What Consumers Believe About Cloud File Sharing & Why That s a Warning to IT Pros

Transcription

1 What Consumers Believe About Cloud File Sharing & Why That s a Warning to IT Pros

2 TABLE OF CONTENTS THE ELEPHANT IN THE ROOM 3 ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS 4 1) COMPLETELY BLOCK CLOUD FILE SHARING SERVICES 5 2) SANCTION ONE FILE SHARING SERVICE 6 3) ESTABLISH A METHOD TO ENCRYPT FILES BEFORE SAVING IN THE CLOUD 7 SECURING YOUR DATA THE RIGHT WAY 8 2

3 THE ELEPHANT IN THE ROOM For a long time, cloud file sharing services such as Box and DropBox were the dirty little secret that IT pros did not want to talk about. Their convenience won over droves of office employees, who adopted the services to share files with coworkers, consultants and contractors even with themselves: Cloud file sync and share services are a waystation for documents later accessed via various devices at home offices or on the road. Office workers are adopting cloud storage solutions. For a while, IT pros looked the other way, mirroring their initial reaction long ago when USB thumb drives emerged on the scene. In that case, employees loved the convenience of the portable storage drives; IT pros were ultimately forced to find a way to manage them or to block them. That same evolution is happening with cloud file storage. End user preference today for cloud file sharing solutions is readily apparent to everyone, including those oft-reticent IT pros. A recent Harris Poll survey of over 2,000 U.S. adult consumers commissioned by WinMagic showed that 64-percent of respondents use cloud storage solutions. 3

4 ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS Outside of the obvious productivity benefits, these file services bring with them a range of potentially harmful security concerns. High profile examples include cases where hackers harvested compromised credentials to steal information from cloud accounts. More subtle security concerns involve how Office workers think data saved via cloud storage services is safe. the cloud services handle the data, especially if queried by law enforcement or other government officials. Unfortunately, these security issues are not on the minds of the consumers who are adopting cloud file sharing; storing important, sensitive, and confidential files in the cloud; and availing their employers to reputation, regulatory, and legal backlash. According to the Harris Poll survey previously mentioned, 76 percent of cloud storage service users are at least somewhat confident in the security of their stored data. Consumers think the data is safe. Given the two major takeaways from WinMagic s survey (office workers will use cloud storage services, and they think data stored in the cloud is safe), IT pros have three options: Completely block cloud file sharing services Sanction one file sharing service that provides enterprise security features Establish a seamless, company-managed method to encrypt files before they are saved in the cloud and shared 4

5 ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS 1 COMPLETELY BLOCK CLOUD FILE SHARING SERVICES The first option for IT pros is to block cloud file sharing services altogether. This option flies in the face of the convenience of the services. Cloud file sharing services create a much more productive office environment, as employees can work after the day is done, can more easily access files while traveling or working remotely, and can collaborate more readily with third parties. Blocking these services places companies at a competitive disadvantage. Locking consumers out of cloud file sharing services is hard, if not impossible. More and more companies are adopting BYOD (Bring Your Own Device) policies that allow employees to access company data on their personal cell phones or laptops. Keeping track of all the endpoints is maddening, not to mention all the data on those endpoints. 5

6 ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS 2 SANCTION ONE FILE SHARING SERVICE THAT PROVIDES ENTERPRISE SECURITY FEATURES The second option for IT pros is to sanction one particular file sharing service and adopt so-called enterprise security solutions and protections provided by that service. DropBox, for example, promotes DropBox for Business, which is essentially the consumer DropBox service along with extra features to make sure the service is secure and managed. For companies leery about data storage beyond their own firewall, cloud storage providers offer on-premise options, where the cloud is created within one of the company s servers. By sanctioning one cloud file sharing service, companies assume that employees will exclusively adopt that service. Unfortunately, employees have likely already adopted a cloud file sharing solution of their own, and as noted before, it s hard to stop them from using it. The end result is a patchwork of permitted and blocked offerings. The willy-nilly use of them by employees would create confusion and potential IT hiccups, leading to more complaints and frustrations. More importantly, even the most secure cloud file sharing services present a tragic flaw the service owns the security, not the company using the service. Which means the strength of the security stops at the service. This should create unease among companies. High-profile incidents over the past several months have shown that cloud storage providers are susceptible to breaches, just like anyone else. 6

