What Consumers Believe About Cloud File Sharing & Why That s a Warning to IT Pros

Similar documents
Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

10 Hidden IT Risks That Might Threaten Your Law Firm

Desktop and Laptop Security Policy

Why SMS for 2FA? MessageMedia Industry Intelligence

Was the hard drive encrypted?

Take the cost, complexity and frustration out of two-factor authentication

Protecting Your Data On The Network, Cloud And Virtual Servers

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Password Management Evaluation Guide for Businesses

Automatic Drive Locking: Securing Digital Content Storage in the Digital Home

Security Architecture Whitepaper

Cloud Computing. Security Practices for General User. Examples of Popular Cloud Service Providers

A Guide to Managing Microsoft BitLocker in the Enterprise

KEY STEPS FOLLOWING A DATA BREACH

ADAPTIVE USER AUTHENTICATION

Small Business Protection Guide. Don t Leave Your Business at Risk Protect it Completely

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

Are You Prepared for a HIPAA Audit? 7 Steps to Security Readiness GUIDE BOOK

The Network and The Cloud: Addressing Security And Performance. How Your Enterprise is Impacted Today and Tomorrow

Internet threats: steps to security for your small business

HIPAA Compliance Review Analysis and Summary of Results

Remote Access Securing Your Employees Out of the Office

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Securing corporate assets with two factor authentication

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

Power your small business with cloud and mobile

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

Massachusetts MA 201 CMR Best Practice Guidance on How to Comply

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Preparing for the HIPAA Security Rule

Encrypting Personal Health Information on Mobile Devices

Choosing Encryption for Microsoft SQL Server

WHITE PAPER. Stay ahead (of data leak) with Data Classification and Data Loss Prevention

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

UF IT Risk Assessment Standard

Guidance on the Use of Portable Storage Devices 1

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

Protecting Student and Institutional Privacy Data Encryption for Education

IRONKEY CASE STUDIES. Healthcare Solutions

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Securing Virtual Desktop Infrastructures with Strong Authentication

Cloud Backup and Recovery for Endpoint Devices

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Balancing Cloud-Based Benefits With Security. White Paper

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE

Policy: Control of Unclassified Electronic Information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

DSHS CA Security For Providers

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

Information Security for the Rest of Us

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

The Real State of WiFi Security in the Connected Home August 25, 2015

Teradata and Protegrity High-Value Protection for High-Value Data

Cyber Self Assessment

Know the Risks. Protect Yourself. Protect Your Business.

2014: A Year of Mega Breaches

Why Encryption is Essential to the Safety of Your Business

Moving Beyond User Names & Passwords

FACT SHEET: Ransomware and HIPAA

Security in the smart grid

Sample Data Security Policies

Reducing Cyber Risk in Your Organization

IBM Data Security Services for endpoint data protection endpoint encryption solution

Infocomm Sec rity is incomplete without U Be aware,

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Who Controls Your Information in the Cloud?

How Much Do I Need To Do to Comply? Vice president SystemExperts Corporation

Storage, backup, transfer, encryption of data

SecureAge SecureDs Data Breach Prevention Solution

Research Information Security Guideline

Encryption Buyers Guide

What Do You Mean My Cloud Data Isn t Secure?

Who must complete this training

A Comprehensive Plan to Simplify Endpoint Encryption

SHS Annual Information Security Training

Neoscope

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

ENISA s ten security awareness good practices July 09

Storing and securing your data

Mobility, Security Concerns, and Avoidance

10 Top Tips for Data Protection in the New Workplace

10 Hidden IT Risks That Might Threaten Your Business

Readiness Assessments: Vital to Secure Mobility

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

Cyber Essentials Questionnaire

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Host/Platform Security. Module 11

The Cloud App Visibility Blindspot

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Latest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Transcription:

20151019 What Consumers Believe About Cloud File Sharing & Why That s a Warning to IT Pros

TABLE OF CONTENTS THE ELEPHANT IN THE ROOM 3 ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS 4 1) COMPLETELY BLOCK CLOUD FILE SHARING SERVICES 5 2) SANCTION ONE FILE SHARING SERVICE 6 3) ESTABLISH A METHOD TO ENCRYPT FILES BEFORE SAVING IN THE CLOUD 7 SECURING YOUR DATA THE RIGHT WAY 8 2

