BYOD File Sharing - Go Private Cloud to Mitigate Data Risks
An Accellion Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks Executive Summary The consumerization of IT and the popularity of Bring Your Own Device (BYOD) are jeopardizing the security and integrity of business data. Seeking an easy way to share files across laptops, desktops, tablets, and smartphones, employees are signing up for free public cloud file sharing services that lack rigorous security and audit controls. Free public cloud file sharing services are prone to security outages, and lack the centralized monitoring and control features that IT administrators and internal security teams need for keeping data safe and in compliance with industry and government regulations In place of consumer-grade public cloud file sharing services, enterprises need a secure file sharing solution that is convenient, easy-to-use, and rigorously secure. By deploying such a solution in a private cloud, enterprises can ensure that employees get the file sharing services desired, while IT gets the management and monitoring capabilities necessary for security and compliance. By adopting a private cloud solution for file sharing and synchronization, enterprises can enjoy the benefits of improved collaboration and IT elasticity; without increasing exposure to data loss, regulatory penalties, and other compliance risks.
Where s Your Data? In the world of IT, what could be more fundamental than making enterprise data accessible to authorized employees, while keeping that data safe and under control? Yet today a growing number of IT organizations struggle to meet this fundamental requirement. Why? Part of the problem is the consumerization of IT and the BYOD (Bring Your Own Device) revolution sweeping corporate networks. Employees are increasingly relying on consumer mobile devices, such as ipads, iphones, and Android smartphones and tablets as the computing devices for work. A growing number of employees are now carrying multiple portable devices daily 3.5 devices on average according to a recent survey. 1 Employees want business data available on all devices, all the time. Employees have become accustomed to gaining IT functionality as quickly as downloading a new mobile app, and expect new cross-device file sharing challenge to be solved with that same efficiency. Lacking an endorsed file sharing solution from the IT department, employees are signing up for one or more free, public cloud file sharing services such as Box, Dropbox, Google Drive, icloud, and SugarSync and syncing files across systems and devices. To users, this approach seems quick, easy, and free, but to enterprise IT and security teams, it s troublesome, risky, and potentially quite costly. Through ad hoc subscriptions to public cloud file sharing services, enterprises are losing control over the confidentiality, integrity, and availability of data. Employees are sharing valuable intellectual property, such as research documents, design documents, and business plans. Employees are sharing confidential data, such as customer records and sales forecasts data that in many cases is covered by industry regulations, such as GLBA, FINRA, HIPAA, or SOX. Employees hope that public cloud file sharing services won t leak this data, and that third-party administrators won t abuse authority and pry into confidential files. Employees hope, too, that the files shared will remain unaltered that data won t be tampered with or corrupted in any way either by a malicious user or a technical glitch. And also hope that the public cloud file sharing services used won t suffer security breaches; exposing confidential data, or service outages, rending business-critical data unavailable to employees. That s a lot of hoping. Too often, hopes are dashed. Hard as it is to believe, legitimate business users trusted files to MegaUpload, a popular file sharing service hosted in Hong Kong that U.S. authorities shut down when it became clear it was hosting large volumes of pirated data. All files hosted on the service, including files with confidential business data, have been seized and are yet to be released. 2 Another popular service, Dropbox, accidentally turned off all password protection for all files for a four-hour period. 3 Dropbox still can t tell customers whether or not the files were accessed; and if so, by whom. Another service, Box, markets to consumers and business users, yet recently suffered an outage that kept business users from getting to data for several hours. 4 Depending on which set of terms and conditions that are read, Google Drive may or may not claim to own the business data that users post to it. 5 Public cloud file sharing solutions are, it seems, too public and free-form for organizations that need privacy and security. 1 http://www.forbes.com/sites/sap/2012/05/11/average-mobile-worker-carries-3-5-devices-heres-the-downside/ 2 http://www.wired.com/threatlevel/2012/06/feds-megaupload-data/ 3 http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/ 4 http://gigaom.com/cloud/box-cloud-storage-hits-a-glitch/ 5 http://www.zdnet.com/blog/btl/how-far-do-google-drives-terms-go-in-owning-your-files/75228
Staying Safe While Going Mobile Mobility is here to stay, and so is consumerized IT. Businesses need a way of sharing files securely among users and across authorized devices, which include smartphones and tablets that employees bring from home. Traditional file storage and collaboration solutions, including Microsoft SharePoint; typically make it difficult to share files across multiple computing platforms and with external users, such as partners and customers that obviously don t have internal accounts (e.g., SharePoint accounts or entries in Active Directory or LDAP). Enterprises need a convenient, flexible, and secure solution for enabling an, untethered, workforce which increasingly comprises distributed teams with internal and external users to share files with all stake-holders (internal and external) and on all popular devices, while ensuring that IT never loses control of confidential data and data access records. Public cloud file sharing services, such as Dropbox are convenient, but fall short in security and manageability. Not only are public cloud file sharing services subject to security breaches and service outages, the services also don t provide companies any means of auditing file distribution and access. Public cloud file sharing services make it difficult or impossible for companies