1. Set Dynamic Policies for File Sharing
Most federal security policies take a binary approach to file sharing, restricting some types of sharing while allowing others. Some of the more stringent rules are usually applied to cloud services.
While that’s understandable given uncertainties surrounding some of these services, the fact remains that many cloud applications are easier and faster to use than traditional methods of communication, such as email.
Instead, agencies should consider implementing data loss prevention policies. With DLP, the focus is on protecting the loss of data in-flight, not stopping transfers altogether. Risk is assessed dynamically based on a single predefined policy that assigns specific actions based on which file service is being used.
For example, files sent via OneDrive might be analyzed under different criteria than files shared over Box or Google Drive. Meanwhile, internal file sharing may be analyzed differently than files shared externally. The analysis may show that a particular file should be blocked, but that does not inhibit other files from being shared over the same service or different services. The balance of productivity and security is maintained.
2. Expose and Control the Use of Unauthorized Cloud Services
Of course, this does not mean that users should be allowed to leverage any cloud service they prefer. Even while working remotely and with their own devices, employees must adhere to using well-fortified cloud services deemed safe and provided by the agency. Unfortunately, the use of unsanctioned cloud and third-party file sharing services has grown in today’s remote work environment.
More than ever, IT managers must gain visibility into the applications employees are using to share files across networks. Unsanctioned cloud applications must be identified and potentially blocked and removed.
If managers discover a large number of employees using the same unsanctioned applications, they should consider it a chance to evaluate whether their authorized applications are still contributing to employee productivity. In any case, security policies must be applied to all applications, even those deemed appropriate, to ensure file transfers remain secure.
3. Calculate Risk Based on User Behaviors
Combining DLP and application visibility with employee behavioral analysis forms a powerful defensive posture. Behavioral analysis — the monitoring of risk based on employees’ typical behavior patterns — can help agencies identify and address true file sharing red flags without sacrificing the productivity of the entire organization.
Most employees’ activities tend to be low risk. Even if they are using cloud services to share information, their actions usually present very little threat to the agency.
However, when an anomalous pattern emerges, security managers can take immediate action and target the employee account in question without forcing a blanket shutdown that affects others.
4. Implement a Zero-Trust Architecture
A zero-trust approach should be implemented to further solidify the agency’s security foundation and mitigate the potential for exposure. Trust in users should never be implicit; rather, each time a user attempts to access or share information, that user should be subject to verification. Only users who need access to certain information should be allowed access.
This approach should apply to everyone in the agency, but it’s especially important for those who are working with highly sensitive information or who have shown signs of risky behavior.
A person with a secret clearance level, for example, clearly poses greater risk than someone with a confidential clearance level. The former has a higher risk profile and therefore should be subject to greater scrutiny.
Likewise, a person who routinely exhibits potentially risky actions — regularly uploading personal files to a cloud drive, for example — also requires careful consideration.
Still, every employee should be considered a potential conduit for data leakage. Combining zero trust with behavioral analytics can help agencies determine which employees are more likely to introduce risk — thereby allowing agencies to focus their efforts on those users — while continuing to analyze the rest of the organization.
5. Embrace an Agile Approach to File Sharing Security
It’s clear that hybrid and remote work are here to stay, at least in some capacity, and that the use of cloud services will only continue to accelerate.
The DOD IG report stated 68 percent of surveyed employees want to work from home for more flexible work hours, a better work-life balance and reduced commute times. Agencies must do what they can to balance employees’ desires for productivity from anywhere with ever-present security challenges.
Taking a nonstatic, targeted and agile approach to security can help agencies meet employees’ needs while protecting their data.