THE ELEPHANT IN THE ROOM For a long time, cloud file sharing services such as Box and DropBox were the dirty little secret that IT pros did not want to talk about. Their convenience won over droves of office employees, who adopted the services to share files with coworkers, consultants and contractors even with themselves: Cloud file sync and share services are a waystation for documents later accessed via various devices at home offices or on the road. Office workers are adopting cloud storage solutions. For a while, IT pros looked the other way, mirroring their initial reaction long ago when USB thumb drives emerged on the scene. In that case, employees loved the convenience of the portable storage drives; IT pros were ultimately forced to find a way to manage them or to block them. That same evolution is happening with cloud file storage. End user preference today for cloud file sharing solutions is readily apparent to everyone, including those oft-reticent IT pros. A recent Harris Poll survey of over 2,000 U.S. adult consumers commissioned by WinMagic showed that 64-percent of respondents use cloud storage solutions. 3

ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS Outside of the obvious productivity benefits, these file services bring with them a range of potentially harmful security concerns. High profile examples include cases where hackers harvested compromised credentials to steal information from cloud accounts. More subtle security concerns involve how Office workers think data saved via cloud storage services is safe. the cloud services handle the data, especially if queried by law enforcement or other government officials. Unfortunately, these security issues are not on the minds of the consumers who are adopting cloud file sharing; storing important, sensitive, and confidential files in the cloud; and availing their employers to reputation, regulatory, and legal backlash. According to the Harris Poll survey previously mentioned, 76 percent of cloud storage service users are at least somewhat confident in the security of their stored data. Consumers think the data is safe. Given the two major takeaways from WinMagic s survey (office workers will use cloud storage services, and they think data stored in the cloud is safe), IT pros have three options: 1 2 3 Completely block cloud file sharing services Sanction one file sharing service that provides enterprise security features Establish a seamless, company-managed method to encrypt files before they are saved in the cloud and shared 4

ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS 1 COMPLETELY BLOCK CLOUD FILE SHARING SERVICES The first option for IT pros is to block cloud file sharing services altogether. This option flies in the face of the convenience of the services. Cloud file sharing services create a much more productive office environment, as employees can work after the day is done, can more easily access files while traveling or working remotely, and can collaborate more readily with third parties. Blocking these services places companies at a competitive disadvantage. Locking consumers out of cloud file sharing services is hard, if not impossible. More and more companies are adopting BYOD (Bring Your Own Device) policies that allow employees to access company data on their personal cell phones or laptops. Keeping track of all the endpoints is maddening, not to mention all the data on those endpoints. 5

ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS 2 SANCTION ONE FILE SHARING SERVICE THAT PROVIDES ENTERPRISE SECURITY FEATURES The second option for IT pros is to sanction one particular file sharing service and adopt so-called enterprise security solutions and protections provided by that service. DropBox, for example, promotes DropBox for Business, which is essentially the consumer DropBox service along with extra features to make sure the service is secure and managed. For companies leery about data storage beyond their own firewall, cloud storage providers offer on-premise options, where the cloud is created within one of the company s servers. By sanctioning one cloud file sharing service, companies assume that employees will exclusively adopt that service. Unfortunately, employees have likely already adopted a cloud file sharing solution of their own, and as noted before, it s hard to stop them from using it. The end result is a patchwork of permitted and blocked offerings. The willy-nilly use of them by employees would create confusion and potential IT hiccups, leading to more complaints and frustrations. More importantly, even the most secure cloud file sharing services present a tragic flaw the service owns the security, not the company using the service. Which means the strength of the security stops at the service. This should create unease among companies. High-profile incidents over the past several months have shown that cloud storage providers are susceptible to breaches, just like anyone else. 6