to meet legal ediscovery requirements as well as regulations, such as GLBA and SOX. Many of the services also violate European data privacy laws, which require companies to know where data is stored and to prevent its distribution and storage outside of national boundaries. Rethinking Cloud File Sharing What is the solution to these file sharing challenges? Consider how companies select and manage cloud services in other areas of IT operations. Public cloud services are popular with development teams, but most IT departments would be reluctant to store valuable intellectual assets or confidential data on loosely controlled public services. For example, IT departments are not rushing to post financial records and HR files on a public cloud system simply to take advantage of the promoted cost savings of cloud computing. When choosing cloud services for IT-managed projects, companies typically trust the public cloud only with non-confidential data outside the provenance of regulatory control. If data is confidential or regulated, most companies store it only on private clouds dynamic, scalable cloud infrastructures, hosted and managed internally. IT departments trust third-party cloud services with private data only if the services can meet strict SLAs, pass audits for rigorous control and security standards, such as SAS 70, and provide the same level of control and monitoring that s available for on-premise solutions. And federal agencies, of course, have even stricter requirements. To ensure agency data is safe, file sharing solutions must use FIPS-140-2 certified encryption for data in transit and data at rest, even if the data is at rest on a mobile device. The solutions should also integrate with agency authentication systems, such as Active Directory and LDAP, and support rigorous authentication standards, such as SAML (Secure Assertion Markup Language) 2.0. Finally, the solution needs to integrate with the document platforms popular with federal agencies platforms, such as Microsoft SharePoint. Needless to say, free, consumer-class public cloud file sharing services, such as Dropbox don t meet rigorous standards.
Going Private with Cloud File Sharing With the public cloud, organizations are resigned to operate using the security standards of a thirdparty cloud vendor. Fortunately, private cloud file sharing is capable of meeting even the highest security standards. With the private cloud, it is still possible to reap the benefits of having data, live anywhere, but organizations can set standards and best practices to reduce threat risk. A private cloud solution for file sharing and synchronization helps enterprises enjoy the benefits of improved collaboration and IT elasticity; without increasing exposure to data loss, regulatory penalties, and other compliance issues. kiteworks The Leading Private Cloud File Sharing Solution The kiteworks solution is available as a 100% on-premise, private cloud, public cloud, or hybrid cloud solution, so enterprises can deploy kiteworks services in whatever configuration best meets IT security needs. Not surprisingly, more than 90% of enterprise customers choose to deploy kiteworks on a private cloud under the watchful eye of IT and compliance departments. Available as a secure, closely monitored service, kiteworks provides all of the file sharing features that today s users want and need; ensuring access to up-to-date files on all devices, all the time: Secure content access from laptop, desktop, tablet, and smartphone devices Synced files and folders Collaborative workspaces with threaded discussions and comments Automatic notifications of file creations, modifications, and deletions File version tracking At the same time, the kiteworks solution gives the IT department fine-grained access controls for protecting data, and ensuring that file distribution and data access comply with internal policies and industry regulations. IT requirements include: FIPS-140-2 compliant encryption of data in transit (SSL) and at rest User authentication LDAP/AD integration SAML authentication standard/single Sign-on File tracking and reporting audit trail for compliance
DLP integration User friendly DRM features Archival integration Enterprise Content Plug-ins (e.g., integration with SharePoint, imanage, and other Network File Shares) kiteworks features a scalable, flexible multi-tier private cloud architecture designed to meet the content storage, content sharing, and collaboration needs of organizations; along with secure, integrated productivity tools, and universal access to enterprise content stores including various public cloud file sharing services, such as Dropbox, Box, and Google Drive. Private Cloud File Sharing Ensuring Enterprise Data Security and Compliance By adopting a private cloud solution for file sharing and synchronization, enterprises can enjoy the benefits of improved collaboration and IT elasticity; without increasing exposure to data loss, regulatory penalties, and other compliance issues. The kiteworks private cloud file sharing enables IT to meet employees demands; without defaulting on IT s mission to protect data, monitor operations, and ensure that user activity never compromises the mission of the organization overall. For more information about the kiteworks solution, please visit www.accellion.com. About Accellion Accellion, Inc. is the industry leader in providing private cloud solutions for secure access and sharing of enterprise information across devices, enabling employees to work securely wherever. Founded in 1999, Accellion is an award-winning, private company headquartered in Palo Alto, California with offices in North America, APAC, and Europe. The company has evolved from its roots in cloud storage into a leading enterprise security software provider. More than 12 million business users and 2,000 of the world s leading corporations and government agencies, including Procter & Gamble; Indiana University Health; Kaiser Permanente; Lovells; Bridgestone; Harvard University; the Securities and Exchange Commission; and NASA use Accellion solutions to protect confidential information, ensure compliance, increase business productivity, and reduce IT costs. Email: sales@accellion.com Phone: +1 650-249-9544 Accellion, Inc. 1804 Embarcadero Road Palo Alto, CA 94303 ACC-WP-0615-PCMDR Accellion Inc. All rights reserved Whitepaper For additional BYOD information: File Sharing www.accellion.com/resources/whitepapers Go Private Cloud to Mitigate Data Risks