Informationsrisikomanagement im erweiterten Unternehmen: Warum Corporate Compliance und IT-Sicherheit ihre Kräfte bündeln müssen

WHITE PA P E R – M A N A G I N G I N F O R M AT I O N R I S K I N T H E E X T E N D E D E N T E R P R I S E W H I T E PAPER 1/6 Managing Information Risk in the Extended Enterprise Managing Information Risk in the Extended Enterprise: Why Corporate Compliance and IT Security Must Join Forces BUSINESS BOMBARDED BY RISK TO DOCUMENT SHARING AND COLLABORATION The early stages of a paradigm shift can introduce a period of ignorance that quickly moves to fear, uncertainty, and doubt. Organizations find comfort in the old way of doing things, but must move forward and begin to leverage new approaches to stay competitive. Seamless collaboration with electronic of confidentiality, integrity, and avail- The good news: Organizations can documents is one of those business ability of critical business information? provide employees with a secure online practices that may completely document collaboration environment. revolutionize how technology creates With an onslaught of regulations It’s time to stop fighting collaborative value for companies. Thanks to a wealth impacting security, this concern has processes that end-users have so avidly of new tools, document collaboration continued to grow. embraced, and objectively look at has become much easier and more securing online document collaboration accessible to business users. This makes across extended business relationships, employees more productive and gives to take full advantage of its benefits. companies agility that helps them succeed in a complex, dynamic, and Legions of compliance obligations and distributed business environment. risks to information The information within electronic However, new methods of collaborating documents faces a bombardment of risk using online or other electronic means and compliance challenges from every introduce serious risks. Documents direction. IT security has been in reactive shared outside the enterprise aren’t mode, tightening down access using protected by perimeter security, enter- enterprise rights management, prise rights management and other perimeter security, laptop encryption, infrastructure measures. These new but has not addressed the issue of how approaches require organizations to information is used outside the extend security beyond the firewall. enterprise. Meanwhile, business users are sharing documents completely How does business take advantage of unprotected, often using online the wealth of benefits that online collaboration platforms, because it document collaboration promises, makes them more productive. while avoiding the compromise W H I T E PA P E R – M A N A G I N G I N F O R M AT I O N R I S K I N T H E E X T E N D E D E N T E R P R I S E 2/6 The onslaught of risk and compliance • Collaborations on strategy: Work controls. Any employee with access to issues related to information sharing with management consultants, board sensitive documents can put them at risk includes: members and investors requires sharing by sending email attachments, using information on business strategy, unsecured online collaboration tools, or • Intellectual property and trade execution, and partnerships. In fact, the through offline communication such as secrets: Technology licensing and more sensitive a document is, the more shipping documents on CDs, USB drives collaboration can put intellectual likely it will need to travel outside the or even as hard copies. property at risk through intentional or enterprise, increasing the risk of inadvertent exposure. Biophar- exposure. The distributed nature of documents maceutical outlicensing, in which compound risk potential bidders review product • Personal information: The onslaught Risk and compliance issues are com- dossiers, is a good example of this. of privacy laws mandating security, pounded by the pervasive nature of encryption, authentication and audit electronic documents. Individuals and • Sensitive customer information and trails impacts documents shared with HR departments can quickly set up online data: Communication with vendors, administrators, insurance and payroll collaboration portals and share docu- external auditors and customers need to providers, 401(k) administrators, and ments inside and outside the organiza- be secured, not only to protect others. Additionally, privacy tion, increasing the number of people confidential customer information, but requirements continue to multiply, and who can misuse them and simultaneous- also to fulfill the company’s contractual require disclosure should this ly decreasing the company’s control over and service-level obligations to the information be compromised. them. customers. • Legal and compliance issues: End users have become accustomed to A variety of electronic discovery and online applications through consumer litigation risks bear down on processes. tools such as social networks and file- These require organizations to have sharing platforms. Based on their complete control and visibility into favorable experiences with consumer electronic document information, and tools, employees are quite comfortable to know who has accessed them. Legal, acquiring and using online applications financial and contract-related in business settings. This consumeriza- documents all require documentation of tion of the enterprise has led end users accesses, non-repudiation, and control to purchase collaboration applications over document integrity. at the departmental level, which creates silos of electronic documents, increases • Information getting in the wrong risk, and makes compliance unmanage- hands: There is the general fear that able. Users can also easily purchase and encompasses all of these points of share online collaboration spaces information getting into the wrong without the organization knowing, hands — this can be through often without the document controls inadvertent or accidental exposure or that security and compliance malicious behavior, all because the professionals require.