Categories
Blog Data Erasure

When to Completely Erase PCs

When it comes to robust data security, erasing PCs completely before reusing or disposing of them is critical, even though it is considered difficult and time-consuming. Questions may be raised as to why it is critical, and the answer to those questions is that PCs contain the highest volume of enterprise data, which if leaked or breached, can cause vital data security lapse that may be neither detected nor controlled.

Right now, there are three major methods to erase PCs completely, also widely known as disk erasure: physical disk destruction, degaussing, and overwriting. These methods are equally competent and effective, but overwriting stands out against the other two, in regards to cost-efficiency—it does not make the PC disks unusable, whereas the other two do the opposite. It uses internationally certified algorithms that remove the PC data by overwriting it with randomized data; therefore, it allows the enterprises to reuse the disks, provided they are still in good condition. Furthermore, overwriting reduces e-waste, helping companies do their part for eco-friendly, corporate social responsibility.

Overwriting is the most common disk erasure method; however, if hundreds and thousands of PCs need to be erased, it becomes problematic due to its time-consuming and complicated process, as depicted below.

  1. Collect the PCs that are subject to be replaced for reuse or disposal.
  2. Transport and store the PCs in separate spaces or facilities.
  3. Assign personnel to manually run overwriting programs on each PC to erase stored data.
  4. Reuse or dispose of the PCs that completed the overwriting process.

To save time on such a problematic process, enterprises often employ external services. However, such a decision can be a worrying one for enterprises and the responsible parties—all data stored on the PCs in the hands of external services are in their most vulnerable state, where they can be exposed or leaked. Even worse, enterprises will not know whether their PCs have been exposed. To help enterprises lessen their worries, these services provide extra security measures such as video surveillance, RFID tracking barcodes, live streaming of the full process, and heavily secured trucks, which attempt to ensure the safety of PCs and the stored data while they are being transported to and kept in the external facilities. However, a higher level of security leads to increased cost and prolonged processes for the enterprises to endure—this is why disk erasure by overwriting, despite its undoubted necessity and advantages, can become a headache.

Erase PCs in the comfort of your desk for sustained data security and enterprise efficiency

What if enterprises could erase their PCs within their secure office premises from start to finish? After all, issues of vulnerable data security and enterprise inefficiency are rooted in the complications that arise from transporting and storing PCs in external facilities. By entirely removing this negative variable, enterprises no longer have to worry about data security and increased costs because extra security measures like armored trucks or video surveillance cameras are no longer necessary. Thus, Secudrive encourages enterprises to erase all PCs in their secure office premises. With the innovative disk erasure solution Secudrive Drive Eraser, enterprises can facilitate on-site disk erasure by overwriting—enforced by administrators or self-service format—in addition to comprehensive management of multiple disk erasure processes.

Check out our next blog to discover more about Secudrive Drive Eraser and why it is an essential disk erasure solution for all enterprises!

Categories
Blog Data Erasure Device Control File Server Security USB Sescurity

How to Prevent Potential Data Leaks before and after Employees Depart

Four Secudrive data security solutions to help prevent potential data leaks before and after employees depart

When employees join and leave enterprises, the primary concern is to find replacements or re-shuffle the organization structure. However, one crucial, or the riskiest concern that enterprises may overlook is that the departing employees can accidentally or intentionally leak confidential data on their way out, or even after their departure.

Acknowledging that confidential data leakage upon employee departure is more than plausible and that consequences can be damaging, Secudrive recommends its four solutions – Secudrive File Server, Device Control, USB Office, and Sanitizer – that synergize to stop employees from accidentally or intentionally leaking confidential data, before and after their departure.

1) Secudrive File Server helps enterprises to set up a secure file sharing environment where confidential files can be consolidated and protected in a centralized system of file servers. Firstly, Secudrive File Server ensures that consolidated files are isolated from the employee PCs’ local environment, making them only accessible and usable directly on shared folders. Then digital rights management (DRM) is enforced for each folder to stop employees from leaking confidential data.
Digital rights management is the key to Secudrive File Server, restricting specific functions of files and data. With DRM in place, employees can use enterprise files as normally; however, they will be strictly restricted from specific actions that potentially lead to file leakages, like file copying, screen-capturing, printing, and more. With data leakage blocked by DRM, employees will not be able to export confidential data to their PCs’ local environment or outside environment via offline (storage devices) or online (e-mail or messaging apps) methods.

