Online file sharing services, which were initially developed to share personal files with friends and family, have spilled over into the workplace. Office workers turned to these services as their corporate email systems limited the size of attachments – it’s a challenging time for IT teams seeking to protect and manage their organization’s confidential information.
Surprisingly few companies have an IT sanctioned file sharing service, which is why Bloor’s new ‘Taking control of file sharing services’ white paper will become so useful to IT teams over the coming months and years.
The research, in partnership with Mimecast, identifies the key considerations for selecting an enterprise-grade service. For those who may not have the time to read the full report, I thought it’d be useful to summarize these considerations on Mimecast’s blog:
Security is the key criteria when selecting a file sharing service - in particular, safeguarding confidential files in the cloud. Therefore, role-based access control and encryption for files in transit and in storage is a must. Plus, enhanced authentication features, such as security tokens attesting to the user identity or mobile pass codes, should be used during very sensitive transactions or for access from less secure locations like public Wi-Fi hotspots.
Also, as malware infections can lead to security breaches, the service should provide integrated anti-malware controls, including content inspection for files and metadata protection. It should also protect against spam and phishing attacks, especially since the latter are used in the majority of advanced targeted attacks.
In addition to external threats, the service should be capable of limiting where and with whom files can be shared, as well as the ability to check content against data leakage prevention policies in order to protect against sensitive content leakage.
Administrative processes. For end user control, clear communication is required of expectations and procedures throughout the file transfer process. In order to ensure that such services can be used throughout an organization, the service should be highly scalable, providing support for an unlimited number of users. There should also be no file upload limit - both in terms of the volume of files and the size of files that can be uploaded. Otherwise, users are likely to bypass the service and continue to use consumer-oriented services.
Device and file support - a wide range of devices, including smartphones and tablets should be designed for. It should provide access via mobile browsers, web, desktop and mobile applications and provide support for a wide range of document types. Therefore, it should integrate with applications and document types commonly used by organizations, such as Microsoft Office, Office 365, email messaging systems, SharePoint and instant messaging.
End user tools such asself-service signup, file recovery and password resetsaid in productivity. Users should also be provided with the ability to perform search and retrieval activities without IT support and no action should be required on the part of the user in the event of a service outage, with the service providing automatic failover should a disruption occur. Ease of use should be at least as good as consumer oriented services, but the functionality offered must be far superior to provide a frictionless service. For example, it should be so tightly integrated with programs such as Outlook that users feel the experience to be seamless.
Centralized administration is one of the key features of an enterprise-grade file sharing and storage service, allowing for central administration and enforcement of policies covering document retention and deletion, scheduling, alerts and error handling. The console should provide reporting functions, including tracking of all activity, including logins, devices connected, and user identities and locations. To ensure that all actions can be attributed to particular users and to assist in provisioning and de-provisioning users, the service should provide native integration with Active Directory and other LDAP directories.
There are also a number of features of any service that should be considered for help in achieving governance and compliance objectives. These should include policy-based archiving according to attributes such as file type, size and date when last actions were taken. It must also provide the ability to adhere to e-discovery and legal hold requests, and ought to provide quick search and unlimited file retrieval capabilities for both administrators and end users.
Awareness and user training is of vital importance, but that is often overlooked. Users should be made aware of the security issues surrounding the use of online file sharing services and the behavior that is expected of them. Policies should be developed and communicated to employees regarding the use of unsanctioned file sharing services to prevent them bypassing the approved corporate service and they should be provided with training regarding the use of the corporate service as ease of use is of paramount importance for ensuring that the service is actively used.
To provide the necessary level of data protection and to benefit from what file sharing services offer in terms of reduced cost, added convenience and improved productivity, my advice is to take a step back - organizations should take a close look at what is already happening within their organization and look to implement a service that caters to all file sharing needs across the organization in a holistic manner. If you'd like to see the full version of the report, you can download a free copy here.
The ‘Taking control of file sharing services’ white paper was commissioned by Mimecast - if you’d like to find out more about Mimecast’s file sharing service, Large File Send, please click here.