7 ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS ESTABLISH A METHOD TO 3 ENCRYPT FILES BEFORE SAVING IN THE CLOUD After evaluating the ramifications of the first two, the third and best option is to establish a way to encrypt the data before it goes into the cloud, and make sure that method is seamless to employees. Establish a seamless, company-managed method to encrypt files before they are saved in the cloud and shared Many ways exist today to encrypt files; it s important for companies to choose options based on a long legacy of encryption expertise and leadership. The WinMagic approach for encrypting files shared in the cloud, SecureDoc CloudSync, leverages WinMagic s nearly two decades of experience with endpoint focused key management and is based on a FIPS (Federal Information Processing Standards)-certified encryption engine that protects laptops and servers storing highly sensitive data. correctly, and with cloud file storage approaches, companies should demand to manage the keys governing their data. To be fair to the cloud storage providers, they are not fundamentally in the security business. They are in the data storage business. And they provide a very convenient, effective service. In addition, the cloud service providers are not preventing their customers from securing data on their own. Although some cloud storage providers do in fact encrypt data they store, they manage the encryption keys as well. As such, if a hacker guesses a password, a cloud insider wants to take a peak, or the cloud provider provides access to law enforcement, the data is exposed. Plus, the data is not encrypted and is vulnerable while being copied to and from the cloud. A far more secure approach is for the company to own and manage the encryption keys. For while it is true that the only failsafe protection for files is to encrypt them, the encryption is only effective if the keys are managed 7

8 SECURING YOUR DATA THE RIGHT WAY When securing files destined for the cloud, companies must select a solution that manages encryption keys in a transparent and seamless way. WinMagic s SecureDoc CloudSync provides a centralized encryption and key management approach for securing cloud files. There are a few key features that make SecureDoc CloudSync a very effective approach: It is seamless to the end user: SecureDoc Cloud provides a transparent way for user authentication, thereby allowing approved users access to encryption keys for files stored in the cloud. In addition, the solution provides highly secure methods for sharing keys with trusted third parties so that they can access encrypted files. For example, passwords are not needed for files shared with co-workers. It is flexible: WinMagic reps have found that in regulated industries, companies only want to be responsible for data that is related to work, while allowing their workers to save and access personal documents from their work machines. These companies deploy WinMagic solutions that encrypt files related to work but do not affect personal files so that they fall outside of scope of the regulatory compliance requirements. It centralizes encryption management across a company: As noted previously, cloud storage vendors are not in the security business; cloud storage users should look to a security vendor to handle security. WinMagic s SecureDoc Cloud provides a centralized management point for cloud file encryption and encryption of laptops, servers and devices. As data security reporting requirements change or are enacted by law, this centralized management method can prove that data is encrypted. For example, if a cloud-stored file is stolen, it would prove the data was encrypted and therefore out of scope with certain data breach notification requirements. 8

9 SECURING YOUR DATA THE RIGHT WAY The concept of employee-enabled data file mobility is not new. It s as old as the floppy disk. With each new method for moving data files CDs, USB drives, and cloud file storage enterprises have dealt with the security consequences. Cloud file storage solutions are arguably far more dangerous than previous approaches, given the attack surface is available to anyone with an Internet connection. IT pros should evaluate the risk inherent to cloud file storage solutions the same way they evaluated risks of the previous methods for transporting files. At the same time, they should bear in mind that consumers assume data stored in the cloud is protected. IT pros must deploy encryption and key management solutions that secure files stored in the cloud in a managed way. The approach must be seamless to users and must include a strong endpoint encryption method. WinMagic s SecureDoc CloudSync is an ideal choice. INCLUDE ENCRYPTION & KEY MANAGEMENT WinMagic provides the world s most secure, manageable and easy-to-use data encryption solutions. With a full complement of professional and customer services, WinMagic supports over five million SecureDoc users in approximately 84 countries. We can protect you too. WinMagic Inc. Phone: Fax: Toll Free: sales@winmagic.com Click here to request a free evaluation 9