2) Secudrive USB Office and USB Management Server is a solution suite that provides enterprises a secure media to safely store and transport confidential data outside the office environment. Secudrive USB Office is a hardware encrypted USB with DRM, ensuring data security when employees need to take out confidential files for certain situations like business trips, which may seem to be opportune for data leaks. It brings hardware-encryption with AES-256 crypto chip and DRM (identical to that in Secudrive File Server) to ensure that data stored in Secudrive USB Office are safe from not only outsiders’ unauthorized access but also potential leakage that may occur ‘after encryption.’
In addition to the security measures integrated with the USB drives, Secudrive provides a supplementary Secudrive USB Management Server (UMS) that establishes a remote, centralized platform to manage multiple USB drives and their security policies at once. The more USB drives enterprises use, the harder it is to control, and UMS was developed to eliminate such difficulty by allowing enterprises to keep track and change security policies of multiple USB drives at once, real-time. One critical advantage of real-time management is the ability to instantly respond to unexpected events like USB drive thefts or losses. As enterprises ordinarily use regular USB drives with no security measures implemented, and the data stored is exposed to leakage risks by both outsiders and insiders. Therefore, Secudrive’s USB drive security and management solution will prevent data leakage threats by not only outsiders but also insiders.
Even though the enterprises have secure USB drives, backed by a robust management tool at their disposal, they must make sure that only those USB drives are used by employees. Simply encouraging employees or enforcing some policies is not safe enough, since departing employees willing to steal confidential data can easily use their USB drives. Then how can enterprises limit their employees to use only the safe, security-equipped USB drives?

3) Secudrive Device Control regulates and monitors all or specific devices that are used on the endpoint PCs, through ports like USB, Wi-Fi, LAN, and IEEE 1394. As removable storage devices have become IT commodity for everyone, they have naturally become an integral part of enterprises as well. However, enterprises must first control the use of USB drives to eliminate any possibility of data leaving the enterprise premises.
Secudrive Device Control helps enterprises establish and implement various security policies on multiple groups effectively, by initially drawing the information on how all the PCs and employees (users) are structured together from Windows Active Directory (AD). Moreover, when an employee needs to use certain devices for specific tasks, Secudrive Device Control can temporarily ‘unblock’ specific ports, keeping the work productivity flowing. In this case, it is imperative that USB drives be integrated with reliable security measures.

4) Secudrive Drive Eraser is a disk wiping solution that stops potential data leaks from old PCs used by departing employees. When employees leave, their PCs either change ownership or are destroyed, and before doing so, enterprises often format the PCs. However, PC formatting is never enough as it merely removes the path to the data, not the data itself, which actually can be recovered and even worse, be leaked out.
By using Secudrive Sanitizer can the enterprises completely ‘wipe’ multiple PCs simultaneously, and even execute multiple wiping processes remotely from a centralized console. It ensures that PCs are free of remnant data after being wiped with internationally recognized wiping algorithms. Then the enterprises can re-assign or destroy the old PCs used by departing employees, knowing that all data has been rendered unrecoverable. Moreover, remote PC wiping allows bigger enterprises with multiple locations to wipe their PCs with just a few clicks and to monitor the process from start to finish.

All in all, the four Secudrive solutions – Secudrive File Server, Device Control, USB Office, and Drive Eraser – form a holistic data security architecture that stops departing employees from leaking confidential data before and after their departure.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

3 Technological Security Measures to Prevent Data Leaks When Employees Depart

To help employees fulfill their professional initiatives, enterprises must provide a variety of physical and digital tools that enable the employees to take full advantage of enterprise data and resources. When the employees move on to different jobs, however, rolling back on all the capabilities that the enterprises once gave to their employees is another important duty. After all, departing employees can be either direct or indirect causes of data leaks, whether accidental or malicious.

To prevent departing employees from leaking confidential data, enterprises have been implementing several conventional measures like establishing policies, preparing legal documentation like a non-disclosure agreement, training/education sessions, and deactivating accounts used by ex-employees (PC, devices, cloud and more). Perhaps these can be considered to be enough to prevent leakage of confidential data; however, they are only focused on “discouraging” employees from leaking data when they depart. Instead, enterprises need to implement technological measures to actually “stop” data leaks from occurring.

1) Consolidate all files into a data repository equipped with data leakage controls and real-time monitoring

Preventing data leaks by departing employees begins with consolidation and isolation of confidential enterprise files in data repositories and away from individual employee PCs, which can become exit points from which confidential data can be wrongfully leaked, deleted, or edited.

