From the Fall 2023 Issue

How Well Are Your Files protected?

Hilary MacMillan
EVP for Engineering | CyLogic

Files are among a company’s most valuable assets and their presence has a very real impact on a company’s viability, to its bottom line, its reputation or legal standing, and its ability to operate and deliver products or services.

Consider your company’s files for a moment.  What’s in them?  Financial data?  Confidential plans or product designs?  Proprietary processes or procedures?  Sensitive information on employees?

Companies pay a significant price for files, either to acquire their content or for the labor required to turn their employees’ knowledge into a digital format that can be stored, shared, and accessed when needed.  If the content in these files was stolen or changed without authorization, or if this content wasn’t available to authorized personnel when and where it was needed, the impacts – financial, operational, reputational, or legal – to the company could be significant.

Files are among a company’s most valuable assets and their presence has a very real impact on a company’s viability, to its bottom line, its reputation or legal standing, and its ability to operate and deliver products or services. 

Physical assets of such value would typically be stored in a single place protected with guards, gates, and guns, and access to them would be limited to an authorized few and granted only after an up close and personal identity verification process.  The digital world mimics this model, with centralized storage protected with fortified hardware and perimeter security solutions controlling what – and who – comes in and goes out.

But the number of file assets to be protected and the myriad resources requiring access to them, to use, modify, and share them, is large and complex.  Accommodating these requirements with the centralized model described above can leave gaps that are, all too often, exploited.  After all, the company possessing these file assets isn’t the only one that can benefit from them.  There are plenty of others – motivated by their own interests – who can gain from any company’s file content as well.

The advantages of using a file management and sharing system built on a centralized architecture are understandable.  Assets stored in a single location, or a limited and finite number of locations, are seen as easier to access, control and manage.  And the responsibility for controlling and managing those assets can be assigned to a single organizational entity who sets rules to determine who is allowed to access those file assets, authenticates entities requesting that access, and monitors attempts to access them.

But there are downsides to this model.  There are, necessarily, holes in the security perimeters surrounding the central storage resource(s).  Employees and company leadership must be able to get to their files to work.  In an effort to make sure only the right people get through the perimeter, and to make sure they can only take out only those files to which they’re authorized, an array of authentication and authorization rules are put in place. 

An attacker who gains access to a company’s centralized storage can reap a company’s full suite of proprietary, private, or sensitive information

Of course, there are problems with this.  Authentication in the virtual world isn’t face to face.  It’s remote and impersonal and can, through any number of social engineering or other techniques, be subverted.  Furthermore, the combination of file assets to be controlled and the users (or other resources) needing access to them are too great to manage on a case-by-case basis, so rules are created, e.g., users belonging to a certain group or role can access files of a certain type.  Also, these access rules are often created and assigned by personnel without a direct role in or awareness of the task, objective, or mission that these files support.  To make sure that users have access to what they need when they need it, these rules are often far more permissive than necessary. 

While storing the entire set of a company’s file assets in single (or limited number of) location(s) can ease the burden of controlling and managing them, it also makes it easier for bad actors to focus their attentions and efforts on a single high-payoff target and levy their malicious actions against it.  An attacker who gains access to a company’s centralized storage can reap a company’s full suite of proprietary, private, or sensitive information.  An attacker who cuts off access to a company’s centralized storage – or to the content in it – can bring a company’s operations to a full stop.

Unfortunately, it’s not only external threats that a company has to worry about.  This centralized model requires the company and its leadership to place tremendous trust in both their employees to not fall victim to social engineering and allow unauthorized personnel to impersonate them, but also in the entity charged with managing and maintaining their centralized file storage as they effectively have access to every file asset the company owns.  This creates significant insider threat opportunities. 

And if a company decides to offload the work of managing and maintaining their file management and sharing needs to a solution provided and maintained by a third-party vendor, they effectively give up possession and control over their file assets.  Their files reside on someone else’s systems, and they are relying on that vendor and their systems, processes, policies, and policies to keep their assets safe.

These downsides to the file management and sharing system riding on a centralized architecture model are real and present.  It doesn’t take much searching to find headlines that highlight them, and the very real impacts realized when these downsides are exploited.

But, what if the requirements for file management and sharing could be met by a different model – one that allows companies to realize the advantages of a centralized model while mitigating the risks inherent to it.

A decentralized network architecture could be used instead of a centralized model as the fundamental base layer.  Technologies have been developed and improved over the last decade that enable awareness of and sharing across known peers on this type of network.  These technologies enable file sharing and file access from anywhere, at any time, capabilities similar to what is possible with a centralized network to be realized without many of the downsides.

A decentralized network distributes these files across the nodes composing it, with no single entity on the network holding the lot.  An attacker is presented with many more, but each far less valuable, targets that, hopefully, cause him or her to reassess whether their potential return from an attack is worth the necessary investment.

A decentralized architecture can reduce the workload burden on a company’s IT administration resources in other ways too.

This type of architecture, supporting file management and sharing operations, can also move the locus of control over the company’s files from an administration entity (which is often removed from their operational use) to the creators or owners of those files – i.e., those with the greatest understanding of who requires access to them and what type of access is needed.  This removes both a workload burden from this administration entity and increases the likelihood that only those users with actual need to access certain files will have that access.

A decentralized architecture can reduce the workload burden on a company’s IT administration resources in other ways too.  It enables the organization to take advantage of the ever-growing storage space on their employee’s devices – it’s growing more difficult to buy a laptop that doesn’t come with at least 512 MBs of storage and most business machines have far more.  Unless a user is routinely handling large sized files (videos, high resolution images, etc.) much of that space goes unused.  By using employee endpoint devices as primary file storage devices, the organization can save on both the cost of separate file servers as well as on the labor to set up and maintain them.

This reduction in workload and cost may negate a company’s need to move to a file management and sharing solution provided by a third-party vendor that requires them to give up possession and control over their files and rely on this vendor’s hardware, software, processes, policies, and people to keep their files secure and available.

Questions may arise on file availability when contemplating a decentralized architecture.  After all, if a file creator never shares a file, or shares a file with only a small set of other users, how does a company retain cognizance over and access to these assets?

This issue can be addressed by adding specific types of nodes into a decentralized network; nodes whose only job is to collect and maintain a copy of every file created and stored within the company’s file management system.  And while this may seem to recreate the single big target that this solution was aiming to avoid, it doesn’t.  This special node doesn’t have to do anything; it acts only as a repository.  But it can when needed – for example, when a file only exists on its creator’s endpoint and hasn’t been shared with anyone else – provide a file to an authorized requesting user.

And just how are the files in this repository, as well as all other files residing on and transiting between individual user machines, protected?  By applying a combination of symmetric and asymmetric encryption, key wrapping, and digital signatures, users – and their companies – can be assured that their file content remains confidential and accessible only to those they, or their company’s leadership, have authorized to have access as well as their files’ integrity.

A file management and sharing solution that combines novel technologies with the characteristics described above: decentralized networking, strong industry-standard cryptography, separation of administrative, and operational duties with respect to file management and access, can address the gaps present with many current protection solution architectures. lock

Hilary MacMillan

Leave a Comment