A recent study by Symform revealed that decision-makers across the country are losing control over cloud deployments, largely because they do not even know they are using the cloud. The survey, which polled close to 500 companies, found that only 61 percent of organizations acknowledged they were using the cloud, even though the majority of the remaining respondents were also using the technology.
"This research validates how cloud applications and services are being purchased and managed increasingly by non-IT departments and illustrates the need for IT to reclaim control from a policy and governance standpoint while still enabling the business to benefit from the cloud's agility and cost effectiveness," said Margaret Dawson, vice president of product management at Symform.
Respondents said the No. 1 concern with document protection in the cloud was access control, as IT departments have trouble monitoring which employees are using the cloud for what purposes. Dawson said that adopting the cloud may be inevitable, but that doesn't mean executives should lose all authority over the hosted environments.
By deploying advanced document rights management tools, for example, decision-makers can regain visibility into cloud deployment strategies. In doing so, companies can reduce the security vulnerability associated with inappropriate access to the cloud.
Organizations around the world are using cloud computing services to store mission-critical records in an off-site scalable environment. While doing so can invite a number of new possibilities for the private sector, it also raises some significant document security questions as to whether decision-makers are doing enough to keep confidential resources safe.
Managing identities, in particular, is becoming increasingly difficult with the cloud, according to a report by InfoWorld. In the past, IT departments could easily monitor who accessed sensitive documents and why. As operations began shifting toward off-site environments, however, decision-makers lost some control and visibility into user activity.
"The cloud in 2012 is different from the on-premise world of 2002," identity expert Patrick Harding said, according to InfoWorld. "Back then, a proliferation of different directories emerged that were then subsumed by [Active Directory]. Most on-premise apps were tied to AD for authentication and role/group management."
As more organizations embrace the cloud, executives will need to adopt identity and document rights management solutions that provide decision-makers with insight into who is accessing what and why. If companies neglect to use these tools, they will find themselves struggling to manage cloud security initiatives efficiently.
Cybercriminals launch a variety of attacks to gain sensitive information from companies, including attempts wherein they mimic employee credentials, according to a Dark Reading report. This raises the question as to whether firms are implementing identity and document rights management strategies strong enough to keep unwanted individuals at bay.
In many cases, outsiders target workers with privileged accounts that enable employees to access confidential resources, hindering a firm's overall document protection capabilities.
"The common belief is that if you're managing the user names, roles and privileges of your IT employees' personal accounts, then you're successfully controlling all privileged accounts and access," security expert Adam Bosnian said, according to Dark Reading.
This is not always the case, however, as many privileged identities act as conduits for direct entry to repositories containing highly sensitive information. As a result, decision-makers need to regularly test and monitor document security solutions, ensuring only authorized individuals are viewing mission-critical files. If executives neglect to constantly improve and change employee privileges, they will likely find themselves fighting complicated cybersecurity vulnerabilities at every turn.
As if traditional document security initiatives were not complicated enough, the rapid adoption of cloud computing and mobile devices in the workplace is introducing even more challenges for IT departments. Now, exposing confidential resources is an even more likely possibility as the number of endpoints increases, according to a BankInfoSecurity report.
"A lot of security tenets today are built off the fact that you have this visible and single point in your network," said Dan Hubbard of the Cloud Security Alliance, according to the news source. "The cloud and mobility in the consumerization of IT are changing all of that. This kind of single traffic lane or freeway doesn't exist anymore."
In fact, one of the top threats associated with consumerization is unauthorized access to confidential resources through unprotected mobile gadgets, the news source said. For this reason, among others, decision-makers need to incorporate mobility and cloud solutions into their overall document protection program.
Executives should consider implementing document rights management and other access control tools to ensure only those permitted to view sensitive resources can do so. If companies neglect to adopt advanced security solutions, they will find themselves struggling to protect confidential resources during the age of consumerization.
The government, like the private sector, is highly susceptible to evolving digital risks. For this reason, federal, defense and intelligence agencies are prioritizing document security initiatives to keep confidential resources protected in the age of adversity, according to a new study by Lockheed Martin.
"Government's challenge is twofold, adopting transformational technologies to help reduce operating costs while also keeping systems and data safe," said Rick Johnson, vice president and CTO of Lockheed Martin Information Systems & Global Solutions.
The study revealed that 85 percent of government IT decision-makers have put an emphasis on digital document protection strategies, as they have already deployed at least one major initiative. Other technological projects, such as the adoption of cloud computing and mobile solutions, are raising the importance of launching robust security programs.
A separate report by INPUT noted that federal investments in information security will exceed $13 billion by 2015, largely driven by the consensus that the government still has a lot of work to do to remain secure in today's evolving digital landscape.