However, this security measure is just the basic foundation of security architecture to prevent data leaks by departing employees. Therefore, by integrating data leakage controls to restrict copying, screen-capturing, printing, and network-transferring the files out of file servers, can enterprises form multi-layered and tighter protection of confidential data.

If the employees need to bring confidential data out to their local storage for certain tasks, enterprises must ensure that all relevant activities regarding the files and users are tracked with logs. Logs are important for both preventative and corrective action as a response to data leaks by departing or departed employees since enterprises can not only detect wrongdoing beforehand but also identify the wrongdoers even after they have quit.

2) Control and manage portable storage device usage on endpoint PCs

Employees now have more kinds of portable storage devices, like USB drives and smartphones, at their disposal for better and improved work performance. However, these devices must be used under the organization-wide enforcement of strict control and thorough management to ensure that those devices do not leave the office premises with confidential data inside.

Together with enterprise policies and culture that discourage the use of storage devices for purposes other than those work-related, a series of technological measures must be implemented to deter employees from doing so. Firstly, enterprises must block the ports (USB, IEEE 1394, and so on) on the PCs used by the employees. By doing so, not only existing but also soon-to-depart employees cannot use portable storage devices to take confidential data from enterprise premises, whether such action was done by mistake or with malice. However, blocking all ports may not be the best option, if the enterprises require permitting specific ports for specific tasks or employees. For this case, it is imperative to implement a management tool that oversees all ports and connected devices on all employee PCs, and that is capable of enforcing and lifting restrictions for specific circumstances.

3) Wiping used hard disks before disposing or recycling used PCs after employee departures

When employees depart, it is common for enterprises first to format the used PCs, and then re-assign or destroy (if outdated) them. Unfortunately, this practice may trigger unexpected data leaks, as the remnant files that contain or are relevant to enterprise confidential data can be recovered, even though the PCs have been formatted beforehand.

Therefore, to prevent data leaks by recovery, enterprises must wipe remnant data on old PCs by using data erasure solutions like degaussing, overwriting with randomized data, or even the physical destruction of PCs. These three solutions achieve the same goal of data erasure, but only one provides enterprises with an extra advantage: overwriting wipes remnant data completely and maintains the disks as usable, while the other two methods do not. Thus the disks overwritten with randomized data can be recycled to be assigned to new employees, and the enterprises will not have to worry about possible rediscovery and leakage of remnant data.

When employees depart, enterprises must think beyond handling more paperwork and recruitment, as their confidential data can, or even worse, could have been at risk of being leaked. The biggest issue with data leaks by departing employees is the increased difficulty of identifying who the wrongdoers are, and of taking a course of corrective actions. The three key measures mentioned above address the importance of data leakage prevention before and after departing employees, whether their involvement direct or indirect. Check our next blog to see how Secudrive solutions bring these measures into practice for enterprises, whether big or small, to ensure that confidential data do not leave along with the departing employees.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

4 Ways How Departing Employees Can Leak Confidential Data on Their Way Out

When employees leave, it is not just about more paperwork and recruitment efforts. In fact, enterprises must also make sure that confidential data does not leave with the departing employees. According to Osterman Research, 69% of organization surveyed indicated that departing employees pose a threat of data leakage.

It is important to know “why” departing employees might leak confidential data. Often, the reasons are classified into two characteristics: accidental and malicious. Accidental data leaks are closely related to employees’ negligence of what confidential data means for enterprises and of potential consequences for data leaks. Ponemon Institute study showed that over 50% of the reasons why departing employees took confidential data was the perception that “everyone else did it when they left.”Meanwhile, malicious data leaks are about personal interests. Lately, many enterprises are warned of malicious data leaks, as data has increased in its monetary value, and competition among corporations, which may lead to corporate espionage cases, has never been fiercer.

Then, what are the four potential threats and how do employees attempt to leak the confidential data on their way out?

1) Employees depart with confidential data in their hands, literally.
Whether accidental or malicious, departing employees have a variety of ways to take confidential data on their way out. One of the easiest ways is to secretly export confidential data to employees’ storage devices like USB drives, external hard drives, and even CD/DVDs.In 2017, a data leakage case that involved global semiconductor firm Micron, which suffered data leakage of monetary scale up to hundreds of millions of dollars, was caused by ex-employees who used USB drives to export and steal intellectual properties.

2) Departed employees access old enterprise accounts.
Google Suite, Microsoft OneDrive, Dropbox… Enterprises now rely on cloud-based storage networks for their daily operations, for their convenience and functionality. Therefore, when employees depart, it is crucial that all accounts with access to confidential data are completely deleted. If not done so, enterprises face another risk of data leakage. Personnel changes or big layoffs are already a big burden, but acknowledging the importance of deactivating enterprise accounts must never be ignored.

