Do We, Can We, and How Should We Live in a Post-PRISM World?

By Peter Bernstein October 14, 2013

Ever since the NSA scandal broke in the U.S. and rogue contractor Edward Snowden started releasing classified information about government snooping on Everything, there has been a gnawing question for enterprises that goes beyond the current imbroglio over the extent to which there needs to be new privacy legislation. That question, as embodied in the headline above, is to put it bluntly: “Should enterprises take increased measures to protect themselves from unwanted prying eyes that include the government?”

For the record, I actually like the marketing value of us moving beyond the current scandal that is implied by using the term “Post-PRISM.” However, marketing aside, it is hard to imagine a scenario where there will be less spying, or a decline in hacking attempts. This includes that of the intelligence community on personal and corporate activities with -- and probably without -- FISA court approval, as has come to light.

We live in an increasingly risky world. Very sophisticated foes of the mercenary and state-sponsored variety wish to do us, our employers and the country harm. No government official is going to want to be culpable for scaling back on surveillance because of the finger-pointing that will ensue should bad things happen on their watch. 

What this means for IT security professionals and the C-levels in their enterprises is a complex matter, to say the least.  As I have documented many times, the use of BYOD options and third-party file sharing services inside enterprises is exploding, despite policies prohibiting or limiting their use. What this means using industry terms is that the vectors of vulnerability are increasing exponentially. That said, there clearly are data interchanges that must be visible and manageable by IT to protect enterprises’ critical information from getting into the wrong hands, including those of the government and its growing army of outside contractors. 

Image courtesy Shutterstock
While the wounds of PRISM in particular are still open, this seems like an opportune time to look at what solution providers in the security industry are doing to help enterprises get their arms around this challenge. Recently, on this subject I wrote about SafeNet’s SafeMonk for Enterprise solution for combating what many have called “The Dropbox Effect”, e.g., the increased vulnerability of enterprises to critical data because of the popularity of third-party file sharing; to wit, the name being derived from that of the market leader in that space.  

Mountain View, CA-based Egnyte is another company tackling “The Dropbox Effect” to help close the vector of vulnerability hole created by the almost pervasive use of cloud-only file sharing solutions within businesses—ironically where C-levels have been identified as major offenders. 

The industry is feverishly working on solutions to this problem because of the undeniable benefits organizations and their employees see in using such services for collaboration that has become an imperative as workforces become more distributed and mobile that is counter-balanced by the need to protect the data at rest and on the move. A few weeks ago, Egnyte -- in recognition of the fact that industry research has shown that most companies believe cloud file sharing has compromised their data security, and IT still believes that there will always be a need to store critical information locally and not in the cloud for competitive and compliance reasons -- announced a “PRISM Prevention Program.”

The PRISM Prevention Program

As Egnyte explains, “The PRISM Prevention Program is for companies with files too secure or private to be shared via cloud-only file sharing solutions.” The program includes:

A risk assessment that will detect any of the more than 20 cloud-only file-sharing services found in most businesses today.

Five Egnyte Storage Connect licenses to enable file access and sharing directly from any on-premise storage device, precluding any exposure associated with cloud-only file sharing.

The latter item is the secret sauce that Egnyte introduced along with the program. It’s an extension of its flagship Egnyte file sharing solution. Egnyte believes, in fact, that it is currently the industry's only file sync and sharing platform to address the full range of enterprise file sharing needs.

The value proposition speaks to what IT security professionals say they need to improve their risk management capabilities. Egnyte customers using Storage Connect can access all of the files they need to run their business, no matter where they're stored -- on-premise or cloud storage – from any device.

The new functionality enables businesses to easily access even their most sensitive files, while still meeting their industry's regulatory requirements. Egnyte says it covers the use cases that are top of mind for enterprises including:

Cloud File Sharing – easy mobile access and collaboration from anywhere, using any device;

Private File Sharing – remote file access to storage behind the firewall using any smartphone, tablet or computer, without the need for VPN;

Local File Access – fast, in-office file access to address issues with latency, business continuity, large-file workloads and network congestion;

Cross-Office Collaboration – the ability to sync heterogeneous storage devices across distributed offices, which enables remote teams to collaborate as if they're in the same room.

"Due to concerns about privacy, security, intellectual property or mergers and acquisitions, businesses want to combine the simplicity and ease-of-use associated with cloud-file sharing with the security and privacy of their own infrastructure," said Egnyte CEO Vineet Jain. "Our PRISM Prevention Program provides a business with everything it needs to detect cloud-only file sharing services that may introduce risk. It also offers a simple yet secure way for companies to securely access and share files too sensitive to be shared through the cloud."

The fact of the matter is that increasingly security is based on critical information, even email, being encrypted. The challenge is that in a BYOD and third-party file transfer world, how encryption is done, where, by whom, and more importantly who holds and controls the keys in a world clamoring for both collaboration and security are all issues under debate. Should the end customer have full control or IT? When the government comes a’ knocking, should they literally be handed the keys? 

The PRISM revelations have made all of these questions non-trivial, to say the least. They have also called into question just how safe the cloud is if the government demands the keys. Unfortunately, no digital-asset risk management solution is perfect. However, making it really hard for bad guys and even the government in some instances to access and possibly compromise critical data is clearly a powerful deterrent. After all, only the really bold and impassioned are willing to attack when there are so many targets of opportunity where defenses are weak or do not exist. 

The fact of the matter is that trust between IT and end users needs to be restored. End customers should feel that they can easily use the tools they perceive they need to do their jobs, and IT should enable this while being able to remain responsible and accountable for keeping people, devices, applications, processes, critical information and brands, well protected. The Egnyte solution, which combines the flexibility of cloud with the security of local storage and the performance of hybrid, is an approach that raises the bar of prevention. Whether it refracts all of the potentialities of what has been broken out by PRISM is problematic, but it clearly gives IT options to consider.



SHARE THIS ARTICLE
Related Articles

Modern Moms Shaping Influence

By: Maurice Nagle    7/19/2018

Everyone knows Mom knows best. The internet is enabling a new era in sharing, and sparking a more enlightened, communal shopping experience. Mommy blo…

Read More

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More

Contribute Your Brain Power to The New Intelligence

By: Paula Bernier    6/28/2018

The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…

Read More