Cloud Computing Security

Five questions to ask your file sync and share vendor

This is a contributed piece by Ilya Fushman, General Partner at Index Ventures.


In today’s workplace, employees are continually seeking ways to collaborate more efficiently both inside their organisation and increasingly between businesses. File sync and share solutions are enabling this and increasing productivity. But how do you choose the one that works for you? If you’re like most businesses, you’ll have many considerations ranging from ease of use to performance, but the most common and important consideration is security. Here are five important security questions to ask when evaluating file sync and share vendors.

How is data encrypted?

Consider how data is encrypted as the first line of defence in protecting your company data. Be sure to find a solution that encrypts your data both “in transit” (as it moves between your company and the solution provider) and “at rest” (in the vendor’s storage). For regulated industries such as healthcare or government, or if you’re looking for additional security, you may want to ask if client-side encryption is available, either from the vendor or via third-party software.

What authentication methods are available?

Single-sign on (SSO) not only streamlines management of multiple services, but more importantly, lets you apply your company’s corporate network password policies to all integrated services. In addition to the industry-standard SAML protocol, many services will offer SSO integration through third-party identity management solutions. Look for two-step verification, an increasingly common security feature that offers additional protection during log-in. When enabled, the product will require a one-time-use security code — delivered via text message, phone call, or authentication app — in addition to a password upon sign-in.

How does the vendor protect its own data?

Like it or not, your data and your vendor’s are inextricably linked. Any weaknesses in your vendor’s systems can be used to access your data just as much as theirs. Finding a vendor with clearly established policies for protecting their physical infrastructure is critical. To this point, it’s also vital to consider what compliance certification and auditing the vendor has completed.

You’re thinking about entrusting someone with possibly mission-critical business data, so don’t just take vendors’ word for it; look for independent authorities to validate their policies. Service Organization Control (SOC) auditing, which examines a service organisation and its internal controls, and ISO 27001 certification, which sets standards for information security management, are particularly relevant to providers of file sync and share solutions.

Can data be wiped or web sessions terminated remotely?

Devices are going to be lost and employees are going to leave the organisation – protect data on devices even when they leave your reach with a solution that offers remote wipe capabilities and deletes copies of data stored on devices. Some solutions even allow non-admin users to delete data on their own devices, which is a good way to quickly lock down data immediately after a smartphone goes missing.

Similarly, in cases where people have forgotten to log out from external devices, the ability to quickly plug the security hole by terminating the session from another computer is invaluable.

What does the vendor do to protect user privacy?

With data privacy becoming a growing concern for both individuals and businesses alike, it’s up to solutions providers to communicate their stances and policies. Ask vendors for a privacy policy that clearly articulates how your information is managed, as well as information on how government data requests are handled.

Security is only effective if your employees use your secure solutions. It’s always important to ask, “Will my users choose to use this solution, or will they turn to something else?” These days as more documents are created outside the traditional corporate firewall, a key part of keeping business data secure is making sure employees actually use the company-approved file sync and share solution to begin with. That’s why user adoption is a key consideration when evaluating vendors — because no matter how secure a service is, it can’t protect data it never sees.


« How to beat a data breach


DevOps: Where's all the security talent? »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?