In 2019 we saw a number of major headlines surrounding data security. Massive breaches hit a range of organizations across the United States, from the government to healthcare to Facebook. Hundreds of millions of consumers were affected, leaving consumers and businesses alike with unanswered questions about the security of their data.
There was also major public policy turmoil. Intelligence and law enforcement organizations continued to fight for backdoors in encryption, while the private sector made privacy more accessible than ever before. And with one major data privacy law—the California Consumer Protection Act (CCPA)—coming into effect earlier this month, plus other states predicted to follow suit, it’s clear that privacy and security will be even more critical to the success of your organization in 2020 and beyond.
In order to meet the demands of today’s digital workplace where 26% of organizations share data daily and 44% share continuously, many organizations use encrypted file sharing to ensure the integrity of their data and prevent unauthorized access. While each organization’s use case may look slightly different, one thing remains the same: Preventing unauthorized access with end-to-end encryption is the key to keeping your data private in a challenging data protection landscape.
Let’s explore five real-world examples of how organizations use encrypted file sharing to improve their security posture, enhance data privacy, and meet business needs.
RPA is a technology that automates business processes through the use of software or “robots” that complete repetitive tasks on a computer typically performed by humans. RPA can significantly reduce the human cost of compliance—$7 to $30 million annually—and the potential fines that inevitably occur through data handling errors.
The appetite for automation is there, but the problem lies in the security, or lack thereof, of some RPA vendors. When one bot moves sensitive data from one location to another, security measures must be put in place to ensure the integrity of your data, as well as compliance with industry regulations.
Most RPA vendors provide native security features including TLS encryption and access management. However, object-level encryption and additional control features are necessary when bots are utilized in a cloud environment. With end-to-end encryption, you can secure your workflows to ensure that sensitive data shared within and outside the organization has the appropriate levels of encryption and policy controls.
Take for example a bot that handles the movement of files containing sensitive data from a local storage location to Google Drive. Another bot encrypts the data, adapts the policy using access control management capabilities, then downloads and decrypts it where it resides securely in a folder located on-premise or moved to another cloud storage platform. While the opportunities for RPA are endless, this is a very simple, transactional task that would otherwise be performed by a human resource exposing the company to the risk of error and higher costs. With encrypted file sharing, this task is now a secure workflow that not only saves your organization’s bottom line but also boosts your security posture.
The Securing the Digital Workplace: Cloud Industry Outlook 2019 report indicates that 51% of organizations share data externally via email and 60% are also using cloud file storage systems like Google Drive, Dropbox and iCloud. And 52% say they use file transfer solutions like IBM Aspera and Salesforce Connect.
Regardless of your preferred file transfer method, the security of these files is a concern, particularly in highly-regulated industries. Due to the amount of data shared among disparate locations, platforms, and partners, companies are taking a hard look at the security of their legacy file sharing solutions and looking for new ways to share securely.
To understand how encrypted file sharing can address this concern, take the example of a healthcare organization that must be able to share personal health information (PHI) with both a network of providers and a patient. Traditionally, the healthcare organization might communicate with partners via Secure File Transfer Protocol (SFTP). While that is sufficient for securing third-party communication, the patient cannot receive his/her own PHI that is within a file via SFTP. Therefore, a solution is needed that allows the healthcare organization, partners, and patients to all share information in a way that is both secure and easily accessible via email. Encrypting the files with end-to-end protection not only ensures that the data is protected throughout its lifecycle but also ensures that all recipients have a seamless experience all within their inbox.
If you collect consumer, patient or end-user data via a form, portal or any other method, personal privacy, and compliance with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) are a top concern.
Not only is ensuring the privacy of personal data a compliance requirement, but it is also how you build trust with your customers. Hardly a week goes by without hearing of yet another breach that impacts tens of thousands, if not more, customers and so implementing the proper security safeguards to prove that sensitive data is protected in the case of a breach is of the utmost importance.
Say for example you are a media company that collects consumer data in order to better predict the types of shows and movies a customer might enjoy. Under GDPR and CCPA, consumers have a right of access which allows them to submit a data subject access request (DSAR) in order to discover the type of data your organization collects about them, for what purpose, and who has access to it. The catch is that your organization must comply with this request in a secure and timely manner and sending an email with the data in plain text is not sufficient.
Instead, organizations are turning to encrypted file sharing in order to respond to DSARs by sending the details of what data they store on an individual as an encrypted attachment. By doing so, your organization can adapt to the strictest privacy needs under these new regulations, build customer trust, and still use data to drive your business forward.
More than 90% of organizations store data in the cloud and 84% have multi-cloud environments, using four or more cloud providers at once. This data is then aggregated into reports and funneled into custom applications to support business objectives. In fact, on average, organizations are managing tens to hundreds of custom applications at once while supporting multiple devices. The challenge then lies in how to manage data across disparate environments and devices.
For organizations that operate in a highly regulated environment, the native security features offered by cloud providers may simply not be enough to protect against a damaging breach or human error. This presents a unique opportunity for software developers who build these applications for regulated industries. By baking in an additional layer of end-to-end encryption at the data level, data remains protected while ensuring continuous compliance with changing regulations.
So if you’re in the business of building apps that access or store large amounts of consumer data, get ahead of compliance challenges now and make security part of your value proposition with platform- and data-agnostic encryption. In the end, you’ll build customer trust, improve your bottom line, and reduce security debt from the start.
Internet of Things (IoT) devices introduce new technical challenges to protect against unauthorized data access, with sensors producing multiple files per second or streaming data between locations. The data originates from the device, then travels to the cloud. From there, data is used to develop analytics which are then delivered to a variety of users. What’s concerning is that this data is often sent without any encryption, putting it at risk for exposure, theft or breach. This data must uphold privacy standards across the entire lifecycle, from collection to transmission to analysis even when the device itself may be insecure.
Take for example wearable technology—such as smartwatches or fitness trackers—one of the best-known applications of the IoT. These gadgets collect large amounts of data from the user including heart rate, blood pressure, blood oxygen levels and more. This data has proven valuable to the healthcare industry because it can be used in the prevention of diseases and illness, and for general research.
However, many fitness devices also come with a significant lack of user data security and privacy. If these devices utilized encryption, manufacturers could ensure that the user data is only accessible for authorized users. And, given the potential for IoT devices to be lost or stolen, access controls coupled with audit features further protect data from abuse and compromise. As IoT security and privacy continue to be a concern for consumers, encrypted file sharing can give your organization the competitive advantage needed to stand out and succeed in a “smart” world where privacy so often takes a back seat.
To address the five examples touched on above, as well as a myriad of other use cases, Virtru offers a platform, data, and device-independent encrypted file sharing solution so you can protect and share your sensitive data without constraints; in-transit and at rest.
Development teams are building applications and workflows at a record pace to keep up with the data sharing, workforce productivity and innovation goals of the modern workplace. Yet, open-source tools, containers, and low code development platforms have accelerated the release process, making it tough for security practitioners to keep up.
With access to the Virtru Platform, developers are empowered to proactively protect the data utilized by their applications without slowing down the development process. The proven data protection architecture and out-of-the-box applications used by over 5,000 organizations for file and email protection today are now open and extensible to any platform for endless use cases.
Learn more about how Virtu securely accelerates the development process for organizations with a need for stronger data protection. To explore more use cases, check out the new Virtru Technology blog.
Contact us to learn more about our partnership opportunities.