Application communication and storage
When applications need to communicate with each other, but don't speak a common language, using intermediate files on a shared file system can serve as a form of enterprise application integration. For example, a bank with a legacy application running on a mainframe, and another banking application running on Microsoft servers, can use files on a shared file server or NAS device to exchange information between the disparate systems. While only the applications should have access those shared files, it's highly likely that the file servers or NAS devices where the files are stored are accessible by many users. So, care has to be taken to safeguard access and prevent sensitive data from being compromised.
An even more basic, and more common, use of shared file systems by applications is when applications simply store their output or intermediate results in files. Business applications can generate a lot of file data, and once this application-generated file data exists on shared storage, it needs to be protected against excessive access.
No, we're not talking about employees who store their movies and music on your enterprise file servers. Instead, think: digital recordings of calls to your customer service representatives and telesales team, video from security cameras, and even training and education materials such as podcasts and videos. Media files can be large, and when they are generated through ongoing business operations, like contact centre recordings and surveillance videos, there can be a lot of them. If, for example, your business is processing pharmacy refills or purchases made with credit cards, your media files are governed by regulations such as HIPAA and PCI, and need to be protected. Similarly, you will want to make sure only those with a business need-to-know can access your surveillance video.
Informal business processes
Files are sometimes just more practical, functional or convenient that formal systems. For example, despite the widespread deployment of customer contact centre software, your customer representatives may keep documents or spreadsheets to track "hot" cases, details that don't fit in standard forms, or other information they want to have readily at-hand. These types of informal business process files are often stored on shared file systems to so that teams can communicate across work shifts and geographies. While these files facilitate more efficient business, they can expose sensitive or regulated data to too many users, depending on the nature of your business.
Valuable file data on shared file systems is plentiful in most organisations and comes from a number of sources, including applications, databases, knowledge workers, digital media and ad-hoc business processes. It's got obvious value to your business, and regulators and auditors recognise its value too. Unfortunately, if you're harboring any malicious insiders, they're also coveting this data. That's reason enough for you to spend some time getting a handle on who has access to your file data, which users are actually using it, who owns it, and how to ensure that access is based on a business need-to-know.
Raphael Reich is Director of Product Marketing at Imperva. Prior to joining Imperva, he held senior positions in product management and product marketing at Varonis, Cisco, Check Point, Echelon and Network General. Additionally, Reich was a software engineer at Digital Equipment Corporation. He has over twenty years of business experience and holds a bachelors degree in computer science from UC Santa Cruz and an MBA from UCLA.