Strengthen Data Security and Governance with Metadata
If you want to protect the sensitive data you share with third parties, you need to know everything you can about that data. What data is being shared? Who’s sharing it? With whom are they sharing it? How are they sharing it? Ultimately, to protect your data and data workflows, you need deep insight into your data and data workflows. Encrypted data packets and IP addresses only tell part of the story. You’ll need to dig deeper. With metadata, you have all the information you need to protect the PII, PHI, and IP you share with trusted third parties.
Third-party workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and exiting your organization. A comprehensive defense entails securing, monitoring, and managing all third-party workflows, including secure email, SFTP, and secure file sharing, among others.
In my last post, I discussed the importance of encrypting your sensitive content in transit and at rest. In this post, I’ll explore how to use metadata to bolster data security and governance as it pertains to your third-party workflows.
With Great Metadata Comes Great Opportunity
Once you’ve effectively shrunk the threat surface by limiting the number of entry points, namely the third-party communication applications used to transmit files into your organization, you can more efficiently analyze every incoming file to detect, isolate, and neutralize all inbound threats.
While inspecting encrypted data packets and IP addresses is a good start to protecting data-in-transit, it’s insufficient. By contrast, file transfer metadata lets you see who’s sending the file, who’s receiving it, where it’s coming from, and much more. This information is only available at the user-application-file level, so this defensive strategy is critical for protecting data in risky third-party workflows.
At a minimum, every incoming file should be scanned by anti-virus software prior to being uploaded to an enterprise repository. More suspicious files may require rerouting for advanced threat protection (ATP) analysis. To avoid slowing user productivity, apply stratified inspection to all inbound file traffic. By marking suspicious files for detailed inspection and queuing them based on workflow metadata, higher priority workflows receive higher priority processing.
Use Metadata to Employ Tight Governance Over Third-party Workflows
To protect data in motion as it leaves your organization, you must establish and enforce strict data privacy rules, including granular policy controls. Policy controls let you prevent costly data leaks and meet internal and external data privacy requirements, like GDPR compliance and HIPAA compliance. Granular policy controls must incorporate sharing metadata like sender, receiver, origin, destination, and time of transfer to be truly effective.
Based on the content a file contains, data leak prevention (DLP) technology can be deployed to deny unauthorized requests. This process can be accelerated by implementing a data classification standard that allows DLP scans to be performed offline and requests for sensitive content to be processed in real-time. This type of context-aware, content-aware security can only be applied to workflows, namely users, applications, and files. As a result, you must screen for PII, PHI, and other sensitive content at the user-application-file level. You must also be able to log file metadata and your DLP results so you can analyze them in the event of any failures. You can then use your CISO Dashboard to see file activity in context, drill down with comprehensive reports, and export logs to your SIEM solution.
Next time, I’ll discuss using security infrastructure integrations to help secure your organization on all fronts while maintaining complete visibility over all sensitive information as it moves through the enterprise.
To learn more about how to build a holistic defense of the third-party workflow threat surface, schedule a custom demo of Kiteworks today.