|By Jim Liddle||
|March 30, 2015 02:00 PM EDT||
Five File Governance Policies and Features Companies Must Have
It seems that not a week goes by without another high profile data breach or revelation about lax security, both on premise and on-Cloud. Given this companies should, at a bare minimum, consider implementing the following 5 file governance policies in place in their company to aid with file security:
1. Secure Identity Management: Ensure that an Identity Management policy is in-place, is clear, and if one exists that it is validated and checked regularly.
Check whether services and applications can take advantage of existing Identity Management to enable a Single-Sign-On (SSO) rather than promoting Identity Management Sprawl.
2. Understand Access Control Perimeters: Over time User Access Control to files / folders / systems can change.
Ensure there is a policy in place to regularly check these and ensure guest user access is regularly monitored as part of this policy. Guest access in many companies can prove to be huge security hole.
3. BYOD / BYOC: The curse of data assets finding there way onto users consumer clouds should be controlled. Consider adding a section to an employment letter outlining the policy and actions taken if breached.
If consumer type services such as DropBox have ended up being used in house ensure that user access to folders is checked as it is all too easy for users to continue to get access to company data when they are, for example,contractors that have since left the company.
4. Links for file sharing: Promote the user of trackable links for file sharing. Services such as Storage Made Easy can be used to provide audible trackable links for files irrespective of where they are actually stored. If links are used they can be password protected or time expired for additional file security.
5. Understand data boundaries for what is stored Cloud: Understanding or promoting boundaries between the types of content that is sensitive and that should remain in-house and what can be used on Cloud is sensible but can prove hard to implement.
Consider encrypting all data that is stored on Cloud Services with the private key stored securely behind the company firewall.
A company's data is it's core asset. It pays to protect who has access to it, what type of access they have, what they do with it, and what they have done with it.
- The Top 250 Players in the Cloud Computing Ecosystem
- Cloud People: A Who's Who of Cloud Computing
- Ulitzer Names the World's 30 Most Influential Cloud Computing Bloggers
- 4th International Cloud Expo: Photo Album
- Cloud Expo New York to Attract More Than 8,000 Delegates
- The Cloud Computing Kettle Heats Right Up
- Industry Experts Discuss the State of Cloud Computing
- 4th International Cloud Computing Conference & Expo Starts Today
- Cloud Expo and The End of Tech Recession
- SYS-CON.TV: Cloud Computing Expo Power Panel