...Is your cloud file-sharing platform fit for the enterprise?
In this article, Mark Edge, UK Country Manager of Brainloop writes about the security risks of using public cloud-based file-sharing platforms at work, and how businesses can implement a more secure file-sharing strategy.
To avoid the loss or misuse of sensitive information, Mark offers 9 pointers about making secure file-sharing work in the workplace. These include:
- Selecting an enterprise-ready file-sharing platform that is intuitive and that can be integrated into the business workflow, to avoid bottlenecks and backdoor leaks
- Using a solution that allows employees to securely manage and collaborate on confidential documents both in the office and remotely
- Always think of security and convenience as going hand-in-hand, not as being either/or
- Establishing a clear policy for document security in the workplace and ensure all employees understand it
- Putting security measures in place that prohibit changes being made to documents unless authorised
- Regularly monitoring and auditing your network to check for any unauthorised activity.
A recent survey* has revealed that accidental data sharing by staff now produces a greater amount of lost datathan software vulnerabilities. 29 per cent of respondents to the Kaspersky study reported they had suffered accidental data leaks by staff during 2014.
Whilst the study does not directly point afinger to consumer-file sharing apps like Dropbox and Google Drive, their increasing use in the enterprise cannot be denied. The security risks of using these consumer file-sharing apps for enterprise information are well documented. Employees are using these sites because they are simple to use, are often free to use or can be purchased without officially requesting new infrastructure, and can be installed quickly on your own device without the involvement of IT.
However, this is causing a major headache for IT departments frightened of losing control of files inside and outside the workplace, especially as compliance requires knowledge of and control over the data’s location. And with no centralised management or security, these consumer-grade file-sharing platforms can be a nightmare for IT administrators.
The problem with consumer file sharing tools is that this type of file sharing is usually based on the public cloud. Sharing high-value confidential and sensitive data on public platforms such as Dropbox creates real security and compliance risks.
Under the Data Protection Act 1998, when a business loses personal data, the Information Commissioner's Office (ICO) has the power to fine it up to £500,000 and even in extreme cases send individuals to prison. What makes this an even bigger issue is that personal data has a wide definition – namely, any information that can be used to identify an individual. Businesses who don’t flag this up will one day be caught out and could face very hefty fines.
But secure file sharing and collaboration is possible and does not have to be complex. IT departments responsible for data security know confidential data must be made accessible to those with a need-to-know and protected from access by others. The challenge is putting the right levels of control in place to ensure the business workflow runs smoothly.
A holistic approach to data security and file sharing in business in the 24/7 digital economy is the best way forward. It will not be long before businesses start to ban the use of consumer storage platforms such as Dropbox in the workplace. So it makes sense to tackle the so-called ‘Dropbox Dilemma’ in your workplace now. Here are a few pointers to putting the right level of control in place to make secure filesharing work in your workplace.
1. When looking for an alternative enterprise-ready file sharing and collaboration solution it is important that it is all encompassing. It needs to be intuitive and integrated into the business workflow so as not to cause bottlenecks and backdoor leaks.
2. With an increasingly mobile workforce, the solution must allow employees to securely manage and collaborate on confidential documents and other information both within the local IT infrastructure andalso remotely – i.e. across the Internet and on mobile devices.
3. Don’t be caught out by opting for a solution that will force you to choose between convenience and security. The two, along with an intuitive interface for less sophisticated users, should go hand in hand.
4. Data leaks areusually down to three types: the careless, the clueless and the malicious. Cover these off on your security protection and you are eliminating the majority of risk that affects companies.
5. Establish a clear policy for document security in the workplace and ensure that all employeesunderstand it.
6. Highly confidential data should be pinned down and accessed only on a need-to-knowbasis.
7. Put security options in place that prohibits changes being made to documents unless authorised.
8. Even if you ban certain file sharing programmes, some people might still try and install them. It is important to monitor and audit your network on a regular basis. Scan activity logs on a daily basis to check for any unauthorised activity on the network.
9. Don’t forget having secure file sharing in place can improve your bottom line as it significantly reduces the risk of losing sensitive business information as well as financial vulnerabilities linked to failing to comply with laws and regulations.
By making security your goal and establishing exactly the level of security you need in place for file sharing and collaboration you can stop worrying about security threats and get on with the job in hand – running a successful business that can take full advantage of growth opportunities.
* Source - Kaspersky
About Mark Edge
UK Country Manager and VP Sales, Brainloop Ltd.
Mark Edge joined Brainloop in September 2014 and brings over 20 years of sales experience in the IT, security and networking industries. In his current role he is responsible for building out Brainloop’s UK team and driving the company’s growth across the region.
Prior to joining Brainloop, Mark was Regional Vice President of Sales, UK and EMEA for Watchdox where he was instrumental in establishing what was then a little-known brand in the region, creating and building a pan-EMEA team.
Mark’s career has also seen him deliver senior sales roles for a number of blue chip technology companies including IBM, A10 Networks where he grew revenue year on year for three consecutive years and Citrix, where he ran application networking solutions sales for North America and EMEA.
Mark has a degree in Economics and Russian from the University of Surrey. As well as speaking Russian, Mark can also speak in French, Dutch and Swedish.