Author: This week’s blog post was written by Bernard Chan, an expert on Cloud Solutions and Cloud Services Product Manager at TeraGo Networks.
In today’s information-based economy, a company’s data is its most valuable asset. Whether it is the company’s own intellectual property or its customer’s personal information, there is significant competitive and reputational reasons to keep the data safe. Understanding its importance, many companies invest heavily on data security to protect their information from third parties that have specific agendas to access this data – such as direct competitors, former employees, or so-called “hacktivists”.
Ironically, the most common source of company data breaches, and the most difficult to protect against, is actually from its own employees. With the variety of File Sync & Share options available for workers to send, store, and communicate company information, even employees with the best intentions to share information securely may be exposed in ways that they are not aware of. Some common flaws in commonly used tools that are deemed secure are as follows:
Backup Information via iCloud or other public clouds
- The recent San Bernardino iPhone case has generated a lot of discussion around the encryption keys and data privacy on mobile devices. What was lost in its media coverage is that all of the phone’s data that was backed up on the iCloud was readily handed over to the authorities by Apple. This is because Apple has a copy of the encryption keys for the data stored in the cloud, and by agreeing to its terms of service, the user has agreed to allow Apple employees to access its data.
Using Public File Sync and Share solutions to send large files
- These solutions are commonly used by workers to share large files with vendors and customers. An employee may think that by restricting the file’s access to specific users, it is a safe way to protect the data. Yet, what many employees may be unaware of is that when they agreed to the terms of service of the public solutions (ie. Dropbox, One Drive, Google Docs, etc.), they have agreed to allow employees of the solution and “trusted third parties” to access file metadata, which can contain sensitive data such as file names, access locations, timestamps, and other details.
To minimize the exposure of such data breaches, it is important for businesses to provide a secure File Sync and Share tool that is just as easy to use, and addresses the pitfalls of the widely available public options. When choosing a File Sync and Share tool for your organization, you should consider the following list of security requirements to make sure your organization is protected.
- Only the user owns the encryption key to their data – both on the device and stored in the cloud
- File metadata is also encrypted and only accessible by authorized users
- Data is encrypted at rest and in transit
- Strong password policies can be applied to reduce risk of impersonation
- Ability to require 2-factor authentication on shared link access to safeguard links that have fallen into the wrong hands
TeraGo Cloud Drive is a file, sync and share solution made specifically for businesses. The Cloud Drive’s features allow users to have enterprise level security and control over their files and meets all the mentioned security requirements, so that your critical data stays within your control. Click to start your 30 day free trial!