Cloud File Sync & Sharing: Risks and Solutions (Part 1)

Secure Cloud
This blog post is the first in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Failing to provide a secure, reliable service, puts your data — and your business — at risk.

Case Study 1: Inside Sales Disappear

An inside sales representative at a B2B industrial supply company was signing on new customers.  While the contract were all boilerplate, the rep use a personal Dropbox account to share them with customers for signature and to store them once signed.  After failing to be promoted, the rep quit the firm.  The company had no copies and no access to dozens of customer agreements.

Case Study 2: Order Management Gone Wrong

A customer service rep was using a personal file sharing service to send/receive credit card authorization forms with customers and, unintentionally, his family.  The company became aware of the problem (and PCI violation) when a customer called to inquire about an attempted electronics purchase the day after they had provided the form.  The rep’s teenage son had attempted to make an online purchase with “credit card number in Dad’s account.”

Case Study 3: No Backup = No Restore

A CEO recently contacted his IT department, asking that  they restore several critical files needed for a business meeting the next day, as he could no longer find them.  After searching several iterations of backups and audit logs, they informed the CEO that the IT team could not find any indication that the files had ever existed. The CEO had created the documents locally on his PC, then placed them in a personal file sharing service so that he could access them while traveling.  Without any protection, restoring the deleted files was impossible.

While these examples may seem extreme, if your employees are using personal, unsecured file sharing services, they may already be happening to you.

Back in September, we posted about the increasing problem of rogue cloud services.  Over the course of this series, we will look specifically at cloud-based file sharing services, their risks, and solutions that protect your data, your reputation, and your business.

Google Meets Security Best-Practices; Most Cloud Providers Fail

Recently, the Electronic Frontier Foundation (EFF) released a survey of how well common cloud providers meet the EFF’s 5 security best practices.

Google Apps and Dropbox are the only two vendors to meet all five standards.  Microsoft, most notably, fails to meet or confirm four of the five standards, as follows.

Encrypt Websites with HTTPS

Both Microsoft and Google support the use of HTTPS to encrypt data between the user’s computer and the web site/service.  As a best practice, Cumulus Global forces HTTPS for all Google services.

Enable HTTP Strict Transport Security (HSTS)

HSTS uses secure communications to prevent certain attacks if a network pretends that the site visited has asked to communicate insecurely.  Google enables HSTS; Microsoft does not.

Encrypt Data Center Links

To prevent somebody with physical access from attacking, this practice encrypts data between a company’s own cloud servers and their data centers.  Google follows this practice; Microsoft does not.

Implement STARTTLS for Email Transfer

STARTTLS encrypts communications between email servers when both servers support the service.  Google uses STARTTTLS and provides users with the ability to utilized Policy-based TLS as well.  Microsoft’s service is non-compliant with this best practice.

Use Forward Secrecy for Encryption Keys

This best practice ensures that should a hacker gain access to a provider’s secret key, they cannot read previously encrypted communications.  Google follows this best practice; EFF was unable to confirm that Microsoft is compliant.

For more information, see the full Gizmodo article here.


Gmail: Save Attachments to Drive (it’s about time!)

Finally!  OMG!  Booyah!  Oh, Vey!

You can now save attachments directly to Drive from within Gmail messages.

Rolling out to Google Apps for Business, Government, and Education over the next week or so, you no longer need to download to your desktop or “Downloads” folder and then sync or upload files in Drive.

From inside the message, you can preview or save files directly into drive, with the ability to browse and select folders.

Click here for more info and usage examples.

Be More Social with Secure Google+ Communities

google-plusBusinesses often hesitate to use social media tools internally, fearing that information may be shared too broadly or outside the company in error.  Google has taken a major step to alleviate these concerns with the recent announcement of Secure Google+ Communities for organizations running Google Apps for Business, Education, and Government.

Going forward, all Google+ communities are only visible to people within your domain.

You can still create and share communities with external parties — customers, vendors, business partners — utilizing a new suite of management settings.

Why use Google+ Communities?