3) Departed employees instruct current insiders to take confidential data for them.
Even if the relationship between departed employees and the enterprises has been severed for good, those employees can still find a way to get confidential data in their hands. By asking the current employees privately, departed employees can indirectly obtain confidential data, delivered online or offline. Because this case involves multiple individuals in and out of enterprises, a systematic approach that combines both organizational measures and technological solutions are required.

4) Remnant confidential data can be recovered from the PCs previously used by departing employees.
After the employees depart, it is a common practice to reassign enterprise PCs to new employees or dispose of them for good. Before doing so, enterprises initially format the hard disks to make sure that none of the remnant data are recoverable. However, this is insufficient to completely stop data leaks because disk formatting merely removes the path to remnant data, not the data itself. Therefore, proper data erasure, not conventional file deletion commands, must be the priority in preventing potential data leaks through data recovery.

For enterprises, departing employees must mean more than extra paperwork and recruitment efforts, because they can unexpectedly become a source of data leakage, which can be catastrophic to enterprises. It is a tough challenge; however, knowing the four potential methods of data leaks by departing employees, as mentioned above, is a solid starting point to ensure that none of the confidential data leave the enterprise premises.

Categories
Blog Device Control USB Sescurity

How to Deploy and Use USB Drives Safely

As the standard media to share all kinds of files with multiple individuals, USB drives are frequently sought by enterprises to streamline their daily operations both in and out of office. However, enterprises sometimes hesitate to put USB drives into actual implementation because the potential risks that arise from not being able to authorize, protect, and manage USB drives easily can outweigh the various advantages that USB drives bring to enterprise work environments. Such risks can negatively impact the confidentiality of enterprise files head-on. Therefore, the decision to implement and use USB drives in enterprises hinges on the availability of USB drive security solutions that deliver enterprise file protection and comprehensive remote management of USB drives.

With Secudrive’s USB drive security solutions can the enterprises deploy USB drives on an enterprise-wide scale safely for employees both in and out of office. The solutions below will help enterprises with protection, authorization, and management of USB drives to ensure that enterprises files remain protected at all times.

  1. Secudrive USB Drives enforce robust protection against both external and internal threats

Implementing enterprise-wide usage of USB drives starts by using the secure USB drives with security measures that protect the stored files from being leaked or breached by not only the external individuals but also insiders. Secudrive USB Drivesprovide such security benefits with the most fundamental AES-256 hardware encryption and TMUSB Anti-Virus against external threats, as well as an innovative integration of digital rights management. Let’s find out how the three measures provide security for enterprises.

USB drives will perhaps spend most of the time outside the office, traveling with confidential data to different places. Thus naturally, USB drives are exposed to external threats like unauthorized access in case of loss or theft, and ransomware infections. Firstly, AES-256 hardware encryption prevents unauthorized file access by adding the primary security layer with keys, which must be set by the administrator. As for ransomware infections that could occur from repetitive USB drive usage on multiple external PCS, TMUSB Anti-Virus will detect, quarantine, and eliminate malware before it causes any harm to enterprise infrastructure after being recovered from usage.

While the two security measures prove to be effective against external threats, the insider threats to file confidentiality still looms large, as it is often overlooked by most of the secure USB drives. Secudrive’s understanding is that the most critical threats to file confidentiality lies ‘after’ the encryption; therefore, Secudrive USB drives go beyond encryption by integrating digital rights management (DRM), which is capable of restricting specific functions like file copy, screen-capturing, printing, and more. With DRM in place, enterprises no longer has to worry about insiders accidentally or maliciously risking the confidentiality of stored files after accessing the USB drives with credentials.

  1. Secudrive Device Control assures tightened control over authorized USB drives on endpoint PCs.

With USB drive security in check, the next step is to ensure that none of the unauthorized or personal USB drives can access the endpoint PCs. Secudrive Device Control is a solution that helps enterprises regulate and monitor the device access to endpoint ports, ensuring that only selected devices, Secudrive USB drives, in this case, are permitted. Enterprises can initially block all endpoint ports from access, and follow by allowing specific ports for access only by selected devices, under close surveillance from start to finish. In the case when an employee needs to access a blocked port for specific tasks, Secudrive Device Control is capable of temporarily ‘unblocking’ certain ports to ensure that work productivity remains uninterrupted.

