FinalCode, Inc., the innovator in enterprise file security for a connected world, recently released the 2015 State of File Collaboration Security Report. Independent research for the report was conducted by Enterprise Management Associates (EMA) and offers key insights into file data leakage risks and incidents, security process and control maturity, perceived cloud-based file platform threats and investments to preempt and contain file access and usage exposures. Survey respondents are comprised of information security decision makers in mid-tier and large enterprise organizations spanning multiple industries in North America.
Key findings of the report revealed that all responding organizations expressed significant concern for risk of data leakage due to inappropriate sharing or unauthorized access to files containing sensitive, confidential or regulated information. Correspondingly, more than 80 percent of survey participants were aware of data leakage incidents in their organizations. While the majority of IT organizations have enhanced technical controls and auditing, only 16 percent of the respondents felt highly confident in their file security investments – indicating an underlying insecurity in monitoring and enforcement capability. Fortunately, the vast majority of respondents across IT, security and line of business roles indicated that their organization plans to invest in stronger security controls.
As evidenced in the survey results, the growth of cloud and mobile computing, the ease at which files can be shared and the diversity of collaboration methods, applications and devices have all contributed to the frequency of file data leakage incidents. More so, the expansion of industry and government compliance mandates toward data security, and specifically safeguarding personally identifiable information (PII), has spurred companies to take action and investigate how to extend policies, processes and controls to further protect sensitive information within and outside an organization.
The survey and analysis of more than 150 respondents from mid-tier and large enterprises was completed by EMA in September 2015. It illustrates the nature of perceived file security threats and defenses within North American organizations. Survey highlights include:
- All organizations, across IT, security and line of business roles, are concerned about file data leakage risks, and 75 percent expressed very high to high concern
- 84 percent of participants had moderate to no confidence in their security controls and auditing capacity to secure confidential files
- More than 80 percent of survey participants experienced file data leakage incidents in their organization, and half expressed frequent incidents
- Inappropriate file sharing with others inside the organization, with those outside the organization, and through malware and hackers were cited as the most likely causes of data leakage
- More than 90 percent of respondents stated the lack of protection of files leaving cloud-based platforms or device containers as the highest risk to adopting cloud-based file storage and collaboration services
- While policy development and legal enforcement are foundational file security defenses, organizations plan to increase user awareness training and purchase additional security technology
- Email Gateway/Proxy and Data Loss Prevention (DLP) technologies were the top mature controls, while file encryption and usage control software was cited as the top upcoming control investment
- 70 percent of respondents believed that end users would invoke stronger security controls on files they share if empowered to do so
“Data dissemination and file collaboration are natural parts of most business and operational workflows, so must security be an integral part of the workflow to protect information. Unfortunately, protecting sensitive and regulated data within shared files remains a significant exposure within many organizations,” says David Monahan, research director of risk and security management at EMA. “Our survey findings clearly show a gap between file security policies and practices, and the efficacy of technical controls in place to monitor and enforce compliance to the existing policies. This lack of capability to control unstructured data as it moves through its lifecycle will not only yield more data privacy breaches but will impact the adoption of advanced enterprise and cloud content management systems.”
“We are pleased to sponsor the 2015 State of File Collaboration Security report conducted by Enterprise Management Associates. The findings serve as useful metrics on to the state of perceived risk, actual threats and control investments to protect files as companies extend their content management and collaboration strategies,” says Scott Gordon, chief operating officer at FinalCode. “The independent research clearly validates the need for easy, flexible and persistent file security capabilities as exemplified in the FinalCode platform.”