FTC Warning on Sharing Files in the Cloud

March 26, 2013

As part of a research project I’m doing on data breaches, I came across some great practical advice about file sharing in the cloud, courtesy of the Federal Trade Commission. By the way, the FTC also has  extensive information on security incidents. In any case, this 2010 report warns businesses to carefully review the risks of sharing data outside the corporate intranet via cloud services.

The FTC reminds medical and financial organizations that they are under special obligations to protect social security and bank account numbers, healthcare data, and other personal information.  But any business that has PII that can potentially leak out of their IT infrastructure will find their guidelines very useful.

It’s not that the FTC is against external data sharing in the cloud—which they refer to in the report as P2P file sharing—but they ask companies to consider the risks. Here’s a key section that nicely summarizes the drawbacks:

People who use P2P file sharing software can inadvertently share files. They might accidentally choose to share drives or folders that contain sensitive information, or they could save a private file to a shared drive or folder by mistake, making that private file available to others. In addition, viruses and other malware can change the drives or folders designated for sharing, putting private files at risk  … Once a user on a P2P network downloads someone else’s files, the files can’t be retrieved or deleted. What’s more, files can be shared among computers long after they have been deleted from the original source computer …

And for those companies that do use P2P, the FTC suggests a few measures to improve security:

  • Bring the P2P software in-house and only give access to authorized users
  • Delete sensitive information you don’t need, and restrict where files with sensitive information can be saved
  • Use appropriate file-naming conventions that are less likely to disclose the contents
  • Monitor your network to detect unapproved P2P file sharing programs

If you’re currently looking for an in-house solution that satisfies the requirements above, check outDatAnywhere.  DatAnywhere offers the cloud experience without the cloud.  It’s a no-compromise security solution that uses your organizations existing file sharing infrastructure to provide file sync services, mobile device access, browser access, and 3rd party collaboration.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

My Grandmother Uses Dropbox — Why can’t I?

August 14, 2012

My first involvement with tech occurred in the early 80s. I recall the days of modems, time division multiplexors, acoustic couplers, and dipswitches. Most people don’t realize it, but cloud based file sharing existed in the 80s, but required an account with a major X.25 “cloud” service provider, such as Tymnet or Telenet.

At the risk of sounding nostalgic, back in the day, only people who had a keen interest in electronics (mainly, those of us under 30) were exposed to these esoteric products. Neither my grandmother nor my mother understood technology and, frankly, I never tried to explain it to them. It was a language that only a privileged few could understand. That has certainly changed.

Today, grandma owns an iPad, has a Twitter account, does her banking online, and knows what megapixels are. She texts, tweets, and takes pictures…lots of pictures. She happily uses the modern cloud to post pictures on Dropbox so her niece—who is going to school for archeology in the Middle East—can see the scarf grandma is knitting her for Christmas.

So, if grandma can use Dropbox, WHY…CAN’T…I?

That’s a question that business areas are asking IT professionals on a daily basis.

In order to answer the question, we need to examine why grandma is using Dropbox. Simply speaking – it’s easy to use. Grandma logs in with her username and password, drags and drops her scarf photo, and voila, her niece can download and view the picture almost instantly.

Unlike previous X.25 cloud services like Tymnet and Telnet, current cloud-based file sharing services, including Dropbox, have done a fantastic job adhering to the mantra – “Simplicity as a Design Goal.” Many other consumer-oriented services and products also have gained widespread adoption following the same blueprint – e.g., the iPod.

So, when the person who runs the HR Department comes to you and tells you that she’ll be using Dropbox to share employee information with a vendor (just as easily as she shares her family photos), what do you tell her? And, more importantly, what alternative can you provide her for sharing sensitive information with third parties?

Here’s a list of 5 tactics you can use:

1. Explain that consumer-oriented web sites don’t provide the same level of protection as modern enterprise IT systems.

2. Explain that while protecting pictures of a scarf with a username and password may be appropriate, protecting data which contains an employee’s social security number, home address, and medical information deserve more than password protection.

3. Explain that data breaches occur on a regular basis on cloud based services and losing data can cause irreparable harm to a corporation.

4. Explain that regulatory requirements force many companies to review entitlement on an ongoing basis, to verify access by auditing data use, and to encrypt certain types of data. Most cloud-based file sharing services do not allow for these types of controls.

5. Explain that there are alternatives! Specifically, there are products that can provide similar functionality, that are easy to use, that can be used to share both employee records and pictures of a scarf, without sacrificing security.

http://www.varonis.com

 

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Top 5 Reasons Why Organizations Want a Dropbox Alternative

July 12, 2012

During a recent visit to Brazil, I encountered many customers and partners who faced a similar challenge – providing their clients with a safe, secure and genuinely easy way to share files and collaborate with data.  All faced a number of barriers and none were happy with the current offerings of cloud based file sharing solutions.  Generally speaking:

  • All required a secure way to share files with internal and external people– partners, vendors and employees
  • All tried to block access to file sharing sites and no one thought they were successful in doing so
  • All were concerned about the additional resource requirements to manage and control cloud file shares
  • Many wanted the same user experience and processes  for internal  and external collaboration
  • Not one had a plan to fulfill these requirements
  • All were required by the business areas to provide a solution in the near term

The following 5 criteria summarize their requirements, which are not currently fulfilled by cloud based file sharing solutions:

1. Ongoing guarantee of rightful access

Customers clearly state that the security of cloud based file sharing solutions is a primary concern.  They require a comprehensive audit trail of all usage activity, the ability to ensure permissions are granted and revoked at the appropriate times by the appropriate people, and the ability to develop different profiles for different data and people based on data sensitivity, customer location, and role.

2. Ability to leverage existing infrastructure and processes

Customers want to leverage their existing infrastructure and processes instead of purchasing a new solution, and have no wish to reinvent their processes for managing data on a third-party cloud solution.  Customers have processes and applications to perform backup, archival, provisioning and management of existing infrastructure, and they are confused about how to perform these functions within a cloud-base file sharing solution.

3. Ensuring Reliability with Accountability

IT organizations have defined service levels for their internal clients,  and are accountable for the delivery of each service. If they don’t deliver, there is no question about whose responsibility it is.  Service levels associated with cloud based file sharing must be negotiated like other third party services – there are typically few guarantees of performance and remedies for non-performance are limited.

4. Providing an intuitively simple user experience

Regardless of the solution, IT Managers are very concerned about a new user experience for their clients.  Most indicate that a different user experience will require training, impact the number of calls for support, and reduce productivity at least temporarily.  Ultimately, IT Managers would like leverage the user experience that their user population has already mastered.

5. Predictable expense

Typical cloud based file sharing solutions are priced based on amount of storage— storage requirements often grow at a surprising rate. Customers may need to negotiate storage costs with cloud providers on an ongoing basis.

1 Comment | Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 751 other followers