Personal File Sharing in the Business: The Risks
It may be a new year, but we’re still facing the same old challenges on our return to the working world. Personal file sharing is one of those challenges. If employees are left to their own devices, the chances are they will turn to familiar consumer grade technologies such as Dropbox that were just not designed to adequately secure business data.
Micheal Osterman of Osterman Research succinctly summarises some of the key issues surrounding personal file sharing in his white paper, “Business-Class File Sharing Best Practices”. Here is an excerpt from the paper:
Excerpted from “Business-Class File Sharing Best Practices”
The Status Quo Doesn’t Work
- Users are stymied because company email systems often do not permit file attachments of more than 10 to 20 megabytes to be sent, and it is not efficient at sending more than a few files at a time. Moreover, email doesn’t typically include a return receipt so the sender can know if the recipient ever received the email. Also, when email is used for file transfer, it imposes increased storage and bandwidth costs, slow message delivery, long backups, long restores, high IT management costs.
- Many users will turn to their personal Webmail account because of their ability to send very large files through these systems. However, when users do so there is no IT visibility into the sent or received content, no tracking, no auditability, and no archiving. Moreover, corporate content can reside in personal Webmail repositories for many years, long after an employee may have left the company. While this makes life easier for users, it increases the risk to the organisation.
- USB sticks, tablets and smartphones create the same problems: lack of security, higher costs, their likelihood of being lost or stolen, and the potential for content on them to be accessed by unauthorised parties.
- Dropbox-like file sharing tools and cloud services can be effective, but they do not permit IT management or governance of content. And, they often are individual accounts and not under the sanction of IT which means that IT doesn’t have the visibility or insight into what is being transferred, nor does IT maintain any type of audit trail for this content.
- SharePoint and similar tools are useful for sharing information if both senders and recipients are using it. However, SharePoint require the deployment of a dedicated infrastructure and training for end users, and it is not always easily accessible by remote workers or people external to an organisation.
- Basic FTP client-server systems, while useful, require both the sender and recipient to have access to the FTP server to share information, which can be an ongoing provisioning burden for IT.
- Physical delivery of information – such as CD-ROMs or DVD-ROMs that are burned and sent through overnight services – is expensive and the speed of delivery is slow
If you’d like to learn more about secure file sharing practices, you can access the full Osterman whitepaper here. Alternatively, if you’d like to discuss your specific file sharing challenges with one of our managed file transfer experts, please don’t hesitate to contact us on 0333 123 1240.