Today, the Cloud is a reasonable and cost effective method of storing business data. It means that companies no longer have to manage their own security, replace servers or retain extensive support.
Like any newer technology though, using Cloud technology to share files comes with particular risks and downsides which may not be immediately visible. This article will aim to describe those difficulties and demonstrate what steps a business, and those individuals within the business, should take to ensure they are fully protected.
Not all Clouds are the same.
The first thing to say is that while the Cloud is often thought of as a single entity, it actually describes a whole class of things. The only connection between different Cloud products is that data is not held locally – ie on the device – instead it is accessible by logging into a program on any other device or by sending a link where that piece of data is held.
Free cloud programs, such as Microsoft OneDrive and Dropbox, are essentially just additional storage disks – working in the same way as an external hard drive that you can buy from a shop. Their only purpose is to provide extra storage – like a USB disk you can access through the internet.
They do not have any particular focus on security and in some ways this shows. For instance – if you create a link to a Dropbox file or a OneDrive file, then send that link to another individual, from the moment that you send that link you have no understanding of what happens to that file. The person can download it, change it and send it to other people.
File Sync and Sharing Programs (FSS) are a Cloud File Sharing Solution as well, but they operate in a completely different type of Cloud. They are a hybrid cloud – which means they are integrated within another programs infrastructure. In this case, FSS systems are embedded within a larger security infrastructure which tracks and monitors file usage.
Making a file shareable involves activating it as shareable (in the same way as you might access any other shared folder) and then defining the parameters for sharing that file – for instance deciding who else can see the file (or specific groups) and what security to use to protect it from getting into the wrong hands. Any changes to the file are recorded (so files can be reverted if needs be) and strict permission controls over who can do what are setup. This can include making the file read only, to make it visible or editable for a set period of time or to protect it with a password.
In addition the files which are on the platform are fully encrypted – meaning even if someone manages to hack their way in the files are still protected.
These files – which are shown just like a Windows shared drive (with some kind of indication that they are syncronised) – are made visible and accessible to specifically selected people or groups, the only difference being that these individuals or groups can access them from anywhere on an authorised device. Links to share files with individuals outside the business are as simple to create as a right click, and also feature a range of additional security features to stop the files being copied or stolen.
FSS programs are considered far more business oriented because there is much more control possible over the data itself – whether it is being used to share files internally or externally.
In the same way that a company may have policies about which files can be accessed, with FSS programs they can build on this with the ability to restrict what users can do and stop the files being copied and sent to others. In other words, at no point is the data out of control of the business.
To define the differences in sharing more closely, please see the comparison chart below between Workplace (our recommended FSS solution) and OneDrive for Business.
Understanding what’s best for business
Free often comes at a price. In this case free tools come at the expense of key security features.
Other tools, including DropBox and Citrix Sharefile, are two popular programs with even more distinct and worrying issues when it comes to business security. In these cases they offer highly limited protection for a price, which in most cases makes them totally invalid options for a business which is focused on data protection, governance, risk and compliance.
The biggest problem with these tools is that they were designed for commercial use, and not for the needs of business. This means that they have a total lack of policy-based controls, a lack of encryption and a distinct lack of support. This means companies have no visibility over who views files, what they then do with them and if the storage is hacked then there is no real protection against bad actors gaining sensitive information.
Ransomware, one of the biggest threats to business in 2018, cannot be self recovered either. In the case of Dropbox a support ticket can take upto three days to complete – meaning companies have three days worth of operation where they may not have access to critical files, leaving them unable to work.
Talk to Us – we can help
We understand that for many companies looking to reduce their costs more broadly, or at least control their spending while gaining new abilities to share information, cheap or free methods can be extremely enticing. We recommend learning about the potential pitfalls associated with these routes and taking steps to protect yourself from financial or operational risks.
As a professional technology partner, we advocate the use of powerful tools designed for business and therefore recommend using an FSS program over free tools which carry inherent issues. If you are interested in trying an FSS solution then please get in touch on 01268 627101 and we can setup a free demonstration.