Don’t let “Dropbox” cloud your security controls

Man with a box on his head

File Synchronisation and Sharing (FSS), or Cloud Storage solutions such as Dropbox, Onedrive, and Google Drive, enable individuals to sync and share documents, photos and other files across multiple platforms and devices. The success of Cloud Storage is largely driven by the consumer adoption of mobile devices and mobile workers requirements to access documents anywhere on any device.

Cloud Storage solutions also enable simple sharing of documents with other individuals or collaboration amongst organization.

Originally developed as consumer solution, many vendors have developed enterprise versions to capitalise on the popularity of consumer products, while attempting to provide an enterprise quality solution. Their success has been driven by the key benefits they provide, ease of use and convenience and now have both on premise and off-premise solutions.

As organizations embrace mobility, BYOD and other personal services, they must understand the implication that both enterprise and consumer cloud storage may have on their organization’s security posture.

Utilising on premise or off premise cloud storage, organizations are increasingly seeking to reap the benefits of improved mobile collaboration. While these enterprise solutions include a variety of security and access controls, businesses still face myriad of information security, compliance and regulatory issues. Strict regulations may prevent some data from being stored in the cloud and determining where the boundaries are, for regulated information, is a complex, challenging and continuous task.

In addition to the above information security and compliance issues, companies need to identify how their information governance program can be extended to the cloud. Information discovery, data duplication, retention and archiving processes need to be considered.

Questions organizations should ask themselves:

  • How do they ensure only non-sensitive documents are uploaded to consumer cloud storage, and sensitive documents are blocked?
  • What access and data loss prevention controls are available?
  • Given the file sharing capabilities, how do they ensure critical information is not copied to a folder that is intended for access by 3rd parties?
  • Do they have visibility over what information is downloaded and sent externally from an unmanaged device? 
  • Does their solution protect against targeted attacks that traditional antivirus/malware will miss?

The ultimate challenge

Cloud storage solutions all function in a similar manner, with web upload/download, online document sharing and applications for endpoint devices to locally store and sync files. They all create new and challenging ingress and egress points for an organization to control and monitor.

The ease at which a user is able to share documents to collaborate with internal users and external partners greatly increases the risk of both malicious and inadvertent data loss. However if security controls restrict a user’s ability to share information and collaborate, they will either work a way around them or become increasingly disgruntled by their reduced productivity.

The consumer versions of cloud storage have raised end user’s expectations for accessing and sharing of information and consequently are demanding the same convenience and powerful collaboration tools within their organization.

The challenge for organizations, is how to deliver the benefits of cloud based storage, while maintaining appropriate content aware data protection controls that will meet their business and regulatory compliance requirements.

By Kym Welsby, Global Product Manager