Posts

Cloud File Sync & Sharing: Risks and Solutions (Part 3)

/in

Secure Cloud
This blog post is the third in a series on the data risks and solutions available for file sync and sharing services.

In the first two posts in this series, we focused on some of the risks and basic concepts for file sync and sharing services.  In this post, we focus on ways to mitigate risks.

Provide Employees with an Approved File Sharing Service. As we have noted in our prior posts, if you do not provide an approved service, employees will sign up for and use one of their own.  The difference?  With an approved services, you have access to your employees’ data and clear ownership of the information.  You can also monitor and manage for adoption, usage, and (if desired) adherence to policies.

Have a Clear Policy. Let employees know that personal and company data and systems are to remain separate, and why.  Provide a list of approved file sharing and sync services, as well as a clear an concise statement which other services may not be used (i.e., all others) and why.  The policy should include consequences for violations, along with a means for approved exceptions.

Block or Blacklist Unauthorized Tools. For many organizations without decent web filtering services in place, this recommendation will be difficult to implement.

Audit Workstations for Unauthorized Use.  Beyond application monitoring, when you scan workstations for application inventories, look to see if sync service agents have been installed.

With a moderate planning effort and reasonable monitoring and enforcement efforts, businesses can take advantage of the conveniences that file sharing and sync services offer, without exposing data to unnecessary risk and loss.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 2)

/in

Secure Cloud This blog post is the second in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Understand the Technology.  Many organizations are using file sync services to share and backup files.  A poor understanding of how file sync services, however, can result in data corruption and loss.

Sync Basics. Most sync services keep a copy of your files on your local machine and in cloud storage, with synchronization happening for files saved in specific directories on your local machine.  In other words, you open and work on files locally.  When you save them in a sync folder (or folder tree), the file will be synchronized with the version in the cloud.  Files may also be used and saved using more traditional upload and download techniques. If you share a file with another person, they will download, or sync, a copy of the file to their local desktop.  This means that if you both are editing a document at the same time, you are both working locally on different copies of the file.  While some sync services offer basic file locking, most will allow the conflict to occur.  Data may be easily lost as each person syncs and overwrites the changes of the other. Better sync services offer multiple level or permissions, allowing you to restrict access to view versus edit.  Some services will also prevent downloading and printing.

Sync versus Backup. File sync is NOT backup.  If you overwrite or delete a file, those changes are synced to the server and to other users.  While some sync services offer version control with a limited ability to retrieve prior versions, most sync services quickly propagate errors and deletions. As such, sync is not a reliable technology for data restores.

When to Sync? Sync and sharing services can be part of a robust business continuity strategy. With near-real time updates, a local or remote service outage does not mean loss of access to files, or loss of operating data. Sync and sharing services are also useful for sharing files with outside parties, provided your users understand the limitations of the service. If you allow the use of sync and share services, however, make sure your team is using a company-owned and managed account and a business grade service.  We will discuss why this is so critical in our next installment.

Previous Post in the Series

Cloud File Sync & Sharing: Risks and Solutions (Part 1)

/in

Secure Cloud
This blog post is the first in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Failing to provide a secure, reliable service, puts your data — and your business — at risk.

Case Study 1: Inside Sales Disappear

An inside sales representative at a B2B industrial supply company was signing on new customers.  While the contract were all boilerplate, the rep use a personal Dropbox account to share them with customers for signature and to store them once signed.  After failing to be promoted, the rep quit the firm.  The company had no copies and no access to dozens of customer agreements.

Case Study 2: Order Management Gone Wrong

A customer service rep was using a personal file sharing service to send/receive credit card authorization forms with customers and, unintentionally, his family.  The company became aware of the problem (and PCI violation) when a customer called to inquire about an attempted electronics purchase the day after they had provided the form.  The rep’s teenage son had attempted to make an online purchase with “credit card number in Dad’s account.”

Case Study 3: No Backup = No Restore

A CEO recently contacted his IT department, asking that  they restore several critical files needed for a business meeting the next day, as he could no longer find them.  After searching several iterations of backups and audit logs, they informed the CEO that the IT team could not find any indication that the files had ever existed. The CEO had created the documents locally on his PC, then placed them in a personal file sharing service so that he could access them while traveling.  Without any protection, restoring the deleted files was impossible.

While these examples may seem extreme, if your employees are using personal, unsecured file sharing services, they may already be happening to you.

Back in September, we posted about the increasing problem of rogue cloud services.  Over the course of this series, we will look specifically at cloud-based file sharing services, their risks, and solutions that protect your data, your reputation, and your business.