Secure file sharing uncovered
by Mirko Zorz - Editor in Chief - Tuesday, 27 May 2014.
Based on conversations with your clients, what are they most worried about when it comes to file sharing?

We see clearly that security risks are at the top of their minds. Most are worried first about outside hackers and crackers, second about careless or uninformed employees and contractors, and third about insiders, disgruntled employees and contractors. IT is as much worried about threats from inside their organizations as they are of threats from the outside - which is exactly what an enterprise-grade file sync, share, and collaboration service should be designed to mitigate. Policies around authentication, sessions, public links, devices, mobile content management, and dozens of other functions combined with advanced reports and forensics related to user, device, and document activity enable our clients to build systems that are fully compliant with the practices in their businesses.

What are the most important features for a robust, feature-rich and secure file sharing solution?

For business workers, every minute counts. As such, selecting a file sharing solution that works the way they do, on any device, at any time, helps them get things done faster. But, security and compliance are additional factors where companies simply can’t compromise. To support these important requirements, an enterprise-grade secure file sharing solution should offer features in each of the following five categories:

1. Infrastructure – To ensure that there is no possibility of experiencing any service interruption, performance degradation or global malware infections, select a service that has segregated geo-redundant locations with local data storage for privacy and performance. If a business operates only in Australia, Canada, and the UK, there’s no point storing all their data only in Nevada. At a minimum these facilities should have Tier 3 grade operational controls and fault tolerance with greater than 99.9% availability and SLAs to back it up.

2. Security – Enterprise security should be prevalent throughout the solution including encryption in transit, in session and on device, and all locations where user files are stored. It should also employ best practices for key storage and rotation management, two-factor authentication, data leak prevention and device wipe functionality.

3. Mobile productivity – To best support user needs, select a file sharing service that offers integrated, on-device rendering and annotations and integrated, on-device document editing. This will help workers remain productive, where ever they are working. It should also support easy document creation from any device such as a scan to PDF and it should eliminate the need to “open-in” or “open-with” additional third party applications which can slow productivity, add work complexity, or create vulnerabilities.

4. Administration – To support adherence to company governance policies and data leakage prevention, the selected file sharing solution should offer a robust set of administration features that are easy to manage and as granular as a company wants to go. Some administration features to look for include supporting data protection such as versioning, archiving and recovery. Policy controls should be granular with the ability to control access by user, document and device as well as read/write/delete rights by author. If your organization relies on Active Directory, select a service that will integrate with it to better enable role-based access control. Finally, all administration features should be supported by detailed reporting functionality to support compliance auditing.

5. Compliance and testing – To be sure that the service you select is truly compliant and secure, choose one that has had its operational controls tested and validated by a reputable auditing firm. Ask for the auditor’s report covering SOC2 Type 2 operational controls prepared in accordance with SSAE 16 and/or ISAE 3402 standards. Be sure that the audit report is really covering the operational controls of the file sync and sharing provider you’re directly working with and is not just for the physical data center provider (this is an all too common area of confusion). This will give you assurance that the solution meets high standards for both internal and end user operations. Other audits your file sharing solution should have completed include 3rd-party penetration testing, and US/EU Safe Harbor (privacy) audits. Also look for solutions that are HIPAA-compliant and have a BAA statement.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th