Challenging the status quo isn’t always easy, but it’s often necessary.
I believe there’s never been a more critical time to think differently about how we approach enterprise content security. Here’s why.
According to one estimate, we collectively create 2.5 quintillion bytes of data every day, and that number is poised to rise. When people try to access content—whether it lives in the form of text documents, or data stored in programs, apps or collaboration tools—there are different ways IT teams can defend it. The traditional IT security approach is to stand in the middle, like a gatekeeper who decides what end users can do. That was relatively easy 10 years ago when we had smaller networks to secure or a well-defined perimeter.
Today, our content footprint continues to grow, but we have persisted with same approach to security. Instead of thinking about how we interact with data, we have stayed focused on the security risks, which are largely the same as they’ve always been: traditional data leakage prevention, malware detection, authentication, and perimeter controls.
I believe our changing relationship with data demands a new approach to securing what we create, and it needs to put end users first. As Albert Einstein said, “We can’t solve problems using the same kind of thinking we used when we created them.”
Moving Beyond the Era of Parental Controls
The biggest reason security data breaches happen is that people are simply human. While no one shows up to work in the morning intending to be negligent, many people are simply unaware of what security controls should be applied to sensitive data. Inevitably, they make mistakes that generate risk, so security professionals aim to reduce those errors by creating products that sit between the end user and the actions they need to take, deciding what to allow. It’s a lot like parental controls on your TV.
As enterprise systems grew and started moving into the cloud, the data leakage prevention industry developed more products to secure the increasing range of endpoints—essentially bolting on more parental controls for on-premises environments. For example, they can identify when someone shares a document that should have limited distribution and revoke their access. If I send you a link I wasn’t meant to share, you’ll find out when you try to open it because it won’t work. I’ll find out when you send me an email saying you don’t have access. The content is secure, but at what productivity cost? This is exactly what Einstein was talking about.
In recent years, security practitioners have started to realize that this isn’t the best way to solve the problem because nobody wants another barrier that gets in the way of getting work done. Nevertheless, the security market is still dominated by solutions that are bolted on between the end-user and the data they need to use.
Putting End-Users First
The biggest concern for organizations today is that data is growing at a significant rate. With more people using more devices and more apps, the challenge becomes increasingly unmanageable. Organizations need new solutions to manage this problem at scale because creating more barriers isn’t going to help. Security needs to account for the way people work.
At the heart of it, end users are just trying to get their work done. They want to find what they need quickly and collaborate with others when they need to, whether they’re editing documents, sharing via messaging apps, or analyzing data. Security should facilitate this work, not stifle it. To achieve that, organizations need security controls that are built-in, transparent, and empowering. End users should feel that their security processes protect them without getting in the way.
Using Technology to Bring Security Closer to the Content
In this new era of cloud-native data loss prevention, Box makes it easy to secure content at scale without creating friction for end users. We believe in an approach where we build the security layer right around the content itself. Using machine learning and adaptive content controls, security is wrapped right around the content as metadata, allowing users to seamlessly access content without walking into barriers.
Once data is stored in Box, it can be classified automatically based on its sensitivity, which will determine what level of security should be applied. For example, machine learning can use context to identify things like social security numbers, which helps reduce false positives. Once it's classified, the classification follows the content no matter where it’s accessed or who it’s shared with, which means that security and compliance policies follow it, too.
Classification facilitates content searching while also acting as an early warning system around security decisions. Based on the context around their actions, the system can proactively tell them, “Hey, this is not okay,” before the action is complete, giving them an opportunity to make an informed decision.
By taking an architectural approach that moves security controls as close to the content as possible—no matter which apps, programs or devices are used to create or access it—we give people the best of both worlds by empowering them to protect their data without constraining their ability to do their jobs.
Box is solving the same age-old problems, differently. Because why would we keep doing things the same old way when we can achieve so much more by challenging the status quo?
To learn more about how Box can elevate your organization’s security and productivity, join us at BoxWorks, our flagship digital event where you can learn more about new innovations that will help you unleash your best work.