Secure collaboration provider Intralinks' standard contract makes provision for customers to physically visit the company's data centres and conduct security audits, field chief technology officer Daren Glenister told iTWire.
What's more, such audits occur almost weekly.
And they are not regarded as a necessary evil; rather the company sees them as a way of "keeping ahead of potential threats", Glenister said.
|
|
Putting high-value intellectual property or very sensitive data into the hands of a third party calls for compliance and security, he said.
"That's our heritage" from 18 years as a SaaS provider.
Organisations "have to be able to collaborate externally" so it is important that IT departments do not merely attempt to put barriers in the way of such activities.
Rather, services such as Intralinks' Content Collaboration Network enable secure collaboration within an organisation and with external partners and the public.
Since permissions are embedded in the document being shared, they travel with the content wherever it goes. Importantly, the scheme allows permissions to be withdrawn (eg, when a relationship ends) and they are enforced without the need to install plugins or other software on recipients' systems.
"If you try to secure everything, it's not going to work," Glenister warned.
Instead, he suggests the following steps:
• Classify the data to determine what can be shared
• Identify where data is stored, and who has access to it (and for how long)
• Establish separate and appropriate policies for internal and external collaboration
• Consider how secure your own systems are compared with those of a cloud vendor (either way, the CIO or CSO is likely to be fired in the event of a serious breach)
"You assume every company is doing this... but in most cases they're not – and that's the scary part," Glenister said.
A forthcoming release of the company's service will allow customers to specify that their data must remain onshore.
