Page 9 - index
P. 9
Let’s Be Careful Out There: Securing File Transfers
Common file sharing methods don’t offer enterprise-level protection, but there are other,
more secure options available
Picture a typical 200-person organization: Five people are IT staff and the other 195 do
everything from managing the business to boots-on-the-ground execution. Before the Cloud
rolled in, employees collaborated with coworkers, external vendors and partners by sending
files through email or via FTP. But since the arrival of cloud services, people collaborate
through a tangled mix of email, FTP and third-party SaaS platforms, creating a messy file
system that the organization’s five IT experts can’t keep track of. When someone exchanges
a file via email, then uploads it to an FTP server and later stores it in the cloud, it exposes
vital corporate information assets to a wide range of threats.
Users have to share files. That will never change. But when IT isn’t in the loop, it’s a
problem. Users should be empowered to share files using tools they’re most familiar with:
email, file folders, web browsers, and mobile devices. But when users cobble together their
own file sharing systems, IT can’t see where a file is or what happens to it. Let’s look at a
few of these tools, and the blind spots they create for IT managers:
Email: Who hasn’t sent something through email before? Not long ago, sending a document
to yourself was the best—and sometimes only—way to get a file from a work computer to
one at home. Email was seen as a convenient and secure way to move files around. But
most people know better now. Once you’re done battling file size limits, other issues come
up: Is the intended recipient the one opening it? Are they the only person seeing it? IT can’t
track the file once it’s gone, so where is it now, and who has access to it if the email account
is hacked? These are just a few of the ways email falls short as a file transfer solution.
Among the possible places for a security breach is in the sending itself—practically any
consumer-level email service will send data through its whole system—where the service
monitors it. Who are the people that might be getting a peek?
FTP systems: FTP systems are convenient for big enterprises that want a single, central
location for their files. But data can sit on FTP servers for years, all the while keeping the
door open to potential breaches—from inside and outside. And since FTP is an older
technology, it doesn’t employ strong encryption. Therefore, it can’t be trusted any more than
sending a file through email.
Consumer cloud solutions: A few years ago, industry experts predicted the cloud would
change the way we use files forever. No more hard drives. No more worrying about lost
laptops. Sure, we’re carrying around a lot less hardware these days, but groups—both
legitimate and otherwise—have poked holes through the encryption of various cloud apps,
showing that those also lack proper encryption to prevent data breaches. Consumer cloud
solutions are great for sharing family pictures, e-books and other personal files, but for
corporate data and information, and in industries where compliance is of utmost importance,
these clouds just might bring a storm down on you.
Fortunately, email, FTP systems and cloud sharing solutions aren’t the only options
available. File transfer platforms have evolved over the last decade, so modernizing file
sharing doesn’t have to break the bank. For organizations in need of a more strategic
9 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
