IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Whatsapp
#
Shadow IT
#
Security breaches

So, what does secure file sharing actually look like?

Today
By Julian Fay, CTO, Senetas

There's a long, troubled history of security breaches involving sensitive information shared via messaging apps. Few incidents have captured public attention like the recent revelations involving US military attack plans leaking via high-ranking politicians on the popular messaging app Signal. Such high-profile breaches underscore the pressing need for organisations globally to reassess their methods of securely exchanging confidential data. For many outside the world of classified information, there's one big question left unanswered - how does this happen?

The US government already operates several highly secure messaging platforms, such as SIPRNet, JWICS, and NIPRNet, specifically designed for classified or sensitive communications. However, the primary vulnerability often isn't technological; rather, it's the humans who use these systems. Convenience frequently drives the selection of communication tools, overshadowing critical security considerations. This tendency creates "shadow IT" scenarios, where employees resort to unofficial and less secure applications because authorised platforms are cumbersome, slow, or difficult to access remotely.

Popular apps like Signal, WhatsApp, and even standard emails attract users with their user-friendly interfaces, rapid setup, and seamless integration into daily digital workflows. Data shared in high-pressure situations often carries transient value—such as precise timings for military operations—rendering cumbersome security processes seemingly unnecessary or impractical in the moment. This classic security-usability trade-off pushes users toward quicker, simpler solutions, unintentionally opening doors to significant breaches.

Yet, ease of use alone does not account for all leaks. Many incidents stem from inadequate encryption standards, absence of comprehensive audit trails, or lack of integration with existing secure systems. Leaks can also occur inadvertently when sensitive files mix with unsecured data-sharing methods or when files are mistakenly forwarded without proper access controls. Metadata leakage—details such as sender identity, timestamps, or frequency of communications—can also inadvertently expose sensitive patterns, particularly in intelligence environments.

Cross-agency or external collaboration further complicates matters. When partners lack secure communication channels or clearance, secure and insecure tools inevitably merge, increasing the likelihood of breaches. The risk escalates with insider threats—intentional or accidental—when employees bypass security protocols, using personal devices or unsecured cloud services for convenience. These informal practices deprive organisations of visibility and control over their sensitive data, making it nearly impossible to enforce policy compliance or track information flows.

Addressing these challenges demands a thoughtful approach, considering the reasons employees opt for unsecured consumer apps. Robust, secure file-sharing systems must deliver not just high-grade encryption and security but also user-friendly integration into familiar digital environments, supporting mobile and remote workflows. One example of such a system is SureDrop by Senetas, a sovereign secure filesharing platform which integrates seamlessly with familiar apps like Microsoft 365, Active Directory, and Azure, offering users a secure yet user-friendly experience.

SureDrop ensures files are encrypted both at rest and in transit, employing FIPS-certified encryption standards, and provides organisations with complete sovereignty compliance by allowing full control over data residency and encryption keys. SureDrop also features robust auditing capabilities, including detailed activity logs and the ability to integrate with external monitoring systems like Splunk, enabling strict oversight of classified information.

The Signal breach serves as a critical reminder for both governments and private sectors. Sensitive information requiring protection extends far beyond classified government communications—financial records, intellectual property, strategic plans, legal documents, and personal information are all susceptible to exploitation. Industries such as healthcare, defence contracting, legal services, critical infrastructure, and media organisations regularly handle information of significant sensitivity and value.

The most secure platform in the world is useless if nobody wants to use it. The goal is to bridge the gap between stringent security requirements and real-world usability. Effective solutions like SureDrop can align with operational realities, offering seamless user experiences without sacrificing essential security. By taking active steps to integrate a secure but user-friendly file share solution, organisations can mitigate risks associated with sharing sensitive information, safeguarding their operations against potentially catastrophic leaks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Vultr spotlighted in Omdia Sovereign Cloud 2025 market report
Researchers reveal data splicing attacks bypassing DLP
Google Threat Intelligence explains China’s evolving cyber tactics
The right approach in controlling the Shadow SaaS sprawl today
NetApp & Google Cloud enhance AI capabilities with update
Top stories
Gigamon appoints Simon Oliver to channel sales lead for APAC
Your personal SaaS accounts could trigger a million-dollar corporate breach
GitLab unveils AI-driven DevSecOps integration with Amazon Q
Aussie Broadband sees 30% gains with SUSE open platform
Exclusive: Abhas Ricky on how Cloudera is powering the AI revolution