As with so many other industries, healthcare is continually fighting an uphill battle in an effort to minimize data breaches. While there are many tools that can be used to strengthen document protection and reduce digital vulnerabilities, encryption is among the most efficient and effective, according to an InformationWeek report.
"[We need to] get people focused on the one simple thing they can do in the security space and move the needle in terms of protecting patient privacy," security expert Doug Pollack said, according to InformationWeek. "Encryption is one of those rare focus areas that can make a huge difference."
If document security initiatives are deployed correctly, incorporating encryption can be simple and will prevent unauthorized individuals from viewing confidential resources. This is especially important as healthcare facilities begin to embrace bring your own device and other mobile strategies that make it easier for people to access records, the news source continued.
Healthcare administrators should also consider implementing document rights management technologies, which are similar to encryption in the sense that they inhibit people from viewing sensitive files that are normally out of their reach.
Security intelligence, or information regarding the evolving risk landscape, is a critical part of any document protection strategy, as decision-makers need to understand how resources are being accessed and used to safeguard them. The concept of security intelligence is rapidly changing, however, and executives need to develop unique plans to ensure confidential solutions are protected.
A report by Dark Reading said planning ahead is the most important part of establishing an effective security intelligence strategy. Information regarding evolving digital threats, in particular, will give decision-makers unique insight into virtual environments and how varying document security solutions will address vulnerabilities.
Both short- and long-term threats should be addressed in the planning phase, as this is the only way to guarantee longevity in today's highly complicated digital landscape, Dark Reading said. By placing an emphasis on enduring risks, executives will be able to develop more consistent security initiatives.
Companies of all sizes should also consider deploying document rights management solutions that limit unauthorized access to sensitive resources. This will prevent both unverified insiders and outsiders from viewing confidential records.
Despite the proliferation of cloud computing, many skeptics believe the hosted environments are not secure enough to keep sensitive documents safe. Other pundits, however, think this will change in the coming years.
A new report by Symantec noted that future cloud services will have robust document protection tools to provide more control over the hosted environments without jeopardizing compliance. This will become increasingly important as interconnected clouds emerge and businesses adopt bring your own device (BYOD) and other initiatives that introduce a greater number of platforms for accessing mission-critical resources.
In the future, clouds will be more agile and secure than they are today, Symantec asserted. These safe clouds will enable the private sector to progress, increasing IT affordability and the availability of resources along the way.
A separate report by Dark Reading said mobility will define the future of cloud document security. It is therefore important that companies consider implementing document rights management and other access control tools to prevent unauthorized users from viewing confidential documents that should be outside their reach.
Cloud computing is slowly reaching mainstream adoption in the private sector as companies try to enhance cost savings and overall efficiency as much as possible in today's economy. However, many decision-makers are still hesitant to adopt the solutions because of the perception that the cloud's document security capabilities are not optimal.
Chris Weitz, a director at Deloitte Consulting, told TechTarget in an interview that this shouldn't be the case.
"There's absolutely nothing intrinsically dangerous about cloud computing. Nothing at all. It's just that it's new," Weitz said.
Rather than shrugging off the cloud because of the hype surrounding its inability to keep confidential resources protected, decision-makers should implement robust security solutions that provide IT departments with information as to how the cloud works, Weitz noted. By deploying monitoring tools and document rights management technologies, executives can gain greater visibility into the cloud and establish strategies to patch up any vulnerabilities.
A separate report by Help Net Security echoed this sentiment, noting that managers need to use authentication and verification technologies to enhance document protection by only permitting authorized individuals access to critical resources.
Small and medium-sized businesses, also known as Level 4 merchants, are not doing enough to remain compliant with payment card industry data security standards, according to a new study by ControlScan and Merchant Warehouse. The survey, which polled more than 600 companies, revealed that both online and brick-and-mortar SMBs are not placing enough emphasis on document protection.
"Just under half of this year's respondents indicated they are unaware of the PCI DSS," said Joan Herbig, CEO of ControlScan. "That finding, combined with the fact that 79 percent of respondents think their business has little to no risk of breach, indicates a serious disconnect between Level 4 merchants and the ISOs and acquiring banks serving them."
The study found that only half of survey respondents verified their document security strategies are up to code and able to keep mission-critical information protected. Since SMBs have fewer exhaustible resources, they need to find the appropriate tools that can keep confidential resources safe.
By deploying document rights management solutions and other access control technologies, decision-makers can guarantee that only authorized individuals have the ability to view sensitive assets. In doing so, SMBs can also meet compliance requirements.