Consumer file sharing services in the cloud like Dropbox are popular but they do raise security concerns if they are used at work.
Yesterday’s media storm about the apparent leak of Dropbox customer credentials highlights two things. Firstly that everyone should use different passwords for their services to prevent a hack on one leading to a problem on another. Secondly, that organizations (and individuals for that matter) need to think carefully before putting their data on these public cloud services. And remember, Dropbox is not alone in having issues like this.
Cloud sharing services are being widely used for a simple reason – people want and need to send each other large files. Limits on file sizes that can be sent over their corporate email service mean they have to turn to sharing services that are often outside the organization’s safety net. This makes them a significant security, compliance and e-discovery concern that has to be addressed. For many organizations the risk of confidential information leaking out onto ungoverned consumer file sharing services like this is intolerable.
But it doesn’t have to be this way. You should be able to turn to the cloud to tackle the problem. You should be able to send large files within email and obey data protection procedures in place in the organization. However this does mean a rethink. What is needed is a secure service that can match the employees’ need for flexibility and function, with the IT team’s desire for control, security and visibility without placing a strain on email infrastructure.
Selecting the Right File Sharing Service
Security is, and should be, a key consideration in selecting any new service. Data privacy features can start with role-based access control and encryption for files in transit and at rest, but can differ between services. Integrated anti-malware controls are also invaluable, particularly in terms of protection against spam and phishing attacks, now routinely used in the majority of advanced targeted attacks.
For compliance purposes, it’s important that businesses know where their data and files are shared and stored. In order to help meet compliance standards and to provide a measure of disaster recovery protection, files should be duplicated and stored in geographically dispersed data centers.
It’s also worth finding a solution that provides a 100% service availability SLA including failover during outages in order to help ensure a seamless, uninterrupted service with constant access to files. In addition the service chosen should be as flexible and scalable as possible, providing support for an unlimited number of people at any given time.
A particularly useful function of enterprise-grade file sharing and storage services is the ability to manage all processes and get reporting via a single management console. This saves IT time and money by providing centralized administration and can help to encourage enforcement of corporate policies.
Ensuring Employees Adopt Your Chosen File Sharing Solution
Any service, no matter how well considered and implemented, will not be effective if employees do not buy into it and it‘s not blindingly simple to use. Another application, another login, another password – all these things will limit utilization of the ‘approved’ corporate service and drive them straight back to the consumer services they have been using to date.
Also employees should be well informed of the security issues surrounding the numerous consumer orientated options that are available. Otherwise there’s a strong likelihood that they will continue to make use of them, regardless of the company’s new investment.
Fundamentally though, large files should be shared where all other communication and file sharing is happening – within email itself. So applications like Mimecast’s Large File Send have been designed specifically to do this. Mimecast’s application allows secure file sharing from right inside Outlook and a specifically designed Mac app. This is a best of both worlds approach – best for the employee as they get to share what they want, where they want, and best for the IT team because it’s kept within the policy control and risk management rules of their enterprise.
Large file sharing over the cloud by employees doesn’t have to be risky if the right supporting technology is put in place. With the right alternative, they will happily leave consumer-oriented services and play ball. But you need to choose carefully – so make sure you focus on ease of use, integration with email, back-end reporting and enterprise grade security when making your service selection.