today's most common enterprise security oversights, assumptions

As technology evolves, more and more enterprises become targets of highly sophisticated criminal organizations. Their purpose is to illegally obtain valuable data to be leveraged to commit any number of crimes against your organization or customers.

But which companies are the easy targets? Which organizations have left gaps in enterprise security that leave sensitive information, customer data and intellectual property at risk? Is your organization at risk?

Explore the following common mistakes that could leave your information, brand and customers vulnerable, and what proactive steps can be made to ensure your company is properly secured — and out of the headlines.

Relying on the unreliable.
No offense to enterprise end-users who are typically educated, savvy individuals. But relying on them for consistent practice of security policy, and to unequivocally follow proper procedures, just isn't practical — or fair.

Your workforce shouldn't be required to understand or execute enterprise security. They have many roles and responsibilities, but manually encrypting e-mail, requesting user certificates or managing permissions for dynamic workgroups are certainly not some of them.

Enterprise security should be completely transparent and automatic to the end-users. Assuming they are upholding their end of the "secure" infrastructure only places your organization's brand, intellectual property and customers at risk.

>> Is Entrust Entelligence Group Share right for your enterprise? Learn more.

Too much confidence in boundary security.
The security of your network is extremely important. But as the sophistication of online criminal organizations evolve, what happens if external threats bypass your boundary safeguards and gain access to your network — not to mention its valuable intellectual property, sensitive information and customer data?

It's important to instill a sense of confidence in both external and internal security measures. If your external security solutions are bypassed, internal content needs to be encrypted as an automatic countermeasure. Without it, external parties could have complete access to your sensitive data should they circumvent boundary security defenses.

Each year, dozens of trusted brands fall victim to these types of security breaches. In March, about 5,000 employee records were stolen from MTV after a similar security breach.¹ Personal information in the stolen files included names, birth dates, Social Security numbers and compensation data.

In 2007, TJX Companies Inc., which operates and manages T.J. Maxx and Marshalls department stores, among others, was the victim of a network breach and thousands of customer records were stolen.²

Regardless of enterprise scope or vertical, any organization can fall victim to the sophistication of today's online criminal tactics. It's the proactive steps your organization takes before this occurs that counts; leaving your customers' trust intact and your brand unscathed.

Network security does not equal data security.
Your network is secure from outside threats. That means your sensitive data is protected, right? Absolutely incorrect. It's one of the most widespread misconceptions of enterprise security. Your network may be extremely well secured, but that doesn't have any bearing on how or if your data is protected.

The external risks may have been addressed, but what about threats from internal parties? Even if an organization's network is so-called "hacker-proof," any individual within the enterprise could access, copy, print or transfer sensitive unencrypted data. The only safe course of action is to encrypt this valuable information.

According to a survey at the Infosecurity Exhibition Europe in 2007, one third of IT staff admitted to accessing confidential information through legitimate access privileges. This means your authorized IT personnel could be taking advantage of their complete access to view, copy or send sales data, customer information, corporate salaries and more. So like most organizations, if you rely on IT to restrict or grant access to sensitive data, there's a good chance they're also looking at it.

In addition, relying on Access Control Lists (ACLs) to prevent users from accessing information they aren't authorized to see is a major security risk. ACLs are only effective if the operating system security is not bypassed. Guess what? This feat can be achieved by just about anyone.

Minimize these internal threats by automatically and transparently encrypting files and folders stored on your network. Maintain seamless control over who has authorization to access which files, folders, directories or workgroups.

Full-disk encryption is safe enough, protects everything.
While extremely important, full-disk encryption often provides a false sense of security. It's a great strategy for preventing data on lost devices from being accessed. What it doesn't do, however, is safeguard that data when it needs to be shared or collaborated.

Full-disk encryption doesn't secure your shared network files or folders, which are used for group collaboration. And it can't protect your organization from sensitive files being copied, e-mailed or moved. It's a solid point solution and has an important role in a layered security strategy, but falls short of protecting your enterprise data if relied upon alone.

Leave no co-worker behind.
Well, don't leave their authorization behind anyway. One of the most blatant miscues in enterprise security occurs when the access for departed employees remains even after they have left the organization.

Employees often copy groups of files to take with them when they leave — in most cases an innocent practice. But while you may have disconnected them from the network so they can't access updated data, their older files still contain large amounts of sensitive information, customer data and intellectual property.

This scenario could lead to non-compliance with many industry or government regulations. The results could range from costly audits, class-action lawsuits and irreparable damage to your valuable brand.

If those files are encrypted with persistence, you remain protected regardless of what they do with the files and folders. Because the encryption remains with the files or folders, once their authorization is revoked their access to the information is eliminated.

Many security concerns. One solution.
So now you've figured out you're making one of these mistakes — or all five. What are your next steps? Fortunately, Entrust Entelligence Group Share — an efficient, easy-to-use network folder encryption solution that allows files and folders to be encrypted for groups — can help solve each of these challenges.

A key component of a layered security strategy, Entrust Entelligence Group Share provides organizations with transparent, automatic and persistent encryption of sensitive enterprise files and folders. Invaluable information remains encrypted even if it is copied, saved, moved or sent outside the enterprise's boundary. An easy-to-manage solution, it promotes the sharing of ideas and information without the typical burden of security technology in a dynamic organization.

From complying with government regulations to protecting your brand and securing sensitive information, Entrust's efficient network folder encryption solution is an important tool in any layered enterprise security strategy.

>> Is Entrust Entelligence Group Share right for your enterprise? Learn more.