Future-proof file transfer methods

0

When attacking a problem, you can either hack the branches or go straight to the source. Establishing Zero Trust is no different. Let me be clear – I will always advocate for a comprehensive and robust strategy involving everything from SIEM to EDM to NGAV and beyond, but for a true Zero Trust defense-in-depth approach, you really need to protect your data at the source. I’m talking about protecting the information itself, not just access to it. And for that, you need Digital Rights Management (DRM).

Why we outperform current file transfer methods

To understand how organizations should approach zero trust, we must first understand the current information sharing landscape. According to security expert Anastasios Arampatzis, “Data sharing is now easier than ever, but it is also less secure due to the widespread use of collaboration tools and cloud-based file sharing services. BYOD, remote workers and staff working from anywhere exacerbate the security problem. Additionally, businesses face stringent compliance regulations such as HIPAA, PCI-DSS, FISMA, and GDPR. With the amount of sensitive, business-critical data routinely traversing the network, ensuring it only gets into the right hands is more than an “IT problem”. It’s a question of survival. »

So what are our current survival techniques? PGP, or fairly good privacy, has been around since 1991 and is used to sign, encrypt and decrypt communications, providing privacy and authentication. It’s still widely used, but as files travel over increasingly complex networks (where increasingly sophisticated attacks lurk), more may be needed. “We are getting to the point where simply sending confidential information with basic encryption is no longer an acceptable method,” says Ian ThorntonTrumpCISO at Cyjax.

Why is that? What’s wrong with the encryption we’ve been using for so long? Nothing, just the fact that once it’s decrypted, it’s out of your hands. Organizations today want – I would say need – to know that their files are safe not only in the hands of the intended recipient but for the life of the data. Take HBO, for example. Their popular game of thrones is sent through international distribution channels to appear on cable, streaming services and networks around the world. The problem is that once these digital copies are sent, pirated copies can be (and are) made, and spoilers are leaking, threatening ratings in their home market and affecting their bottom line. While solutions like managed file transfer services (MFT) alleviate much of the problem of transferring files securely from point A to point B, they can’t do much about what then happens. And that’s where, as we’ve seen, a lot of the bad activity happens. With these current methods, Zero Trust can only extend so far.

Zero Trust: The Last Mile of Organizational Defense

So what would get to the root of the problem? To better understand this, we must first understand Zero Trust. Zero Trust means nothing is left to chance; everything must be proven, every time. As I mentioned earlier, there is two approaches. You can either secure the transfer method or secure the data itself. What we are doing now is secure transfer or access.

Although there is no longer a perimeter, we still verify the user at a “gate”, and once they have been authenticated they have the keys to the realm to do whatever they want with the data on the inside. This introduces some problems. First, authentication methods are not infallible, with a high propensity for human error. Usernames and passwords can be stolen, guessed and hacked. This makes access controls only less than optimal. And remember, we review data confidentiality, availability and integrity. This technique makes the information both confidential and available but does nothing to protect its integrity.

To illustrate this point, let’s just say that the correct recipient authenticated securely and gained legitimate access to the file. When it comes to most security protocols, their job is done. However, let’s say the user decides to do something suspicious with your file – as in the case of HBO game of thrones hacking problem. Nothing would stop them.

Why DRM is necessary for Zero Trust

To truly achieve Zero Trust on business-critical files, data, and information, you must defend it at the source. This not only requires you to place access controls on the delivery method, but also on the information itself.

For this, there is digital rights management (DRM). DRMs work differently. Rather than making the data impossible for unwanted parties to capture, it prevents them from using it. DRM puts you in control of every file, email, and piece of intellectual property that crosses the network. You can set permissions on who can open it, limit access to specified email or IP addresses only, and maintain full control over who can print, copy, save, edit, or even capture your file. Bill Stubbles, solutions engineer at HelpSystems, explains that “a DRM solution integrates data protection and access control, and enables levels of protection that a conventional file encryption solution such as PGP simply cannot. equal. With PGP, once a file you send has been decrypted, it is completely out of your control. [A DRM solution] allows you to apply and revoke rights management on your files at any time. This has obvious benefits for compliance. HIPAA, for example, prohibits the sharing of personal health information (PHI) outside of HIPAA regulations and when necessary for the patient’s medical care. Protecting these files with specific permissions before sending will ensure that the information cannot be accessed by an unauthorized third party, even if it falls into the wrong hands. In short, DRM guarantees that:

  • End users may send and receive communications only to authorized recipients, without exposing them to unauthorized third parties.
  • End users retain control of files after they are sent, received, and accessed
  • Administrators retain full DRM rights management even after data leaves the organization
  • You assign privileges and permissions on a case-by-case basis and retain full control even after data access. That way, if something goes wrong, you can revoke it at any time. With DRM, you can maintain a level of data control that puts Zero Trust squarely in your hands.

About the Author: Chris Bailey is the Product Manager for the Help systems Secure file transfer products including Globalscape, GoAnywhere and FileCatalyst. Prior to his current role, Bailey was the co-founder and CEO of FileCatalyst, which he led until its acquisition by HelpSystems in January 2021. Bailey holds a BSc in Computer Science from Dalhousie University in Halifax, Canada . He holds a patent for the core protocol used by FileCatalyst to speed up file transfers. Bailey accepted 2 Emmy Awards on behalf of FileCatalyst for pioneering accelerated file transfer for the broadcast industry and for his work with NBC Olympics on the 2014 Winter Games in Sochi. In 2016, Bailey received the Top 40 under Forty award in Ottawa, Canada for his business achievements. Follow Chris on LinkedIn.

Share.

About Author

Comments are closed.