The need for secure ways to collaborate, share, and sync files has become a top priority for many businesses. In fact we observe file sync and share solutions becoming one of the hottest technology growth categories in the market. Dropbox as an example has over 180 million registered users. Many technology companies are developing and launching new business versions of Dropbox like products. Forrester Research quoted in a research report published in July that “The explosive proliferation of powerful mobile devices has led to employee demand for [file sync and share solutions] that will allow seamless access to enterprise content from any device.” As BlackInk IT works with businesses, we see a variety of solutions being used with clients and many times very little thought to the security and compliance threats with popular technologies on the market. We would agree with Gartner’s published research in February quoting: “Personal cloud services such as Dropbox, Apple’s iCloud and Google Drive …represent a serious security and compliance threat for an IT organization, because employees can share corporate documents with third parties, or store documents…completely out of an IT organization’s control.”
When considering the security and compliance threats with any file sync and share solution, it is important to recognize risks beyond company miss steps like Dropbox embarrassing security blunders having their list of user accounts (i.e., email addresses) compromised resulting in many of their users being spammed mercilessly. BlackInk recommends businesses consider the following list of potential threats in evaluating and implementing any solution.
Security Threats to Consider
- Broader access to information beyond what was assumed to have been granted; best to have capabilities to define sharing permissions for sub-folders.
- Risk of employees syncing files to a personal device / system. Establish controls on synchronization outside the company’s secure network and devices.
- Vulnerability of synchronization process uploading infected documents with the capability of compromising your entire company’s file / knowledge assets.
- Vulnerability within the solution to unauthorized access; ensure strong encryption exists at three levels
+ File In-transit encryption
+ File at-rest encryption
+ Account level encryption key
- Loss of critical files and/or most recent versions; ensure you have controls to avoid version issues with files being shared and knowledge of who made changes.
+ Version Control – Lock files for editing
+ File version history
+ Audit log of all events
- Loss of company knowledge assets due to stolen devices or terminated employees; ensure you can perform a remote “wipe” of all files through a management function.
BlackInk IT has several solutions deployed with customers that mitigate the security risks noted in this article. Two solutions we know to be superior would include Alfresco and ShareSync. BlackInk can assist companies in a review and demonstration of Alfresco and ShareSync or we can assist in an expanded analysis of other file sync and share solutions available to evaluate. A sample includes; Accellion, Acronis, AirWatch, Alfresco, Apple iCloud, Box, BoardVantage, Citrix, Dropbox, Egnyte, EMC, Google (Google Drive), Hightail (formerly known as YouSendIt), IBM, Intralinks, Microsoft (SharePoint and SkyDrive Pro), Novell, Salesforce.com, ShareSync, WatchDox, and Workshare. Alfresco and ShareSync along with several others offer mobile support, various levels of security, various levels of certification (i.e., FDA validation) and provide links to systems of record. Please contact BlackInk IT if you want to learn more about BlackInk’s experience and offerings.
About BlackInk IT
Founded in 1993, BlackInk IT is a privately-held corporation headquartered in Indianapolis, Indiana. BlackInk IT is known as a leader in solving complex business problems using a suite of Information Technology (IT) services including Managed IT Services, Consultation, and Business Application Services that allow our customers to focus on running their core business. Leveraging best-in-class technology, experience and insight to deliver business strategies and efficiencies, BlackInk IT tailors their solutions to meet each client’s unique business and technical needs. A pioneer in Managed Services, BlackInk IT currently serves small to mid-sized companies with additional expertise in industries including accounting, life science, legal, professional services, government, education, insurance and healthcare. For more information about BlackInk IT, visit http://blackinkit.com