This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Failure to share information and work collaboratively can cripple a business

Share this article:

Collaborative working and information is needed to keep a business working, although security has to be built in.

At the Field Fisher Waterhouse security forum, the concept of collaborative working was debated among speakers and delegates.

Paul Vincent, global head of security architecture and design at Lloyds Banking Group, said that information is needed to keep the business working and if you stop the data flowing, "it will not be long before you are crippled beyond repair".

He recommended four approaches: to produce a guidance for secure collaborative sharing and have a good way of sharing data; to roll out technology solutions that don't end up not being used; integrate solutions into the IT landscape; or take an attitude that "collaboration is data leakage and must be prevented at all costs". He said that this is for companies with no solution in place.

He said: “At our business we do not allow webmail access or USB sticks and we have to use a VPN to share data, but this means that from a security perspective, data is not going anywhere but the business is able to function.”

Vincent recommended that to secure information look at network administrator control; to secure applications look at creating a secure workspace; and to secure data look at digital rights management.

However he said that technology is not mature enough yet, but it was getting to a tipping point and the challenge is how to integrate security capability with products.

He said: “The smart companies have a strategy and deliver to it. You need a good guarantee to share data and if people do not work within the security controls, they get fired.

“Have good governance and decide on your approach to collaboration and have a business unit to determine risk. A federated model is good, but it needs control. It is also good if security and innovation are tied up together on this.”

Stewart Room, partner at Field Fisher Waterhouse, said that the objectives of sharing are in realising agility and productivity in business, and the need to make sure it is done securely. “This is a trust issue fundamentally, it is also worth looking at Intralinks' concept of un-sharing and ISO 27010,” he said.

Earlier in the day, Richard Anstey, CTO EMEA of Intralinks, said that "Generation Y have a different notion of what it means to share" and that this has changed the notion of securing the boundary and the firewall and network, to protecting the information itself.

He highlighted a customer who had used Intralinks' technology to protect intellectual property and work better with third parties. “With users, you have to have ease-of-use and simplicity as if the product is incomprehensible, users will use their own tools,” he said.

“It must also be auditable and secured so you know what is going on and search for data over time. Where will your data be in five to ten years' time?”

Ian Bryant, technical director of the UK Trustworthy Software Initiative, encouraged the creation of a ‘trust circle' when it comes to the management of sharing information, in order to determine a community who can use the data and a ‘trust master' who has overall responsibility.

Asked if that trust master should be a regulator, Bryant said that this is not really the case, but it could be a data protection officer or someone who understands how to work with data.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).