  1. Secudrive USB Management Server monitors and manages multiple USB drives simultaneously.

If an enterprise is using USB drives in high numbers, negligence of ownership and responsibility that falls upon the users can cause chaos, which can further lead to costly losses and thefts of assets. To avoid such calamity, Secudrive USB Management Server (UMS) provides a centralized platform where multiple USB drives can be managed and monitored conveniently. Enterprises can remotely track, control, and see multiple USB drives real-time with a bird’s eye view for streamlined management and instant response to potentially catastrophic losses and thefts of USB drives. If such events occur, enterprises can lock or wipe the stored files to make sure that stored enterprise files are kept safe from being leaked. Hence, together with comprehensive remote management, UMS extends the degree of security even outside the office.

The three solutions, Secudrive USB Drives, Device Control, and USB Management Server form a perfect security architecture that provides holistic security to enterprises that wish to use USB drives for functional and streamlined daily operations. With three solutions working hand in hand, Secudrive USB Drive Security & Management will ensure granular security against both external and insider threats to file confidentiality, both in and out of office.

Categories
Blog File Server Security

Why is EDRM Difficult for Enterprises?

Why is EDRM Difficult for Enterprises?

For enterprises, file sharing among employees must be integrated with effective security measures to avoid file leakage by internal employees or unauthorized outsiders, whether intentional or accidental. Commonly, encryption has been that key security measure that helped enterprises with secure file sharing; however, it is now considered as insufficient in protecting the files completely. It is critical that multiple and layered security features are put in place, rather than a single layer of encryption. Encryption plays a fundamental role in secure file sharing, but it alone cannot play entire role in secure file sharing.

Achieving the level of security at which most enterprises can feel comfortable and assured while they let employees share confidential files requires encryption and digital rights management (DRM) to protect file confidentiality ‘before and after’ file access. Adopted to enterprise landscape, DRM is often referred to as EDRM or enterprise digital rights management. It has been continuously touted to become the mainstay component in forming the data security architecture for enterprises, due to its ability to protect data on a file level by enforcing detailed and granular restrictions on specific file functionalities that persist even after leaving the secure enterprise premises and being accessed by external individuals.

In theory, EDRM seems like an effective and assured data security solution. However, according to a Gartner report “Market Guide for Information-Centric Endpoint and Mobile Protection,” it has proven to be rather complex for enterprises, regardless of the size and number of employees, to implement and operate EDRM due to the difficulty in scaling EDRM regarding enterprise-wide implementation and operation. Unfortunately, the troublesome complexity downplays the advantages that EDRM brings to enterprises, to the point where they become reluctant in integrating it into their data security architecture.

Modern enterprise landscape is all about data, which are the basis of a countless number of files that are being created, edited, and deleted repeatedly. The nature of operating with a high number of files means that complex EDRM implementation and operation on a file level can be even more challenging. Applying specific and granular controls for file access and usage to individual confidential files is a tough task that requires IT admins to understand EDRM mechanism thoroughly.

To help enterprises easily identify confidential files for selective implementation of EDRM controls, some solutions offer eDiscovery modules that automatically filter out files by matching predefined rules to see if those files contain confidential data. Even though this feature plays a part in streamlining the complex process, the initial stage of determining and defining the rules is just another complex, and even more important task that requires a high level of expertise and lengthy investment of time to get right. All in all, detailed and granular data security controls for confidential files that fall under the predefined rules may seem the right way to go for most enterprises; however, it is simply too complex to do so on a file level in this day and age where employees flooded daily with countless data and files.

Since the EDRM controls are implemented by those who create the files, determining what must be allowed and denied is solely up to the file creators. This may cause the conflict of interest between the two parties, as one party may face hindrance in work productivity. For lessening such complications, EDRM solutions offer adding dynamic controls to grant or revoke more controls to confidential files; however, this action can create a loophole through which confidential files, despite the enforcement of EDRM controls, may be leaked. The complexity that arises from the conflict of interest affects the individuals or groups within not only the same entity but also the external parties, like contractors and agencies with which enterprises cooperate.

File-level data security that persists even after leaving the secure enterprise premise is an appealing proposition of EDRM, and it is perhaps the correct security model that enterprises perhaps should be following. However, the high level of complexity that is apparent from the point of view of both IT admin and file user sides has been making enterprises to think twice before implementing EDRM. Integration of DRM to secure file sharing in and out of enterprises is a must, but doing it more simply and efficiently should be defined to cater to both small and big enterprises.

