So, what does secure file sharing actually look like?
The US government already operates several highly secure messaging platforms, such as SIPRNet, JWICS, and NIPRNet, specifically designed for classified or sensitive communications. However, the primary vulnerability often isn't technological; rather, it's the humans who use these systems. Convenience frequently drives the selection of communication tools, overshadowing critical security considerations. This tendency creates "shadow IT" scenarios, where employees resort to unofficial and less secure applications because authorised platforms are cumbersome, slow, or difficult to access remotely.
Popular apps like Signal, WhatsApp, and even standard emails attract users with their user-friendly interfaces, rapid setup, and seamless integration into daily digital workflows. Data shared in high-pressure situations often carries transient value—such as precise timings for military operations—rendering cumbersome security processes seemingly unnecessary or impractical in the moment. This classic security-usability trade-off pushes users toward quicker, simpler solutions, unintentionally opening doors to significant breaches.
Yet, ease of use alone does not account for all leaks. Many incidents stem from inadequate encryption standards, absence of comprehensive audit trails, or lack of integration with existing secure systems. Leaks can also occur inadvertently when sensitive files mix with unsecured data-sharing methods or when files are mistakenly forwarded without proper access controls. Metadata leakage—details such as sender identity, timestamps, or frequency of communications—can also inadvertently expose sensitive patterns, particularly in intelligence environments.
Cross-agency or external collaboration further complicates matters. When partners lack secure communication channels or clearance, secure and insecure tools inevitably merge, increasing the likelihood of breaches. The risk escalates with insider threats—intentional or accidental—when employees bypass security protocols, using personal devices or unsecured cloud services for convenience. These informal practices deprive organisations of visibility and control over their sensitive data, making it nearly impossible to enforce policy compliance or track information flows.
Addressing these challenges demands a thoughtful approach, considering the reasons employees opt for unsecured consumer apps. Robust, secure file-sharing systems must deliver not just high-grade encryption and security but also user-friendly integration into familiar digital environments, supporting mobile and remote workflows. One example of such a system is SureDrop by Senetas, a sovereign secure filesharing platform which integrates seamlessly with familiar apps like Microsoft 365, Active Directory, and Azure, offering users a secure yet user-friendly experience.
SureDrop ensures files are encrypted both at rest and in transit, employing FIPS-certified encryption standards, and provides organisations with complete sovereignty compliance by allowing full control over data residency and encryption keys. SureDrop also features robust auditing capabilities, including detailed activity logs and the ability to integrate with external monitoring systems like Splunk, enabling strict oversight of classified information.
The Signal breach serves as a critical reminder for both governments and private sectors. Sensitive information requiring protection extends far beyond classified government communications—financial records, intellectual property, strategic plans, legal documents, and personal information are all susceptible to exploitation. Industries such as healthcare, defence contracting, legal services, critical infrastructure, and media organisations regularly handle information of significant sensitivity and value.
The most secure platform in the world is useless if nobody wants to use it. The goal is to bridge the gap between stringent security requirements and real-world usability. Effective solutions like SureDrop can align with operational realities, offering seamless user experiences without sacrificing essential security. By taking active steps to integrate a secure but user-friendly file share solution, organisations can mitigate risks associated with sharing sensitive information, safeguarding their operations against potentially catastrophic leaks.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
22-05-2025
- Techday NZ
Proofpoint acquires Nuclei to boost AI workplace compliance tools
Proofpoint has acquired Nuclei, a technology company specialising in compliance archiving and AI-driven data enrichment for workplace communications. The acquisition will see Proofpoint extend its digital communications governance offering with additional capabilities to capture, retain, and analyse communications data across collaboration platforms such as Microsoft Teams, Slack, Zoom, Webex, WhatsApp, and RingCentral Voice. Proofpoint has outlined that it will continue to support integration with a broad range of archive and data governance platforms, ensuring its connectors can deliver compliant interoperability for a wide variety of customer environments. Harry Labana, Senior Vice President and General Manager of Proofpoint's DCG Business Unit, said: "This acquisition enables us to accelerate our mission to deliver the most advanced and comprehensive AI-powered digital communications compliance platform in the market today, and we are excited to welcome Nuclei's talented team to Proofpoint. "By combining Proofpoint's leading human-centric security platform with Nuclei's pioneering technology, we can provide our customers with enhanced regulatory compliance while unlocking valuable insights from conversational data, which will be a game changer, particularly for highly regulated industries." The Nuclei platform offers several features for organisations, including the ability to capture and archive data from more than 100 applications. It can automatically collect messages, attachments, and metadata from a wide range of collaboration tools. AI transformation tools available through Nuclei include speech recognition in over 120 languages, real-time transcription, automatic translation, and video analysis. These functions are intended to help organisations derive actionable insights from their communication data. The platform is also designed for seamless integration with several major compliance archives, including Proofpoint, Smarsh, Global Relay, Arctera, and Microsoft Purview, to support organisations in meeting regulatory requirements. Nuclei's infrastructure is built on a serverless architecture on Amazon Web Services. It incorporates real-time compliance and security measures such as third-party audits by firms like Vanta, as well as end-to-end encryption that protects data in transit and at rest from capture through to storage. The value of human communication as a source of insight, process automation, and risk identification is a key area that Nuclei seeks to address by enabling capture, archiving, and analysis of communications data for intelligence extraction and compliance assurance. Eric Franzen, Chief Executive Officer of Nuclei, said: "At Nuclei, our mission is to democratise access to the world's most valuable data by transforming workplace communications into structured, compliant, and actionable information. "This vision has fuelled our innovation from the start. Partnering with Proofpoint allows us to extend that impact by helping the world's largest organisations boost productivity across hundreds of collaboration platforms while staying ahead of growing regulatory requirements." Proofpoint holds the status of a Leader in the 2025 Gartner Magic Quadrant for Digital Communications Governance and Archiving Solutions, based on completeness of vision and ability to execute.
