According to Gartner, 84% of data loss incidents involve authorized parties distributing content externally. This data factoid was contained in a CERT Insider Threat Study titled Understanding the Risks & Defending the Enterprise, available here. The cost of that loss, according to 30% of survey respondents, exceeded $500,000.

The CERT study dates from the early part of this decade. There is little reason to believe the situation has improved much. Organizations are exchanging data more than ever as collaboration and partnering become strategy bywords and the human factors behind most bad security factors have changed.

There are ways to address this problem, which were described here back in April. Usually, they involve the use of secure online space, like that offered by Brainloop and IntraLinks. Although far from expensive, they are definitely feature-rich and high-end. Now the low end of the market is emerging.

At the low end of the market, Confidela offers a SaaS-based document control service. WatchDox uses the Flash technology built into almost every browser to exchange documents as Flash representations. Recipients view the documents as Flash images but they cannot print, save, or forward the document.

WatchDox certainly is easy to use; nothing to install, no passwords to remember. Senders fire off a link to their document; recipients click the link to view the document. And it is comparatively cheap: $50 per month for the personal edition, $300 per month for the business version.

The Achilles heel of all document security systems, low- or high-end, is getting the senders to use them. WatchDox certainly is simple and straightforward; sending the usual email attachment, however, is even simpler and ingrained in senders despite being inherently insecure.

Brainloop, which operates a secure data room for document sharing and is almost as simple and straightforward, has considered this problem. They see it coming down to human factors, like the natural tendency to cut corners. They realized companies have to, in effect, bribe users to practice good security. So they emphasize goodies users experience if they play along with good security practices embedded into their secure online data room. You can find the white paper on human factors here. The goodies are:

1 — Elimination of the annoying need to do versioning with shared documents

2 — Control of collaboration and collaborators

3 — Inside insight into who else had read and shared documents and when

4 — Elimination of file synching and copying when traveling

5 — Enabling documented virtual meetings to avoid travel

Since human factors typically drive honest users to bypass security, you have to use similar human factors to win security compliance. So, by setting up a transparently secure work space that automatically delivers benefits users might actually want, the human factors can play to your favor. ###