Categories
Blog USB Sescurity

How to Mitigate Security Risks of USB Drives in Enterprises

Portable, fast, and easy, USB drives have become the household gadget for file and data transfer for the last two decades or so. From USB 1.0 to the newest standard, 3.2, USB drives have undergone tremendous evolution, which provided great functionality and practicality for both personal and enterprise. Especially for the enterprises, USB drives are incredibly functional IT assets, but they involve some risks regarding the confidentiality and security of valuable enterprise data.

  1. Unauthorized USB drives can cause data leakage and management chaos in and out of office.

Employees may use personal USB drives, without permission, to take and use confidential enterprise files in external environments. Therefore, the safekeeping of confidential enterprise files like customer data spreadsheets, financial statements, and engineering blueprints, are under threat of leaving the safe office premises and exposed to unexpected file leakage or tempering. Simply put, confidential enterprise files may end up in wrong places at the wrong time, and the enterprises might not even know such catastrophe has occurred.

Unseen risks associated with corruption, loss, and theft of confidential enterprise files from using unauthorized USB drives in and out of office is one of the biggest reasons why enterprises ditch them, despite the high level of productivity they offer. Therefore, the essential procedure to use USB drives safely in the enterprise environment is to first designate specific, and secure USB drives and their users, in addition to understanding the purpose of using them.

  1. When using USB drives that are unprotected, despite the clear indication of purpose and designated users, safekeeping of confidential enterprise data can still be at risk due to the three big reasons as below.

Lost or stolen USB drives are easily exposed to data leaks if they are found by unauthorized users since they can connect the USB drives to PCs to browse and use, or even leak the stored confidential files. To eliminate the possibility of confidential file leakage from lost or stolen USB drives, enterprises must consider encryption as a fundamental necessity.

Trusted insiders with permission to use authorized USB drivers can be a critical risk factor, despite the enforcement of encryption. They can take the confidential files for personal interests, like monetary gains or corporate espionage, by simply copying or taking the files and contents out of the USB drives. Therefore, enterprises must implement a ‘layered’ USB drive security that protects stored files ‘before and after’ authorized access.

Furthermore, frequent traveling and connection to external, unauthorized PCs may cause USB drives to be infected by malware without warning. Malware can spread itself to enterprise IT infrastructures like servers and endpoint PCs from infected USB drives after being recovered and used in enterprise environment. To use USB drives with minimum hassle, enterprises must consider implementing a trusted anti-virus vaccine that will detect, quarantine, and eliminate malicious codes on USB drives.

  1. Due to the high number of USB drives, enterprises may feel lost in managing the USB drives and their information.

For enterprises, the number of USB drives used may reach up to hundreds or thousands. If so, enterprises will face a difficult task of asset management, which pertains to assignment of the USB drives (which team or group uses which USB). Even though the USB drives have been authorized to be used, negligence of the ownership and responsibility that falls upon the users will contribute to disorganization in enterprises. Furthermore, such information can change as enterprises undergo structural changes in terms of teams and employees. Therefore, for enterprises that wish to operate smoothly with multiple USB drives and minimize disorganization in and out of office, USB drives and their specific information must be managed and even updated on a centralized platform by a dedicated individual.

For personal uses, authorizing, protecting, and managing USB drives may not matter so much. However, for enterprises, it is a completely different story; they simply cannot put their valuable, confidential files at risk by using ordinary USB drives. However, as technologies evolve, so do the capabilities to make sure that enterprises can authorize, protect, and manage USB drives for safe usage in and out of office.

In our next blog, we will discuss the number of security principles and technical measures to implement for comprehensive USB drive usage and management for enterprises.

Categories
Blog File Server Security

The Need for Digital Rights Management in Secure File Sharing

From simple communication to high-profile business development, collaboration among enterprises and employees in the digital sphere is the everyday essentials for work productivity, and in the heart of it lies the frequent sharing of files between internal and external individuals and groups. However, sharing is often not the end, as users will open and edit the files after sharing the files, which can be exposed to unseen threats of breach or leakage. Therefore, sharing files securely, whether in or out of office, is a priority for enterprises to avoid potentially catastrophic consequences.

Secure file sharing is not just one process, but a set of security measures that not only protect file confidentiality but also provide work productivity, both in and out of office. However, the majority of secure file sharing solutions come short in achieving both objectives, because the solutions focus on a model that is centered only around encryption.

Why is encryption insufficient for secure file sharing?

First of all, encryption works when enterprises assume that the trust in their employees and the legal force of documents, such as non-disclosure agreement, is at 100%. However, such an assumption is never guaranteed, and leaving important matter like file confidentiality to chance should never be considered by enterprises. Such claim is even truer when confidential files with valuable data like financials or business development are being priced higher than ever before and sought by other entities.

