In the wake of Dropbox’s recent announcements regarding its partnership with Microsoft and the expansion of the service onto Android, Globalscape’s James Bindseil discusses the pitfalls of using consumer file sharing services.
Consumer file transfer services have always had some level of controversy surrounding them. The growing popularity of these services in the enterprise is adding fuel to the fire, as more enterprise users choose to store and transfer files on these platforms.
Unfortunately, consumer file transfer solutions are simply not secure enough for the transmission of confidential enterprise data. In just the last few months these services have been plagued by phishing scams and data breaches. These examples demonstrate obvious issues with consumer file transfer services and the public nature of their platforms when used in the enterprise.
Cybercriminals are becoming wise to the amount of sensitive corporate data stored within these services and the sheer number of users utilizing them makes them an attractive attack target.
Reliance on consumer file-sharing services also decentralises your data, leaving IT departments with little to no control of the files once they’ve left the organisation’s infrastructure. As an example, if an organisation allowed any of its employees to use consumer file-sharing service on their own, the management of the employees’ files and sharing practices would be completely unknown to their IT team, making management and security inherently more difficult.
Entrusting your data and intellectual property to a consumer file-sharing service may also threaten compliance and could result in a breach of the Data Protection Act.
When organisations allow for the movement and management of data and files to a consumer-grade service, there is always risk. Just as risky, however, is having no adequate user friendly solutions that forces them to use consumer grade tools behind your back. The good news is that there are ways to mitigate these risks while still providing a technology that is employee friendly. Using a secure FTP server in the form of a managed file transfer (MFT) solution can significantly reduce this.
MFT solutions have stronger security protocols in place, making them more attractive for companies who need to closely monitor and manage the transfer of their data. Additionally, a careful examination of the privacy policies of consumer providers will often reveal that they could be gathering information about their users from the files transferred through their service.
Data security becomes less of a worry with enterprise level MFT solutions as they provide organisations with full control over data encryption keys and in turn ensure the highest level of regulatory compliance such as PCI-DSS, DPA, Information Commissioner’s Office (ICO), and FSA.
A company will be able to securely and effectively transfer files, and a good solution will be deployable both in the cloud and on-premises, providing the ease of use and functionality of a consumer solution with the necessary layers of added protection.
Looking forward, Dropbox’s partnerships are likely to drive more traffic to the consumer file sharing site, but businesses need to be careful about how they allow employees to interact with them, and evaluate the potential fallout from a theft or data breach.
About the author
James Bindseil is president and CEO of enterprise file sharing provider Globalscape.