A secure perimeter is critical for any modern business. But, what happens when the perimeter remains secure and data still gets breached?
This is the case for Fortinet, a network security company, which announced a breach of its customers’ data last week, via a third-party file-sharing service. The interesting part: According to Fortinet’s blog post on the incident, the attacker gained access to the data without gaining access to Fortinet’s corporate network.
This underscores what many of us already know: The organizational perimeter is dissolving, and information security needs to get more granular, taking into account the fact that sensitive data can and will move outside of that increasingly hazy organizational boundary.
Here’s what we can take away from the Fortinet data breach.
The Fortinet Breach: What Happened?
We don’t yet have any information on which third-party, cloud-based shared file drive was breached, or what enabled the attacker to gain access to the Fortinet customer data hosted there.
According to Fortinet’s blog post on September 12, “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers.”
Fortinet’s website lists its global customer base at 775,000 customers, which would mean up to 2,325 customers were impacted — perhaps a small portion of their base, but not a small number of affected customers.
IT Pro notes that “the leaked data is said to include employee resources, finance documents, HR documents from India, product offerings, US sales data, as well as professional services and marketing documents.” It estimates that 440 GB of data was stolen in the attack.
The Perimeter Emerged Unscathed — But the Data Didn’t
Fortinet was quick to point out that the incident did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network. We don’t know what file-sharing service was affected, so it’s hard to draw exact conclusions from this particular incident, but it’s safe to say that the security of a tight, controlled perimeter was not sufficient to protect customers’ data in this case.
In the realm of Zero Trust, it’s common knowledge that we should assume that the perimeter has already been breached — that the bad guys are already here. But, not enough is said about the data that we knowingly share with others, the data that travels outside of the perimeter via file-sharing platforms, SaaS apps, emails, and other technologies that we use every day in the course of doing business.
This also has a huge impact on an organization’s risk posture: You can’t monitor or measure what you can’t see. Admins need visibility into the full scope of organizational data, wherever it lives and moves. When data lives in many different places (such as the third-party file sharing platform in Fortinet’s breach), admins need the ability to audit access events at a granular level to monitor who is accessing what data, at what time — and determine if access controls need to be updated or revoked accordingly.
This is especially true for file-sharing apps like Microsoft Sharepoint and Google Drive — where high volumes of content are being created and shared, internally and externally, every day. It can be nearly impossible for admins to keep up with which files or folders have been shared with external parties unless the right security tools and protocols are in place.
When choosing a file-sharing solution, it’s important to balance user experience with admin visibility and control. Solutions like Virtru Secure Share allow for seamless sharing by users, while giving admins the ability to see and govern data sharing across the organization. Built on the Virtru Data Security Platform, Virtru Secure Share is a simple, powerful way to extend data-centric security to files shared via Google Drive, Zendesk, and Confluence.
Taking Google Drive as an example, admins can turn off Google Drive’s native external sharing capabilities and instead use Virtru Secure Share for Google Drive to encrypt and protect shared files, meanwhile giving admins visibility and control over how that data can ultimately be accessed.
Zero Trust File Sharing Requires a Data-Centric Focus
Data is the central pillar of Zero Trust strategies, and rightfully so: It is ultimately what cyber attackers are after, and it is one of the most crucial assets in any organization. Data is also unwieldy — it lives, and moves, everywhere. Across any given organization, teams use email platforms like Outlook and Gmail; file-sharing services like Dropbox, Box, Google Drive, and Sharepoint; SaaS apps like Salesforce, Zendesk, Confluence, and Slack.
Data is not confined to the organizational network, so data protection shouldn’t stop at the network, either. A Zero Trust strategy is incomplete without appropriate protections that travel with it, everywhere it moves.
At Virtru, that’s what we’re focused on: Shifting focus from the perimeter to a data-centric view that allows for situational decision-making with each data object, based on context and need to know. When it comes to sharing sensitive files, Virtru Secure Share can be used in any browser and integrates with Google Drive, Zendesk, and Confluence for encrypted file sharing that provides admins with persistent visibility and control.
If you’re looking for ways to bolster security beyond the perimeter, contact our team. We’d love to start the conversation.
