How to tell if your file server is secure enough
Written by Judy
Increasing risks and data compromises have called for a security reformation in law firms over the last decade (Related: Current status of information security in law firms: is it enough?). Using file servers have been a concern for law firms as they transition into a paperless office. There are file server security solutions out there that classifies existing data stored on the file server. However, this type of solution only provides passive security where the solution automatically applies some minimal defensive features like file documentation and organization. Most lack active security features such as access control and rights management for copy, print, and screen capture that can be set by administrators which can prevent intentional data leaks.
Data protection of files will always remain the primary concern when looking into file server security solutions. Preventing data leakage by external sources but internal as well will ensure that a company’s confidential information is fully protected. When it comes to sensitive information, businesses need to prepare for accidental and malicious insider data leakage, as it can cost a business hundreds of thousands of dollars in damage control. In July 2013, California Attorney General Kamala Harris released a data breach report, which contained collective information of data breaches in California and recommendations to companies in improving their data security. The amount of compromised data is staggering, as the report states that the personal information of 2.5 million Californians was compromised. Also in this report, it states that computer intrusions, by outsiders and malicious insiders, accounted for over half the reported breaches in 2012. “Tightening security controls” and extending it to training employees and contractors is advised to protect personal information. This goes for file servers too because access control is so minimally maintained in most file server security solutions.
Individualized DRM policy settings are needed too depending on the size and complexity of your business. If some temporary employees were required to look at sensitive information on the server to do their jobs, it is advised that the policy settings that are given to full time employees aren’t given to contracted employees. Why? What if the DRM policy allowed copying or printing? Companies and their administrators need to be prepared in the event an employee has malicious intent and leaks sensitive data. Of course administrators could just change the policy to deny printing and copying, but this could cause an interruption to the workflow for the other full time employees.
The ability to view file activity and user activity for auditing purposes is highly beneficial for the administrators and the company. With a detailed event log, administrators may be able to stop a data leakage at its source, contain compromised data, or prevent it from happening. Real time updates, actions that were taken, files affected, registered user name and date are all relevant information that administrators can use to see if there are any suspicious activity. If the event log can record denied actions, such as a copy attempt, it would be best.