ADDRESSING EMPLOYEE CLOUD SECURITY PERCEPTIONS ESTABLISH A METHOD TO 3 ENCRYPT FILES BEFORE SAVING IN THE CLOUD After evaluating the ramifications of the first two, the third and best option is to establish a way to encrypt the data before it goes into the cloud, and make sure that method is seamless to employees. Establish a seamless, company-managed method to encrypt files before they are saved in the cloud and shared Many ways exist today to encrypt files; it s important for companies to choose options based on a long legacy of encryption expertise and leadership. The WinMagic approach for encrypting files shared in the cloud, SecureDoc CloudSync, leverages WinMagic s nearly two decades of experience with endpoint focused key management and is based on a FIPS (Federal Information Processing Standards)-certified encryption engine that protects laptops and servers storing highly sensitive data. correctly, and with cloud file storage approaches, companies should demand to manage the keys governing their data. To be fair to the cloud storage providers, they are not fundamentally in the security business. They are in the data storage business. And they provide a very convenient, effective service. In addition, the cloud service providers are not preventing their customers from securing data on their own. Although some cloud storage providers do in fact encrypt data they store, they manage the encryption keys as well. As such, if a hacker guesses a password, a cloud insider wants to take a peak, or the cloud provider provides access to law enforcement, the data is exposed. Plus, the data is not encrypted and is vulnerable while being copied to and from the cloud. A far more secure approach is for the company to own and manage the encryption keys. For while it is true that the only failsafe protection for files is to encrypt them, the encryption is only effective if the keys are managed 7

SECURING YOUR DATA THE RIGHT WAY When securing files destined for the cloud, companies must select a solution that manages encryption keys in a transparent and seamless way. WinMagic s SecureDoc CloudSync provides a centralized encryption and key management approach for securing cloud files. There are a few key features that make SecureDoc CloudSync a very effective approach: 1 2 3 It is seamless to the end user: SecureDoc Cloud provides a transparent way for user authentication, thereby allowing approved users access to encryption keys for files stored in the cloud. In addition, the solution provides highly secure methods for sharing keys with trusted third parties so that they can access encrypted files. For example, passwords are not needed for files shared with co-workers. It is flexible: WinMagic reps have found that in regulated industries, companies only want to be responsible for data that is related to work, while allowing their workers to save and access personal documents from their work machines. These companies deploy WinMagic solutions that encrypt files related to work but do not affect personal files so that they fall outside of scope of the regulatory compliance requirements. It centralizes encryption management across a company: As noted previously, cloud storage vendors are not in the security business; cloud storage users should look to a security vendor to handle security. WinMagic s SecureDoc Cloud provides a centralized management point for cloud file encryption and encryption of laptops, servers and devices. As data security reporting requirements change or are enacted by law, this centralized management method can prove that data is encrypted. For example, if a cloud-stored file is stolen, it would prove the data was encrypted and therefore out of scope with certain data breach notification requirements. 8

SECURING YOUR DATA THE RIGHT WAY The concept of employee-enabled data file mobility is not new. It s as old as the floppy disk. With each new method for moving data files CDs, USB drives, and cloud file storage enterprises have dealt with the security consequences. Cloud file storage solutions are arguably far more dangerous than previous approaches, given the attack surface is available to anyone with an Internet connection. IT pros should evaluate the risk inherent to cloud file storage solutions the same way they evaluated risks of the previous methods for transporting files. At the same time, they should bear in mind that consumers assume data stored in the cloud is protected. IT pros must deploy encryption and key management solutions that secure files stored in the cloud in a managed way. The approach must be seamless to users and must include a strong endpoint encryption method. WinMagic s SecureDoc CloudSync is an ideal choice. INCLUDE ENCRYPTION & KEY MANAGEMENT WinMagic provides the world s most secure, manageable and easy-to-use data encryption solutions. With a full complement of professional and customer services, WinMagic supports over five million SecureDoc users in approximately 84 countries. We can protect you too. WinMagic Inc. Phone: 905.502.7000 Fax: 905.502.7001 Toll Free: 888. 879. 5879 sales@winmagic.com www.winmagic.com Click here to request a free evaluation 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information