Secondly, encryption prevents file confidentiality only from those without access keys. It is true that various encryption tactics like a one-time password or two-factor authentication provide an extra layer of security; however, they merely extend outward, meaning that they provide more security ‘before’ file access.

Therefore, secure file sharing must employ digital rights management (DRM) in addition to encryption to protect file confidentiality ‘before and after’ file access.

The possibility of most critical threats to file confidentiality increases ‘after’ encryption, and they are mainly caused by unauthorized or even the trusted insiders with access keys. Moreover, insider threats are harder to detect and deter, as they come unexpectedly and unknowingly. In response, DRM plays an important role by restricting a specific set of functions after file access, which can potentially lead to file leakages, such as file copying, screen-capturing, printing, network-transferring, and more.

DRM is crucial, but it is not there to replace encryption. Therefore, it is important to acknowledge that DRM is added to encryption, rather than replacing it, to protect file confidentiality from both external and internal threat. After all, insider threats accounted for nearly 75 percent of security breach incidents, according to SecurityIntelligence. By going above and beyond encryption with DRM, sharing confidential files can be truly secure from internal and external threats of breach or leakage.

The need for DRM in secure file sharing is evident, as the idea of holistic file security ‘before and after’ access should be prioritized to prevent both external and insider threats. Furthermore, it provides employees to use a wide range of functions within the files’ native application, under the restriction from using a specific set of potentially risky functions like copying, printing, and screen-capturing. Stepping away from read-only or complete access restriction, specific leakage controls of DRM will help enterprises and employees to share, work, and protect their confidential files with ease. Therefore, DRM will prove to be an important factor in making enterprise file sharing to be completely secure and productive, both in and out of office.

Categories
Blog File Server Security

How to Set up A Virtual Data Room

Secudrive File Server is a secure file sharing solution that helps enterprises to establish a collaborative workspace where multiple users can safely access, share, and edit confidential enterprise files, protected with digital rights management (DRM). Relative to the conventional DRM that is on file-level, Secudrive File Server’s folder-level DRM is a unique proposition as it helps enterprises to streamline and scale data security across enterprises.

With DRM as the core component of data security capability, Secudrive File Server can set up a virtual data room (VDR) that provides not only strengthened security but also continuous productivity. Before we get into how Secudrive File Server achieves such capability, let’s learn briefly about VDR.

What is virtual data room (VDR)? Derived from traditional data rooms, where only the selected individuals are given limited access to handle extremely confidential and sensitive documents within the highly secure environment, VDR achieves the same result but on a virtual scale by eliminating the inconvenience and spending due to increased logistical needs for traveling and spaces for individuals. As enterprises and businesses are going digital, VDR is becoming the staple for industries like legal, accounting, investment banking, and private equity.

Setting up VDR with Secudrive File Server involves its three key security features:

  1. Folder-level DRM
  2. Seamless AD integration
  3. Real-time monitoring and logs

Folder-level DRM, as mentioned above, is the core component of Secudrive File Server that makes VDR setup possible. It can restrict unauthorized actions that could lead to accidental or malicious leakage of documents by copying, printing, screen-capturing, and network-transferring. This capability on folder-level means that all documents within DRM-configured shared folders will be restricted altogether. Therefore, administrators can either create new or designate existing shared folders as VDR to store and handle confidential documents. Since all individuals are restricted from committing unauthorized actions to leak any of the documents within DRM-integrated shared folders, enterprises can securely facilitate handling of confidential documents by multiple, authorized individuals. Last not but least, customized watermark printing can be permitted in the case when certain documents need to be printed for specific circumstances.

Folder-level DRM is what differentiates Secudrive File Server VDRs from conventional VDRs as the latter merely provide an extremely limited, read-only environment, which completely overlooks productivity in addition to heightened security. As the DRM integrates to native applications with which the confidential documents are opened and handled, individuals can still benefit from all the capabilities that the native applications offer, minus the actions that could potentially lead to accidental or malicious leakage.

Seamless AD integration means that Secudrive File Server can manage who can or cannot enter certain shared folders, based on the currently existing AD configurations of an enterprise. Managing who is allowed or restricted from entering VDRs is a critical aspect in talking about the security of VDRs. Straight from the management console, Secudrive File Server administrator can grant or revoke access to shared folders that have been designated as VDR with ease.

