The Weakest Link: How Organizations Can Securely Manage Content in the Cloud

The exponential growth of unstructured data and why it’s a risk

As I have talked with customers over the past several months, many have been candid with me about the cost of shifting quickly to a remote work environment without a lifecycle approach to information management and security. COVID-19 has accelerated investments in technology and change which has magnified long-standing challenges that highlight the need to take an architectural lead, or built-in, approach to how we secure our unstructured data, instead of relying on end users or bolted-on solutions.

In 2019, the amount of data created in the world reached 41 ZB. When most people think of data, they think of structured data in orderly systems with thoughtful access and naming conventions. What people have forgotten about is the unstructured content that moves around, inside and outside of organizations. Unstructured content touches everything we work on, from communication and collaboration to workflows and siloed repositories. Most enterprises today use on average 88 different cloud apps, each of which leave fragments of data and content everywhere, including information that should be restricted, confidential and governed. Yet they are made accessible—and in some cases, handed right over—to people who should not have access. In the absence of a lifecycle approach to information management, we routinely leave these information fragments in our wake. With no ability to rein them in, we lose chain of custody and they remain endlessly accessible. 

While modern cloud services add their own layer of security, these fragments create a large surface area for security risks, which is a problem for organizations, whether they know it or not. In fact, there were 4B PII records breached just in 2019. Approximately 55 percent of breaches happen at the hands of negligent employees, through unintended disclosure, lost devices, or lost documents. The irony is, no one comes into work in the morning and says, “Hey, I’m going to be negligent with some data today.” Unfortunately, it still happens, and the impact can be enormous. The average worldwide cost of each data breach is $3.9M, and research by Deloitte shows that the effects can last for years, when you include business and reputation damage.

More organizations are finding that the cost of being unprepared is greater than the cost of making the necessary risk-reducing investments in the first place. It’s a bit like car insurance—it feels like a waste of money paying for insurance until you need it, then you can’t imagine going without it, because the cost of the impact is greater than the premiums.

CIOs need a built-in approach to content management that provides frictionless security without disrupting the freedom of choice with the user experience

 Without good information governance, information is being relayed in new ways, outside of existing security structures. Research shows that 90% of shared content is shared only for viewing and not for editing. Nevertheless, employees regularly hand over full access to content to someone who only needs to read it. In doing so, they give up the chain of custody, creating version control and audit issues while increasing security and compliance risk. In addition, organizations that have no strategy for how to manage unstructured content are moving around ~90% more content than they need to. We can reimagine our approach to how we govern this content by looking at the architecture we use to secure it.

The legacy approach to sharing creates fragmented silos of content across systems and platforms, and it increases the attack surface for bad actors. People do need the ability to work with flexibility and in frictionless ways, but they also need guardrails that prevent them from mistakenly taking risky actions with sensitive content.

 To bring order to the wild west of content sharing, CIOs need to reduce and hide the complexity of content management and protect content without the need for humans to significantly change their way of working. With a security-led content management approach, security is built into your collaboration and workflow applications to provide users with a seamless experience, while becoming a single source of truth for security to monitor and manage information.

The Box CCM platform is purpose-built for providing sophisticated security and compliance capabilities and helping organizations think through their architecture for securely managing their content. Combining multiple layers of security controls, smart access policies based on native classifications, automated classification of content and guardrails that allow people to do what they need to do, while preventing them from doing things you don't want them to do. Box also helps organizations defend against threats through malware protection, device management and deep contextual awareness of activity with your most valued assets.

Only with a built-in approach and the sophisticated capabilities of the Box cloud content management platform can you solve the weakest link in your digital security strategy and manage your content securely.