Five decisive success factors for efficient and secure file exchange in companies.
Central file sharing solutions promise companies fast, simple and device-independent file exchange. Employees can easily access, synchronize and share all necessary files both in the office and on the move.
But not all file sharing is the same. In order to ensure efficiency, security and compliance with legal requirements, companies must take a number of key aspects into account.
1. Do not store business critical data in public clouds
Many companies use US public cloud solutions such as Dropbox, Box, Google Drive or Amazon Drive for file sharing. In this way, they relinquish sovereignty over their data. Companies have no control over the storage location and must accept losses in security and data protection. Since US providers are subject to the Cloud Act, they do not comply with GDPR requirements for data storage. Therefore, companies should set up a file sharing solution where the files can remain on their own servers or in data centres of their choice.
2. Encrypt files even during transmission
In order to provide comprehensive protection for files, end-to-end encryption covering the entire transport route is mandatory. Files may only be decrypted on the devices of the sender and recipient. This ensures that they are protected even if an unauthorized third party should succeed in invading a server. So-called « man in the middle » attacks, in which attackers try to spy on data during transmission, are thereby made ineffective.
« If companies approach the topic of file sharing in the right way, they can kill two birds with one stone: increase productivity and security in the company equally, » says Tobias Gerlinger, CEO at ownCloud in Nuremberg. « They create a modern way to manage unstructured corporate data in a controllable, centralized and flexible manner while providing comprehensive protection ».
3. Protect sensitive files through classification
In order to protect particularly sensitive documents, the file sharing solution should also offer the possibility of setting specific rules for certain files or folders – for example, which user groups are allowed to access them, how long they should be accessible or from when a file should be deleted. This not only protects business secrets; personal data subject to the DSGVO can also be processed individually and separately from other data in this way.
4. Ensure transparency with file versioning and activity view
If several employees are involved in a project, they must be informed about the current status at all times and be able to track all changes. Therefore, the solution should provide a system for file control and versioning that creates backups of the files, displays their history and ensures that employees always have access to the latest version. In addition, they should be able to edit a file simultaneously using special editors and track all changes in real time.
5. Promote the file exchange solution through the management
Once a company has a suitable file sharing solution, it does not yet make it a sure thing. There is still a risk that employees will operate a shadow IT system and use insecure file sharing services on their own; or that they will exchange files with equally insecure emails and USB sticks. For this reason, the file sharing solution should be driven by the executive level and anchored from there throughout the entire company. Managers should lead by example and use the file sharing solution themselves with full commitment.