  • Encourage employees to share more information about themselves in their profiles, such as skills and interests, making it easier to find peer resources and discuss new ideas
  • Sharing files from Drive is easy, as is sharing videos
  • Threaded discussions and comments facilitate communication and teamwork, even across functional areas
  • Manage events, meetings, and hangouts
  • Better engage your Gen X and Y team members

You can learn more about the power of social tools, and other ways of getting more from Google Apps, by viewing the recording of our recent event in New York.  The event was co-hosted by Google with The Manhattan Chamber of Commerce, The 4th Bin, and Google Gooru as supporting sponsors.

Cumulus Global in the News Recently

Cumulus Global is active in the cloud solution provider channel and markets.  Allen Falcon, our CEO, has been quoted several times recently in the trade and industry press.

Nice Work If You Can Get It: The IT Talent Shortage Is More Serious Than You Think
CRN: November 4, 2013
Our View:  IT talent is out there, but too often lacks the business understanding necessary to delivery the best solution.

Annual Trivia Bee in Westborough to Support Schools
Community Advocate, November 4, 2013
Our View:  We are proud to support the Westborough Education Foundation and the innovative programs it supports via educator grants. Combines Business Strategy, Modeling Tools and Educational Programs for Cloud Service Brokers
PRweb: October 29, 2013
Our View: You cloud solutions provider needs the right business model if they are going to support your business well.

Google CEO: Flying Cars, High-Altitude Balloons On The Way … Some Day

CRN, October 25, 2013
Our View: Google continues to demonstrate innovation and advanced technologies that will, at some point, enter the markets we serve

Government Shutdown Ends, but VARs Wary of the Future
CRN, October 17, 2013
Our View: Uncertainty continues to hamper growth, as companies hold off on major spending

Acer Targets Booming Education Market With Latest Chromebook
CRN, October 10, 2013
Our View: Performance and durability are important considerations for schools selecting a Chromebook model.

Cumulus Global named to CRN’s Next-Gen 250 For Second Consecutive Year
MarketWatch, September 12, 2013
Our View: We are honored to be recognized for our innovation, services, and success


As XP Retires, Should You Go Virtual?

Next April, Microsoft ends support for Windows XP.  While your applications will continue to run, for now, XP will not longer receive security updates.  XP will no longer support all future updates to your applications, which can render applications inoperable.

The logical next step seems to be upgrade, but at what price?

Bringing a Windows XP environment up to Windows 8 (or even Windows 7) has a cascade effect that easily becomes an expensive proposition, especially if you do not have free upgrades available for applications and utilities as part of support contracts or subscriptions.

Most computers running Windows XP cannot support the increased demands of Windows 7 or 8.  With slower processors and less memory, expect that you will need to replace some, if not all, of your desktops and laptops.

Moving to Windows 7 or 8 means moving to a 64-bit operating system.  If you have not done so yet, you will need to pay to upgrade your Client Access Licenses, or CALs, to 64-bit versions.  This holds not just for Windows Server CALs, but Exchange and SQL Server CALs as well.  This can add over $100 per machine to the cost of changing.

You will need to upgrade backup, virus protection, and other utilities to versions compatible with the new operating system.  Unless you are protected by an support/maintenance agreement with upgrade rights, expect to spend anywhere from about thirty up to a few hundred dollars per machine.

Many of your existing applications will not run on Windows 7 or Windows 8, or are not supported by the vendor on those versions.  Again, upgrading applications can be costly and may require updating data formats as well.

While, replacing Windows XP can easily become an expensive, capital-intensive, project, you do have alternatives.

Virtual Desktop Infrastructure, known as VDI, solutions let you move into a current platform — and stay current — without the heavy upfront investment.  The basic VDI environment provides a full Windows desktop experience.  And, while you will still need to upgrade your business applications, most VDI environments include the most recent version of MS Office, virus protection, and backup/recovery services.

Additionally, because your computing is in the cloud, your existing computers serve as terminals, or thin clients.   You can extend the life of these systems without adding security risks.  And, when you replace them, you can go forward with lower cost, think client solutions for the desktop and mobile users.    Your VDI environment also works from smartphones and tablets, improving access while enhancing security.

As for budget, VDI services are operating expenses, not capital expenditures.  Check with your CFO or accountant, as this is often preferred.

Want to learn more?  Contact us for a free evaluation.