WikiLeaks material makes for interesting reading unless your company is the target. Bank of America Corp., for example, was a recent target of a WikiLeaks exposure. It turned out not to be WikiLeaks but a hacker that goes by the name Anonymous, but the result—exposed information—was the same.
The point here: every business risks finding its information exposed in WikiLeaks fashion. A Bank of America spokesman said the documents were non-foreclosure related clerical and administrative documents stolen by a former Balboa Insurance employee. Should managers feel relieved?
Absolutely not. In this case an employee of a presumably trusted associate leaked the information. In today’s networked, connected, collaborative economy, every company relies increasingly on expanding networks—ecosystems—of associated organizations with which they must share information. Fortunately, there are ways to protect against this.
For years overnight delivery has been the favored method of sharing documents or unstructured information. It’s easy, but it isn’t cheap and it certainly isn’t secure. Documents can be lost; more importantly, you have no control over what the recipient will do once the document is received.
Today maybe the most common way to share electronic documents outside the organization is via email attachments. Email is fast, easy, and cheap but it, too, is far from secure. And once it gets to its destination anything can happen.
IT is reasonably good at securing documents for sharing within the firewall through layers or perimeter protection. There are data loss prevention (DLP) systems that can stop employees from sending unauthorized information outside the organization. Other technologies, such as digital rights management (DRM), can be embedded in documents to extend control over what can be done with them once they leave your hands.
The cloud, however, appears ideal for securely sharing documents outside the firewall. In the cloud companies set up space through which you can securely share documents. Those you want to share your documents access the space with a browser and view the documents there. Depending on the security provided those viewing your documents might not be able to download them, print them, or forward them. They might be able to make changes to the document there, but not leak them.
These shared spaces vary in the degree of security they provide, their ability to control the document beyond the shared space, and other capabilities they may provide, such as facilitating collaboration. They also vary in the volume and number of documents and users they can manage. Due to these variables, many of the shared spaces are not suitable for the kind of secure document sharing organizations are likely to need. These systems, however, all have drawbacks that prevent widespread adoption. A table below lays out the most common options for secure document sharing.
Three cloud providers, however, can do the job. IntraLinks is widely considered the industry leader. Brainloop, a German company with offices in Cambridge, MA, has staked out the document compliance management and collaboration spaces. Watchdox focuses on ease of use and extended control. Each of these companies delivers enterprise-class secure document sharing.
The main use of such spaces will be for sharing documents relating to M&A activity, Board meetings, and compliance activities. Other use cases focus on product development or collaborative marketing.
The following table lays out the common options.
|ERP systems||Effective secure content sharing within the system||Limited collaborationLack of openness|
|IRM (SharePoint)||Strong collaboration||Limited access controlLack of openness|
|ERM/DRM||Strong access control||No collaboration|
|Perimeter, DLP||Strong protection within firewallUses existing security infrastructure||No collaboration|
|Web/cloud shared space||Easily accessibleInexpensiveAllows for strong security and control
|Collaboration support varies by providerSecurity and control varies by provider|
Whatever option or combination of options you choose, the goal is to stop your organization’s documents from showing up on the various WikiLeaks of the world or getting into the wrong hands.