May 09, 2016
3 Security Measures Missing from Consumer File Sync and Share
Consumer-grade File Sync and Share (FSS) utilities use public cloud infrastructure and encrypt data “at rest” to protect against security breaches. For personal FSS use, this is completely adequate, but many businesses have more stringent security requirements. Business-grade FSS services offer some important security features that consumer products lack. Below are three security measures to look for when choosing a FSS tool for your business.
As, noted above, consumer-level FSS solutions typically use encryption to protect end user data while it is “at rest” on cloud storage.The data is not usually encrypted “in flight” as it is in the process of being transferred to the cloud. Business-class FSS products can encrypt data being transferred using secure communication protocols. This provides the end-to-end security that many organizations require.
Encryption key management is another important feature to consider. Most consumer FSS vendors manage customer encryption keys to enable sharing between users within and with other domains. On one hand, this is good because users don’t have to worry about losing the key and not being able to decrypt their data. However, some businesses will want to maintain control of the key for security purposes. Some business-class FSS products offer users the ability to manage their own keys for additional security.
Some business-class FSS tools also offer granular encryption settings, which give users more control over data security. Not all data holds the same value, so many business-class FSS solutions allow administrators to specify what data should be encrypted. For example, you might choose to encrypt files only in specific directories.
It is important to consider how the FSS product you choose can integrate with your business’ current security/authentication environment. Typically, consumer-grade FSS products do not offer the level of integration many businesses need.
Many business-class FSS products offer Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) integration for user account provisioning and authentication. In other words, the tools can integrate with existing directories and permissions instead of recreating them. Some business-class FSS products can integrate with single sign-on (SSO) processes as well.
Finally, some business-class tools offer integration with data loss prevention (DLP) software. If your business needs dictate the use of DLP software, this should be considered essential when choosing a file sync and share tool.
Activity logging, sometimes referred to as auditing or reporting, is another feature that many consumer products lack. As its name implies, this functionality is designed to keep a running log of user activities within the FSS environment.
Functionality varies between different tools, but many business-class products offer detailed visibility into individual user activity—what files they access or modify, who they are sharing files with, etc. These capabilities are designed to allow administrators to identify suspicious employee behavior.
It’s important to remember that not all security threats come from outside of your organization. Employees account for 43% of data loss, according to a recent Intel Corp., survey—and intentional deletion made up half of that percentage.
While consumer-grade FSS tools are great for increasing employee productivity, they can expose businesses to security vulnerabilities. Business-class FSS tools offer features that can guard against data loss and streamline security processes by integrating with the rest of your IT environment.