Articles and Insights ,

Views from the Inside: Is your data safe with free cloud services? (guest post)

By Michelle Drolet
12 Jul 2013

The overwhelming advantages of cloud-based file storage are not in dispute. You have an automatic backup of your files, which can be accessed on any device, at any time. Small amounts of storage are generally free, and large swathes of server space are coming down in price all the time. They absolve your business from the headache of backup management, disaster recovery, and bandwidth for instant anytime access.

Convenient? Yes, most definitely. Safe and suitable for the enterprise? Well … let’s take a closer look.

The rise of cloud-based file syncing like Dropbox has led the charge to offer cross-platform file syncing for your personal files and all the major players have followed suit, from Google (Google Drive), toMicrosoft (SkyDrive), to Apple (iCloud). There’s also Box, Sugarsync, and many, many more. For consumers they are perfect, providing easy instant access to photos and documents from any device. That familiarity and accessibility is why they’ve crept into the enterprise.

According to Gartner analysts, “File sync and sharing is a critical capability for mobile workforces whose organizations have ongoing mobility initiatives with media tablets and BYOD programs.” But, they say, there are growing “concerns about the consequent lack of control on corporate information and progressive security and compliance exposures.”

Collaboration nightmares

The most obvious elephant in the room with third-party file synchronization is security. You trust these companies to keep your files safe and secure at all times. What kind of authentication do they use? Your files may be encrypted in transit, but all too often they are decrypted when they arrive and stored on the cloud server. Have they ever had a security breach? Is there any provision for client-side encryption? What about compliance? Are you living up to the standards that your industry or your clients demand?

You are also assuming that the providers have a disaster recovery policy. What is their level of commitment to keeping your files safe? How soon could you access a backup if there was a problem? Would there be any data loss? Where are your files physically stored?

Manageability is another concern. How well do these solutions integrate with your corporate structure? How do you manage user access and set the right permissions for staff? Is there any consideration of version control to prevent documents being overwritten, or to deal with simultaneous updates? Can you prevent employees from leaking data, or taking it with them when they leave?

It’s important to get answers to these questions before you give away the keys to your corporate file system.

If you can’t beat them

It’s not a viable solution to try and block the use of these third-party cloud-based solutions unless you are going to offer employees a good alternative. The advantages are too numerous, they’ll use these services regardless of policy, and the risk of data leakage when employees go outside your IT systems is even greater. What you need to do is seek out a secure alternative that brings control and oversight back to your IT department.

Much like the BYOD trend, the use of cloud-based services for sharing files is widespread and it’s likely that your employees are already using them, whether they are officially sanctioned or not.

If you don’t take immediate action to regain control over your assets, then there’s a real risk you’re going to lose data. For some enterprises it’s vital to retain control over data and host your own files. It’s still possible to set up a secure pipeline for document sharing, so employees can access files remotely.

Collaboration via the cloud can certainly be a good thing too, and many providers are starting to address enterprise concerns.

When you select a solution make sure that you have in-house controls, so you know exactly where your data is and who has access to it at all times. Make sure that you know what your cloud service partners can commit to. Don’t assume that your data is safe when you can’t even say exactly where it is.

 

By Michelle Drolet, founder and CEO, Towerwall
Special to Boston Business Journal – Tech Flash

This article was recently published in Boston Business Journal