top-tips-header
Security

Top Tips: Evaluating file sync and share solutions

10-12-2014-top-tips-evaluating-file-sync-and-share-solutionsPreviously Dropbox's head of platform partnerships and corporate development, Ilya Fushman is currently Head of Product for Dropbox, leading the mobile and Dropbox for Business teams. Ilya received his B.S. in Physics at Caltech, and holds a PhD in Applied Physics and M.S. in Electrical Engineering from Stanford University. Ilya built quantum computers at Stanford and Caltech, spent some time making the world's most efficient solar cell, and took a turn in venture capital, but he always knew cloud storage and sync were the obvious next step.

 

In today’s workplace, employees are continually seeking ways to collaborate more efficiently both inside their organisation and increasingly between businesses. File sync and share solutions are enabling this and increasing productivity. But how do you choose the one that works for you? If you’re like most businesses, you’ll have many considerations ranging from ease of use to performance, but the most common and important consideration is security. Here are some important security questions to ask when evaluating file sync and share vendors.

How is data encrypted? Consider how data is encrypted as the first line of defence in protecting your company data. Be sure to find a solution that encrypts your data both “in transit” (as it moves between your company and the solution provider) and “at rest” (in the vendor’s storage). For regulated industries such as healthcare or government, or if you’re looking for additional security, you may want to ask if client-side encryption is available, either from the vendor or via third-party software.

What authentication methods are available? Single-sign on (SSO) not only streamlines management of multiple services, but more importantly, lets you apply your company’s corporate network password policies to all integrated services. In addition to the industry-standard SAML protocol, many services will offer SSO integration through third-party identity management solutions. Look for two-step verification, an increasingly common security feature that offers additional protection during log-in. When enabled, the product will require a one-time-use security code — delivered via text message, phone call, or authentication app — in addition to a password upon sign-in.

How does the vendor protect its own data? Like it or not, your data and your vendor’s are inextricably linked. Any weaknesses in your vendors’ systems can be used to access your data just as much as theirs. Finding a vendor with clearly established policies for protecting their physical infrastructure is critical. To this point, it’s also vital to consider what compliance certification and auditing the vendor has completed.

You’re thinking about entrusting someone with possibly mission-critical business data, so don’t just take vendors’ word for it; look for independent authorities to validate their policies. Service Organization Control (SOC) auditing, which examines a service organisation and its internal controls, and ISO 27001 certification, which sets standards for information security management, are particularly relevant to providers of file sync and share solutions.

Can data be wiped or web sessions terminated remotely? Devices are going to be lost and employees are going to leave the organization – protect data on devices even when they leave your reach with a solution that offers remote wipe capabilities and deletes copies of data stored on devices. Some solutions even allow non-admin users to delete data on their own devices, which is a good way to quickly lock down data immediately after a smartphone goes missing.

Similarly, in cases where people have forgotten to log out from external devices, the ability to quickly plug the security hole by terminating the session from another computer is invaluable.

What does the vendor do to protect user privacy? With data privacy becoming a growing concern for both individuals and businesses alike, it’s up to solutions providers to communicate their stances and policies. Ask vendors for a privacy policy that clearly articulates how your information is managed, as well as information on how government data requests are handled.

Security is only effective if your employees use your secure solutions. It’s always important to ask, “Will my users choose to use this solution, or will they turn to something else?” These days as more documents are created outside the traditional corporate firewall, a key part of keeping business data secure is making sure employees actually use the company-approved file sync and share solution to begin with. That’s why user adoption is a key consideration when evaluating vendors — because no matter how secure a service is, it can’t protect data it never sees.

 

Ilya Fushman is the Head of Product for Dropbox, leading the mobile and Dropbox for Business teams.

 

PREVIOUS ARTICLE

« BT's EE Play Shows Its Appetite For Adventure

NEXT ARTICLE

Rant: Everybody Hates the IT Guy »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?