Hackers Don’t Break In, They Login
Security threats have evolved quickly in the age of digital transformation. It’s no longer just hackers we have to worry about, but bad actors with stolen user credentials and even our employees who have access to vast amounts of now digital data stored in an array of content management systems like file shares. This also means that traditional approaches to file share security are no match for modern security threats.
3 Flaws of Relying on ACLs and Permissions for File Share Security
The longstanding practice of keeping data locked in a repository and securing access to it with access control lists (ACLs) and permissions have proven a weak first line of defense against modern cybersecurity threats – especially for those that come from system users.
Here are the 3 biggest issues:
- Location Based Security Challenges
The most secure system is the one with no users. Lots of users means lots of passwords and related problems from lost or stolen keys. It also means managing all those users’ access to terabytes of content. The result often being complicated folder structures to control sharing and access for different levels of credentials, guests, etc. which are a nightmare to manage.
- Single Point of Failure
The way we work has rapidly changes with so many people spread across organization and outside of it (customers, partners, vendors). A file share isn’t really designed for this type of collaboration. It purely relies on protecting information with passwords and access controls which don’t cover modern sharing scenarios or privacy regulations. This password only, location-based security is easily broken if data leaves the security of the share via an email attachment, USB or desktop download.
- Information Black Hole
Sadly, most organizations have no idea what is in their files shares or who’s accessing them. A survey revealed that 60 percent of respondents said that more than half of their organizations’ data is dark, “meaning they either don’t know it exists or don’t know how to find, prepare, analyze or use it”. And one-third of respondents say more than 75 percent of their organization’s data is dark. It also cited the top three obstacles to recovering dark data as: the volume of data, followed by the lack of necessary skill sets and resources. As a result, many simply put file analysis on the back burner.
Shine a Light into the Black Hole
Ignoring these issues is increasingly not an option with stricter privacy laws and other regulations coming into play. Organizations need to assess the overall health of their file shares now. If it’s been a dumping ground for years, there’s likely a lot of work to be done. Here’s how to get started:
- Define What Sensitive Information Means to You
When we say sensitive information everyone immediately thinks of personal information (PII), healthcare (PHI) and financial information that are covered by privacy and industry regulations. What other types of data are sensitive to your business that could be damaging financially or reputationally if it fell into the wrong hands? For example, intellectual property, client bids, M&A, HR docs, etc.
- Identify and Classify Existing Content
Once you’ve decided what constitutes sensitive information in your organization, you need to track it down and classify it as such. There are tools to help you scan your existing file share content and categorize it appropriately to make managing it easier moving forward. These tools can also help ensure any new information added to the file share is classified upon addition to ensure your information blackhole doesn’t reappear.
- Audit Permissions and Access
Chances are your permission are a also mess, so you need to get a handle on this too. File permissions and access analysis tools can help you get insight into the state of permissions and access. Permissions audits should look at group membership vs individual access used as work arounds, accounts that are no longer needed (old employees, partners, etc.), and over permissioned users, as these all pose a risk. Auditing should also extend to file share content – who is accessing what content and are there any anomalies in that access. For example, is someone downloading massive amounts of files?
Move from Reactive to Proactive
Remember the old expression ‘the horse is out of the barn’? The moment your data is exfiltrated or accidentally exposed the damage is already done. Modern threats – especially insider threats – require proactive monitoring.
Many feel a false sense of security because they employ security tools that boast data protection capabilities, but most are in fact are reactive.
- Audits and reporting tools only detect the damage after it’s done. They allow you to react after an incident occurs.
- Behavioral Analytics tell you if someone is doing something suspicious paired with proactive alerting, however you still need to take corrective action. They can reduce the impact of an incident, but they don’t stop it initially. Something suspicious needs to happen for them to detect it.
- Modern DLP and Information Protection tools allow you to restrict access using multiple user and data attributes – beyond just permissions – to not only control who can access information, but also what they can do with it and who they can share it with to mitigate risk more effectively. The proactively stop an incident before it occurs.
Real-time Attribute-based Access and Sharing Control
It’s time to stop relying on permissions and complex folder hierarchies to control file share access and start using a proactive data security approach. NC Protect uses metadata-driven, multi-attribute security to automatically restrict access to, encrypt, track and prevent unauthorized sharing of content based upon the presence of sensitive and/or non-compliant information, offering content-aware data loss protection (DLP) capabilities for Windows File Shares and Nutanix Files.
NC Protect delivers unmatched File Share security with data discovery, classification and protection capabilities including:
- File Analysis – Scan and identify sensitive data against privacy, compliance and business specific factors
- Data Classification – Classify documents automatically based on the presence of sensitive data.
- Access Control – Apply multi-attribute based access and usage rights at the file level
- Encryption of files both at-rest and in-transit
- File Sharing Control – Prevent unauthorized sharing and editing documents
- Workflows to automate notifications
- Audits who accesses content and what they do with it.
With NC Protect continuously monitor and audit content stored on and shared via file shares to protect against data breaches, unauthorized access, and misuse, while maintaining a simple and intuitive user experience that empowers customers to start securing file share content in hours, not days or weeks.