Bans Fail To Prevent Potential Enterprise Data Leakage Through Insecure File Sharing Cloud Services
- Published on Tuesday, December 18, 2012
- Written by Web Editor
Hamburg - Enterprise cloud synchronization provider TeamDrive is warning about the serious security risks being run by companies that ban document and file sharing services, such as Google Drive and Dropbox, without providing an encryption-based alternative.
According to the 1,300 respondents to a survey conducted by storage firm Nasuni, one in five employees is using Dropbox. What is more worrying is that 49 percent of users ignore corporate policies and use the service regardless, according to the Shadow IT in the Enterprise report.
This implies that the perceived benefits of having an unmanaged, unmonitored and unsupported element in business IT overrides any sense of responsibility. TeamDrive recommends accepting the irresistible trend by embracing it within a secure and manageable system such as its own.
Departments most likely to use file synchronizing services are IT, sales, finance and engineering - the latter three being sectors likely to have access to extremely business-sensitive data. Users around these departments are just as likely to be senior management as rank and file workers.
In May 2012, IBM was so concerned about the growing use of cloud file synchronization services that it banned its staff from using Dropbox and Apple's iCloud. It is likely that others will follow suit but the growing use of Bring Your Own Device (BYOD) strategies makes enforcement difficult, if not impossible.
Many of the services available seem to be secure because they use encryption between the user and the service but this protection is stripped away at the receiving end and the files are stored by the service provider in the clear. If a hacker, or even a rogue employee of the storage firm, gains access to a cloud drive, it could be costly if sensitive documents are being passed through the service.
Even when documents are encrypted at rest in the cloud, the providers, such as Dropbox, use a single key held in their system to unlock files as they are accessed by the document's owners or their sanctioned colleagues.
TeamDrive provides an individual service where a separate encryption key is generated for each user and stored on the client device. This means that TeamDrive cannot access the contents of any information stored on its systems and, if any files were stolen, a hacker would only have useless files encrypted to a 256-bit standard. The files are only available in the clear on the client devices and not anywhere in the cloud, giving true end to end security.
It is the service, not the cloud provider that is the attraction. Even if a ban on one provider's product is adhered to, staff would turn somewhere else. It is better to provide a secure system, like TeamDrive, to bring the renegades back into the security of the fold.