Much has been written about the increase in adoption of online file-sharing (OFS) and cloud based collaboration solutions. Up until recently, these tools have been primarily found in the consumer market with products such as Dropbox. But recently, more offerings targeted at businesses are available on the market. Those targeted toward business use differ from consumer products in that they have a centralized administration console to enable provisioning, management, and monitoring of individual user accounts, as well as centralized billing and shared storage quotas.
At the same time tools for business are being introduced, conventional consumer-focused vendors, such as Dropbox and SugarSync, have created offers for business use. Consumer offerings were not really designed to provide IT with administrative control or visibility into the file-sharing environment. The upswing in the use of mobile devices by employees is a main driver behind the adoption of online file-sharing and collaboration solutions at the corporate level.
- Enterprise use of OFS solutions is growing rapidly, with a recent study showing that 28 percent of organizations have established a cloud-based, corporate OFS account, and 61 percent expect to do so within two years. However, enterprises are still unsure about adopting these solutions, mainly because of security concerns. These security issues include data leakage, Web-based threats, and application-layer vulnerabilities. Organizations also struggle with ongoing questions about data ownership and regulatory compliance in an online file-sharing environment.
- One of the biggest security challenges for current users of online file-sharing solutions is that the online file-sharing service provider itself will be attacked, potentially leaving customer data vulnerable to theft. An example of this vulnerability was the recent breach of Dropbox. Although that incident was not disastrous, resulting mostly in spam and inconvenience for Dropbox customers, the spam issue seems to continue as a problem. Online file-sharing platforms could be the target of studied attacks in the future, based on the volume and value of the customer data as it passes through. The combined amount of business data stored in these solutions presents a valuable target for hackers.
- To protect against such attacks, most online file-sharing providers ensure data is encrypted and that the encryption keys are stored at a different location than the data so that attackers would, at the very least, have to break into two data centers to gain access to usable data. And most OFS providers, including Dropbox, have introduced optional two-factor authentication. In addition, attacks intended to steal an administrator's password are of concern. For IT professionals, recognizing how and where encryption keys are held and protected is extremely important, as well as the ramifications of an administrator password theft for any online file-sharing and collaboration provider an enterprise is using or considering. IT managers should also ask about and understand which employees in the provider's organization have access to their passwords and data.
- Organizations that have adopted online file sharing are often concerned about data leakage, whether accidental or intentional, by their own employees. The growth of corporate information being available on a greater number of employee-owned devices can increase risk and is a good reason to deploy a corporate OFS solution to monitor file usage patterns and detect anomalies, as well as wipe corporate data if a device is lost or stolen. IT needs to OFS-enable the mobile workforce or employees will use their own file-sharing solutions. This is a dangerous practice because IT loses control of data and has no visibility into where it is stored or who it is shared with.
- Organizations are also concerned with compliance with industry regulations as a result of their online file-sharing usage. Service providers can't be fully compliant in their own right—the Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), and other regulations are a shared responsibility between the service provider and the subscriber. More and more service providers are providing tools and controls to enable compliance across many industries.
OFS is becoming an increasingly important tool to IT managers. It helps organizations reduce storage and administration costs, and improves employee collaboration, workspace flexibility, and productivity. But enterprises continue to have issues with security and governance. There's no sure thing when it comes to security; data is at risk whether within the four walls of the enterprise or at a service provider. Most service providers understand this risk and have invested in improving security. Many are even integrating data loss prevention and information rights management controls. With so many offerings available, enterprises likely will be able to find a solution to their security requirements in the cloud, regardless of the potential threat.
Are there additional topics on OFS security that should be discussed in this forum? Please comment below.