Techday NZ
19-05-2025
- Techday NZ
MirrorWeb launches Sentinel to cut false compliance alerts by 90%
MirrorWeb has released Sentinel, a communications supervision solution designed to address the challenge of rising compliance alerts fuelled by digital communication platforms. The increasing use of tools such as Teams, Slack, WhatsApp, LinkedIn and iMessage has led to a surge in data volumes that compliance teams must monitor. According to figures from the Institute of International Finance, 75% of financial firms experienced a 50% increase in compliance alerts during the past year. This overload has created concerns for compliance officers, with 67% reporting that they fear missing critical risks, which could result in fines from regulators. The financial sector has already faced penalties for lapses in compliance, as highlighted when the SEC fined JPMorgan Chase USD $125 million last August for inadequate management of communications compliance. Sentinel, MirrorWeb's newly launched platform, aims to help organisations reduce the number of false positive alerts generated by legacy monitoring systems. In product testing, the company reports reducing such irrelevant alerts by up to 90%. The solution is built using natural language processing and intelligent risk scoring to highlight genuinely risky communications, rather than relying on basic keyword matching. This approach enables the system to assess the intent and context behind messages, offering what MirrorWeb describes as a more accurate identification of potential compliance risks. Key features highlighted for Sentinel include intelligent risk scoring, a pre-configured scenario library, comprehensive conversation capture, audit-ready reporting, and security features designed with privacy in mind. The risk scoring function analyses communications for intent, sentiment, and likely impact, allowing teams to focus resources where they matter most. The scenario library covers over 110 scenarios across eight risk categories, while the conversation capture function records entire threads, including message edits and deletions, to provide investigators with full context. Every alert flagged by Sentinel is accompanied by reasoning that references specific policy requirements. This is intended to help compliance professionals prepare for regulatory audits and inquiries. Security measures are also emphasised; all communications data is encrypted, not used to further train AI models, and is managed under standards such as SOC 2 and ISO 27001. Jamie Hoyle, Vice President of Product at MirrorWeb, said, "Compliance has evolved beyond just ticking boxes; it's about making informed decisions that safeguard the business. Sentinel helps customers cut through the noise, focusing on real risks - the needles in the expanding data haystack. We have worked with our customers to develop innovations that meet their needs and address today's most pressing compliance challenges." "Our Risk Scoring system and comprehensive Scenarios Library minimise the burden of false positive alerts, providing compliance professionals with the clarity and confidence to efficiently manage today's spiraling communication risks." As supervised communication channels become ever more pervasive in regulated industries, companies face mounting regulatory scrutiny. Tools such as Sentinel are positioned to support compliance efforts by focusing investigative attention on genuinely high-risk content and offering audit-ready data for regulatory review.
Scoop
07-05-2025
- Scoop
NSO To Pay $168 Million In Damages To WhatsApp For Pegasus Spyware Hacking
Yesterday, May 6, 2025, a California jury found that NSO Group should pay $447,719 in compensatory damages and a staggering $167,254,000 in punitive damages for targeting WhatsApp's infrastructure with Pegasus spyware. This is the first time NSO, which has been at the center of human rights violations against journalists, activists, and dissidents around the world, is to pay damages for its hacking operations. The decision comes after a weeklong trial and a six-year bitter legal battle between the notorious Israeli spyware company and U.S. Big Tech giant Meta. In January 2025, the U.S. District Court of Northern California judge ruled in a historic summary judgment decision that NSO violated federal and California state hacking statutes and breached WhatsApp's Terms of Service, leaving the jury to decide only on how much damages NSO would have to pay. 'Today's verdict against NSO is an enormous victory for digital rights and for victims of Pegasus spyware around the world,' said Natalia Krapiva, Senior Tech Legal Counsel at Access Now. 'Congratulations to Meta for sticking with their lawsuit and holding NSO to account. We urge other companies whose infrastructure and users are targeted by NSO and other spyware companies to explore filing similar legal actions.' For the past six years, Access Now and civil society partners have been advocating for accountability for NSO for targeting WhatsApp's users with Pegasus spyware. In December 2020, Access Now, along with partners, submitted an amicus brief highlighting the stories of civil society victims of NSO when the case was heard by the U.S. Federal 9th Circuit Court. 'This verdict sends a clear message to spyware companies that targeting people through U.S.-based platforms will come with a high price,' said Michael De Dora, U.S. Policy and Advocacy Manager at Access Now. 'It underscores the importance of U.S. institutions protecting the digital infrastructure and individuals that rely on it from unlawful surveillance.' In November 2022, Access Now and partners asked the Solicitor General to consider NSO's human rights conduct when making recommendations to the U.S. Supreme Court about the case. After the 9th Circuit Court ruled against NSO and the Supreme Court denied hearing NSO's appeal, the case went back to the District Court in Northern California, resulting in today's verdict.
