According to a new survey, 34 percent of companies say that up to half of their employees routinely share data with third party organizations, including vendors, partners, customers, and contractors. This has become a dominant trend in the world of businesses, which race towards outsourcing. Non-core functions such as accounting, payroll, manufacturing, and even IT security have all been sloughed off.
Nearly all respondents believe that this practice exposes them to the risk of data loss, however. After all, it's easy enough to vet a partner on their ability to deliver a business service—but extremely difficult to vet based on security. How does this data sharing expose companies to risk, and how can they secure their methods?
A Growing Amount of Companies Lose Data to Vendors
Data sharing is tricky. Most companies would prefer to avoid data sharing with their business partners. After all, as an administrator, you know exactly what your company is doing to keep your data safe.
Performing a security audit on a vendor may not even be possible. Even if it is possible, you may not be able to achieve continuous monitoring. The data shows that this level is absolutely necessary.
A study from Deloitte showed that over one fifth of businesses were exposed to a data breach by the action, or inaction, of one of their vendors or business partners. From the same study, the vast majority of respondents also have low confidence in their own ability to manage vendor risk.
This is a dangerous combination. As we've discussed earlier, data breaches are expensive. Even something as simple as sending an insecure email can result in a technical HIPAA violation. Thus, placing your data in the hands of entities you don't trust is a recipe for a pricey disaster.
Traditional Vetting Methods Encounter a Volume Problem
How do you prevent these disasters from happening? One way to do this is to create a comprehensive assessment of the vendor risk of all the clients you do business with. That's much easier said than done, however. On average, a company will share information with 89 vendors per week. Just around 33% of companies are fully confident that that they know the exact number and identity of vendors that they're sharing data with.
Imagine that you're somehow able to vet nearly a hundred vendors, doing a detailed penetration test, a vulnerability scan, and so on. That's a herculean effort, right? That's not the only difficulty. Companies change up their networks all the time, so a vendor could potentially make themselves massively insecure, even shortly after an audit is conducted. Thus, for security reasons, continuous monitoring would be more preferable by far—but there's no tried and true method that would allow a single company to continuously monitor dozens of vendors at a time.
A Secure Data Sharing Solution
The best solution is to be prepared to cut off a company's access to your data if they're found to be insecure. With SDE, that preparation is effortless.
You can revoke access to emails after they're sent and quickly change authorizations for any kind of shared data—files, folders, and databases alike. Better yet, our product can seamlessly and effortlessly connect to nearly any brand of cloud storage, meaning that you won't have to change the way you share data with your vendors in order for SDE to work.
Administrators can use SDE to moderate both data exchange and data access. This means that it's safe to share information with vendors, for example via email. Every email sent through SDE is encrypted, and can only be downloaded by its recipient using a secure one-time-password. Admins can yank access to any email after it's been sent.
On the other hand, data access—allowing your vendors to look at your data—is also secure. You can set up a shared cloud drive, while ensuring that only specific individuals at the vendor side can look at data. You can also set up permissions so that some data is automatically encrypted, read-only, and more.
Don't wait around for one of your vendors to leak sensitive data—check out this whitepaper on how to protect it!
Editor's Note: This post was originally published in November 2016 and has been updated for accuracy and comprehensiveness.