Information is growing at an exponential rate, in terms of volume, velocity and variety, yet the
resources to secure this environment are only increasing at a linear rate. Given this imbalance,
how can enterprises collaborate – internally and externally – and be confident their information is
One initial step is for enterprises to clearly understand their internal challenges. Policies may be lagging behind work practices, resulting in valuable data leaking into less secure environments.
Are employees collaborating in stealth, for example, through personal cloud services such as
Dropbox due to lack of equally efficient corporate alternatives? Are they redirecting work email to
private accounts to work more flexibly?
The answers to these questions are usually sobering, but it is a necessary step to identify, assess, and treat information risk. There are a number of tools available, including the ISF’s Information Risk Analysis Methodology, to help organisations find the right balance between risk and reward.
The next step, after greater internal clarity, is to analyse external information risk – ie risk arising from relationships with partners and suppliers. Supply chains are an integral component of business operations, and for them to function efficiently an organisation needs to share a range of valuable and sensitive information with its suppliers.
The costs can be significant when this risk is not managed properly. One example is the late 2013 data breach suffered by US retailer Target, made possible when hackers used compromised credentials from a trusted supplier to access Target’s corporate network.
Managing supplier risk requires comprehensive due diligence, particularly in the opening stages
of a relationship, which is an area covered by the ISF’s Supply Chain Assurance Framework.
Ultimately the companies that remain competitive are those that can adapt their resources to the exponentially growing challenges of information risk.
Dave Clemente is a Senior Research Analyst with the Information Security Forum
More on secure collaboration: