Ensuring the end-to-end integrity of data in a secure software environment

With work from home policies in full swing, it has become increasingly necessary to ensure that data collaboration between employees happens in a secure manner.

The aim is to ensure the integrity of the data, while in transit and once it arrives at its intended destination, reducing the opportunity for data breaches and interference/ manipulation of data.

What is data collaboration?

Data collaboration projects typically involve two or more partners making data sets (both structured and unstructured) available digitally – giving all participants the opportunity to gain valuable business insights and perform essential day-to-day duties and functions.

Collaboration methods include email, file and even database sharing, and the most important aspect of the collaboration process centres around the security measures applied to protect the data.

“Secure data collaboration has two parts to it,” explains Frans Marx, Business Development Manager of Data Protection at CyberTech, a division of Altron. “The first layer is ensuring that the person receiving the data is actually the correct and intended recipient – not an imposter using someone else’s credentials”.

“The second layer is ensuring that the data has been sufficiently encrypted so that even if it is somehow intercepted while in transit, the data will be meaningless and unintelligible to anyone not in possession of the encryption key”.

Marx emphasizes that every possible point of entry must be eliminated, using encryption and authentication, to ensure that end-to-end data collaboration is as secure as possible.

Remote work contributing to a rise in data breaches

Nearly 24 million South Africans had their personal data compromised in a single incident in August this year, placing major scrutiny on the practice of data handling, policies, processes and technology, as well as the “authorised” users that had access to the data.

This, combined with an increase in cyberattacks associated with working remotely, makes secure data collaboration invaluable and non-negotiable

“The office is typically a more controlled environment with various measures in place,” explains Marx. “However, when you’re working remotely, there are a lot of environmental variables at play – including an unsecured network. This could open a backdoor into sensitive data on your device and network”.

Says Marx: “In many cases, digital security is not high on the agenda for a regular employee – it’s simply not their job nor their area of expertise. They might not even realise that they’ve been breached until weeks or months after the fact, and by then it’s far too late”.

Marx is of the opinion that although breaches (once discovered) can result in a hefty fine for the organisation responsible, the cost to the organisation’s reputation could be far more damaging.

“If stakeholders, clients and the public are entrusting you with their data, the right and responsible thing to do is to make sure that any and all reasonable steps have been taken to protect their data.”

Mitigating risk

Secure data collaboration is primarily concerned with mitigating risk; it is close to impossible to eliminate risk entirely in cybersecurity. Says Marx, “What happened in the recent highly-publicised data breach was a process failure rather than a physical malicious attack – although there was a malicious element to it”.

If the proper business process of securing data collaboration was in place to start with, it probably would have been a lot more difficult to obtain the data off-hand, and if the data was encrypted, the unauthorized user wouldn’t have been able to do anything with that data anyway because it would have been unintelligible and therefore unusable, while remaining fully protected.

CyberTech offers numerous services to mitigate risk in data collaboration. These include:

  • End to end email encryption
  • Recipient validation
  • Credential management through a PKI environment
  • File and folder encryption on devices
  • Full control over your data even after pressing the send button
  • A service that revokes an email entirely, once it has already been sent, with no trace of data remaining in the clear.
  • A service that restricts another party from downloading or forwarding attachments, as well as an option that causes the email or attachment to expire after a set amount of time.
  • With an increasing number of organisations storing their data in the cloud, CyberTech offers data encryption at various levels including application layer, database level, cell level, disk level etc, a solution whereby a customer is provided with an encryption key for internal or externally stored data.

Secure data collaboration recommendations

Marx’s first tip is not to overcomplicate the process or to take on too much too soon. “Start with the basics and then expand. Some encryption is better than none,” he says.

“The first step is a risk/threat assessment followed by data classification. I recommend working with a team of professionals to better understand your data and to identify what data is of a nature that requires securing. For example, how much of your data falls under the Protection of Personal Information (POPI) Act? What data is confidential and could be at risk?”

“In addition, one should identify data that should have been removed long ago and destroy it in a safe way; too much information lying around unguarded is never a good thing”.

Once data has been sorted and classified, Marx recommends that organisations begin the process by taking steps to protect the most sensitive of the data, and then later expanding those secure measures to cover the rest of the data as time goes on.

“Due to misconceptions around costs and complexities, many organisations spend a lot of time thinking about secure data collaboration and encryption but fail to take any action,”

“The truth is that encryption technology has evolved to the point where none of these reasons hold true, especially if you choose a credible partner to walk this journey with you.  I’m proud to be part of a company that makes secure data collaboration more accessible by offering it as an evolving service that grows as your requirements grow.” he concludes.

 

Editorial contact: Lashley Steeneveldt, Brand Specialist for CyberTech a division of Altron