Real-time monitoring and logs give enterprises the visibility to see every piece of the action of all individuals inside the shared folders that have been designated as VDR. With the real-time visibility in check, enterprises can detect anomalous activities that may signal the leakage intentions, to which they can instantly respond by cutting access to VDR on the spot. Moreover, the visibility extends further by recording all the activities as logs to ensure that document confidentiality remains true even after the tasks in VDRs are complete, as the enterprises or the third-party auditors can review and check for suspected wrongdoings that could have been missed.

Secudrive File Server’s unique stance on confidential data security enables enterprises to set up VDRs where only the selected individuals can enter to handle confidential documents. The real benefit lies in the swift and smooth designation of shared folders as VDRs, as existing enterprise AD and folder settings can be configured straight from the management console. This benefit will certainly cut time to explore, and costs to the additional purchase of conventional VDR solution, which offer an only read-only environment that lacks the productivity aspect. With Secudrive File Server’s DRM, enterprises can benefit from trusted document security in an environment where unauthorized copying is denied, while necessary editing can be permitted.

Please visit Secudrive File Server product page for more information!

Categories
Blog File Server Security Insider threats USB Sescurity

An Economical and Effective Data Protection Tailored to Small and Medium-sized Businesses (SMBs)

Data breach threats are growing exponentially; even the small and medium-sized businesses (SMBs) are now in danger, and are most likely to suffer more than the big enterprises. According to UPS Capital, “60% of smaller businesses are out of business within six months of suffering a cyberattack.” Despite the potential catastrophe due to data breaches, preventing it is challenging for the SMBs. First of all, SMBs have relatively less budget and resources for investment. Second, they do not consider themselves as the targets of data breaches, despite the tendency that cybercriminals tend to take the path of least resistance. Simply put, SMBs are left unaware of and vulnerable to data breach threats that can sink businesses outright in extreme cases.

Due to the ever-growing number of data breach threats, we see a variety of enterprise-targeted, complex solutions like data loss prevention (DLP), enterprise digital rights management (EDRM), user and entity behavior analysis (UEBA), and virtual desktop infrastructure (VDI). Unfortunately, it is extremely difficult for SMBs to implement these types of solutions due to high cost and resource requirements for purchase, deployment, and operation. Having found the demand for solutions tailored for SMBs, some solutions vendors provide similar solutions that are less expensive. However, these solutions are still complex to operate and requires dedicated personnel to manage them effectively. Therefore, SMBs need a new concept of data protection with appropriate practices, which will suit their limited budget and resources.

Practice 1) Treating all relevant data and files as one entity, rather than classifying them by the degree of importance or confidentiality
Understanding this practice is the primary goal to set up cost-effective data protection for the SMBs, as all relevant data, whether confidential or not, is unstructured. This means that all relevant data resides anywhere in the files that are being used daily at multiple endpoints. Therefore, SMBs must first consolidate all its data into a system of data repositories, which require physical and network isolation to prevent physical harm and Internet-based threats, respectively. It is all about reducing the number of exit points from which confidential data can be leaked since SMBs will only have to protect data repositories, rather than tens and hundreds of endpoint PCs.

Practice 2) Protecting consolidated data with solutions that provide not only simple operation but also continued productivity for both administrators and employees
Limited resources for SMBs mean that they have less leeway in hiring or assigning time and personnel to implement and manage solutions on a regular basis. Therefore, quick and easy implementation, along with thorough training for operation is important for the administrator. For employees, the solutions must not interfere them from sharing and working with the protected data and files. If the data protection solution goes as far as hindering business productivity of the employees, it may cause more discomfort than the sense of relief.

Practice 3) Acknowledging that data breach threats arise from both inside and out
Data breach threats are no longer about outside-in; according to IBM, 60% of attacks are carried out by those who have insider access. Effective data protection is all about considering both inside and out; threats like hackers, phishing, and ransomware are from outside, while inside threats include malicious and accidental data leaks by the employees. It is crucial that all relevant data is protected while in use, and in motion by regulating what each employee can do and by monitoring what is happening at file and user level.

Naturally, SMBs have less freedom of budget and resources to run their businesses efficiently, and this constraint makes it difficult to find the right ways to protect their data from being breached by ever-growing threats from both inside and out. Blending data consolidation and protection helps SMBs to achieve the primary stage of complete data protection effectively and efficiently. With added protection against data breach from inside and out, SMBs can cap off the implementation and operation of data protection that delivers cost-efficiency and effectiveness to suit their limited budget and resources.

To learn how Secudrive solutions help SMBs protect their important data from being breached from internal and external threats, please read our next blog!