News

Secure File Sharing: Why ownCloud Makes Sense in Today’s Data Breached World

File sharing is a major challenge for professionals today, because there is a major lack of security and privacy in most of the methods available. Cloud storage through popular companies that use public servers continues to fail in ways that appear all over the internet and in the news, whether it’s because credentials are stolen, iCloud […]

File sharing is a major challenge for professionals today, because there is a major lack of security and privacy in most of the methods available. Cloud storage through popular companies that use public servers continues to fail in ways that appear all over the internet and in the news, whether it’s because credentials are stolen, iCloud accounts are hacked, or security flaws are found within the actual file sharing process.

It seems that no big name public server provider has been free of file sharing security issues, and the biggest offenders of late have been iCloud and Dropbox. File sharing has many benefits for professionals, the most convenient of which is easy collaboration — which facilitates productivity, communication, and growth. But if you don’t choose your file sharing method carefully, you may be incorporating it at the cost of data security, and that simply isn’t acceptable.

The following explains a few aspects of file sharing, and the options you need to consider to implement this technique into your professional processes securely and successfully.

Online File Sharing

Online file sharing is a term that can be loosely applied to a variety of internet file storage and sharing solutions, including file hosting, file sharing websites, and file sharing programs. It allows businesses to give employees flexible and convenient access to professional files from a variety of locations and devices, making collaboration and expansion easier than ever. This business data solution is very popular today, but companies sometimes have difficulty finding a way to implement it securely.

Cloud SecurityWhen you share files online you place the security and control of your data in the hands of a third party, and you allow it to be uploaded and downloaded outside of your own firewalls and IT department protection. If your files are not sensitive in nature then this may pose no problem at all. However, most professionals have a need to share and store more sensitive files safely and in accordance with laws governing customer information. Most online file sharing cannot promise compliance with important laws like HIPAA, try as they might. If you want to use online file sharing, it is very important to thoroughly understand all of the terms and conditions your provider makes available. When you are armed with the knowledge of how each particular service works to assist you with sharing and protecting your information, you can make the best decision for your particular situation.

File Sharing Sites

There are a large variety of file sharing sites available today, all of which offer services and security of essentially the same quality. These sites own and maintain public servers which they keep in various locations, and that is where they store customer data. Five of the most popular websites used for file sharing are:

  1. Dropbox
  2. MediaFire
  3. 4Shared
  4. Google Drive
  5. SkyDrive

These sites can all offer very affordable file sharing options with scalable storage that can grow as you create and save more files, but what you save in dollars you pay for in security risks.

Generally, when you want to share files on these websites, you do so by generating share links which allow the recipient of the URL to view or download the material. These links can be sent in an email, posted on a website, sent via text, etc. It is very convenient and simple to use, but the problem lies in the fact that they are very difficult to secure. If one of your employees places that link on a website, it becomes available to anyone who visits and clicks. Any person who receives one of these links can also forward it to someone else without the permission or knowledge of the original sender. This can pose an incredible risk to files that your company would prefer to remain private. Furthermore, if one of these links is accessed on a non-company computer, that URL is saved in the web browser and can be easily recovered by anyone else who uses it afterward. It’s very difficult to erase traces of files once they have been sent outside of your corporate firewalls, and it effectively removes them from the control of your IT department and security measures. For files that are not sensitive in nature, this may not be an issue, but it’s tough to ensure that only harmless files are being shared this way. If you choose to utilize a file sharing site, be sure that they provide top-quality encryption, a zero-knowledge storage environment, and stringent security measures that are regularly updated. These are not a guarantee of your data safety, but it is the best you can do with public servers.

File Hosting

Some cloud storage providers offer an internet hosting service which is specifically designed to host user files for storage and sharing. It can be used for images, text files, videos, audio, software, and many other forms of data that companies may wish to store and make accessible to multiple employees via the internet. Secure File Sharing owncloudThis type of online storage and file sharing is somewhat more secure than the free files sharing with file sharing websites, and it also comes with a monthly or annual fee depending on the provider you work with. You and your employees or partners can access these files through HTTP or FTP, and protected by credentials and passwords. The convenience and attraction is due to the ability to connect to these files with any device, from any location. Flexibility and mobility allow business to be conducted from any number of locations in a protected manner. Many professionals use this method for easy backups and storage, as well as sharing, but the cost is sometimes too much for smaller businesses. One problem that companies find with file hosting solutions is that they can consume large amounts of bandwidth and jam up traffic.

If an employee mistakenly uploads sensitive data to a folder that is publicly accessible, it can be difficult to catch and fix before the damage is done. There is a lot of room for human error in this type of file sharing situation. Data leakage with file hosting services is enough of a problem that it may be best to avoid it altogether. In addition to these problems, there is the security risk that is inherent when working with any outside service, which is placing your important files in the hands of others. These files are stored on servers outside of your control and firewalls, and you simply have to trust that the provider is taking adequate precautions to protect you. The recent exposure of the frighteningly high number of security holes and high profile data leaks suffered by public server file storage and sharing customers is causing companies of all sizes to turn to more secure and private methods to protect their business interests, such as private clouds.

File Sharing Programs

This method is sometimes also called Peer to Peer (P2P) file sharing. What you get is a program specifically designed to allow employees to share and receive digital files through a network. Some of the most popular P2P file sharing programs include:

  1. Shareaza
  2. BitTorrent
  3. Ares
  4. BearShare
  5. Kazaa

Instead of using a web browser to download files, your employees would use a software program of your choice to find other computer that have the files you need. A user simply requests the file to be downloaded, and the program finds it and downloads it. Also, any files located on employee computers could be accessed by the other employees or partners using the software. The searching and downloading process can be slow if there are many users using it simultaneously, but overall it is a convenient method that many people use today. Professionals who wish to implement P2Phave many important things to consider making it safe and successful. It is possible to limit what files can be accessed, but mistakes are easily made and unintended file sharing happens often. If someone downloads something they shouldn’t, the damage is done. And just because a file has been deleted doesn’t mean it is gone permanently, so files aren’t truly safe in this kind of situation.

To protect your data from risk with P2P, all sensitive files must be separated from unintended sharing, and permanently deleted when they are no longer needed. This type of data management is problematic and the chance for a data breach increases over time and with the number of file shares. P2P can be great for collaboration of files that don’t require strict security, but there is no guarantee that sensitive information will be protected. It’s a dangerous game to play when you need to protect client information and remain in compliance with data security laws.

Private Cloud File Sharing

Many companies are finding that the safest way to share files between employees in a secure, private, and controlled manner is to do so through a private cloud, like the ownCloud.com enterprise solution that CERN uses. This gives you the option to have your own file sharing and storage on-site and behind your own firewalls. Your IT department can restrict and monitor access, and you can maintain compliance and data security. Furthermore, with services like server-to-server sharing with ownCloud, you can share with partners at a different site who use the same service, without the need for public servers and third-party mediators. Your sensitive information will be safe, and your company can reap all the benefits of cloud technology and file sharing solutions.

ownCloud’s Secure Enterprise File Share & Sync Solution

ownCloud is available in various formats for download and installation. Please select your operating system for the desktop client and your virtual environment for the 64-bit appliance.

 

LEARN MORE DOWNLOAD OWNCLOUD NOW

ownCloud

September 30, 2014

Read now: