Organizations storing data and documents they work on in the cloud is a regular occurrence these days. The cloud offers scalability in terms of storage and cloud services often provide helpful folder- and file-sharing capabilities and content control measures.
Users can track changes and comments and collect files from people with file requests, but also control what other people they’ve shared data with can and can’t do with it (e.g., view, comment, download, edit), set a password for added security, set an expiration date for certain links so that recipients stop having access to the data once the project is completed, make links view-only, and so on.
File-sharing and collaboration must go hand in hand with security
Managing an organization’s business documents in the cloud comes with many pros. Aside from those already mentioned:
- The data is accessible from any location mobile workers find themselves at or from any of the many office locations modern enterprises maintain across the country or the globe
- Cloud service providers generally guarantee constant access and regular backups
- Granular and custom access control options for administrators
- Automatic syncing (between multiple devices)
- Change tracking and protection against unwanted changes (Employees accidentally deleting company files or making unwanted modifications is a common occurrence. This is where customized permission settings and the ability to access previous versions of a document come in handy.)
Having a dedicated, centralized file-sharing channel is important to provide a safe and easy collaboration space for employees, with the “easy” and “safe” parts of the equation being equally important.
It’s widely known that too many employees send and share sensitive data via insecure methods inside their company. They do it for a variety of reasons: the tools provided are difficult to use, but they also don’t “feel” the data loss threat to be real and are not too much invested in compliance.
Any offered IT solution has to be easy to use so that users don’t turn to alternative, unsanctioned means of communication, sharing and collaboration.
It also has to offer helpful and easy security controls to prevent data tampering, loss, theft, intentional or unintentional data leaks, and provide the ability to set different levels of permissions depending on the users’ needs. (Offering a means for sharing files and folders with users outside the organization in a secure way that minimizes potential risks is also important.)
Finally, the service must be in compliance with the various industry standards and national and international data protection laws and regulations (PCI-DSS, HIPAA, HITECH, COPPA, FERPA, EU GDPR, and so on) so that enterprise customers/users can be sure they will not be falling afoul of them by taking advantage of it.
Organizations must take into consideration their employees’ behaviors, preferences and motivations when opting for one collaboration and file-sharing solution over another.
They also have to be conscious that employees need training on how to use these tools securely and, in general, security awareness training.
Data breaches and leaks have many causes, but insider misuse and error – whether due to lack of knowledge, misjudgement, or simple negligence – are some of the main ones.
Employees must be made aware of the risks when sharing files or using specific file-sharing software and of the consequences these errors can lead to, so they can take responsibility for their actions and be mindful of making the right choices.
The tools provided must make right choices possible and make wrong ones hard. Ideally, it would be best if employees were unable to make wrong choices in the first place. This is where cloud storage and file-sharing service providers can help, by offering useful and granular options for the more knowledgeable and cautious administrators.
File-sharing made easier
Luckily for all of us, the days of having to share sensitive files via email, portable memory devices or even more clumsy or easy-to-lose data storage gadgets are effectively over.
When an enterprise as big as IBM mandates that its staff stop using USB sticks, SD cards and flash drives to move data around, you may be sure that they’ve weighed the options long and hard before making the call.
All of those early file-sharing options were difficult to use and often times plain inadequate, especially in business settings. Seamless use and collaboration were impossible and the data shared was poorly secured (if at all).
Any cloud storage and file-sharing service worth its salt encrypts the data when stored and while in-transit. The lack of encryption might not be a deal-breaker for individual end users but should be for businesses and other organizations that need to safeguard their sensitive enterprise data.
It’s both on organizations and on service providers to find a good balance of much needed security and vitally important usability. For the former it will mean less overall risk, for the latter it’s a matter of long-term survival in the market.
This is a sponsored post for Dropbox. All opinions are my own. Dropbox is not affiliated with nor endorses any other products or services mentioned.