A major challenge businesses face when adapting consumer grade file sharing solutions to business use is the lack of detailed audit trail.
Compliance mandates, and best practices, dictate that a full audit log should be available for every file transaction. Consumer grade tools do not meet this requirement, opening up risks for the business and gaps in cybersecurity compliance.
Consumer grade tools allow an audit trail for the initial group of users the file was shared with, but if any of those users choose to share that file with another person, the audit trail stops and no file actions for the newly shared users will be recorded.
Large enterprises mandate a full audit trail of file transactions, sharing and consent, so why shouldn't small businesses also demand the same?
Instead businesses require that the audit trail be recorded for every file interaction by every potential user. All of this is possible with services such as GoSilent Share.
The long-winded version
Below you will find the more detailed, expository version of the content for those who like to read. Plus, the marketers made me write it...
When it comes to secure file sharing, there are a number of requirements that most businesses consider when choosing a solution. Some of the requirements are easily fulfilled by all of the file sharing solutions, but other requirements are only partially satisfied and not well understood until a solution is deployed.
We recommend that you carefully analyze the level of detail and depth of the audit trail provided by the file sharing service.
Why the audit trail is important
Let’s start by understanding why the audit trail for your selected file sharing service is so important.
If you are truly concerned about the security of your files, then you’ll most likely have stringent policies around who can access your data and who can share. Thus your audit trail, the complete list of transactions, including everyone who has accessed, edited, deleted or shared files becomes very important.
It is also important in the event of file recovery. Knowing who deleted files, and from where, can be helpful in restoring what has been lost.
What most secure file sharing services provide
The majority of consumer grade file sharing services provide ease of use and automatic integration (i.e., consider iCloud for the iPhone or OneDrive for Windows). Those consumer grade services also provide a superficial audit trail.. You will be able to know who the file or shared folder was initially provided to, but if any of those users choose to share it on a one-off basis with someone else, you’ll never see it in the audit log.
This means outside of the immediate circle of individuals who the file was first shared with, you’ll really have no idea who has accessed the file. It also means you will have no checks and balances in place to periodically review and ensure your staff is following the desired policies you have for file sharing.
Read the Secure File Sharing Whitepaper
Your complete guide to secure file sharing for small contractors.
What small businesses need in an audit trail
The fact is that most small businesses have the same requirements for file sharing as larger enterprises -- that is, they need a reliable and complete transaction log of activity.
When auditing, you need to know without a doubt that there is a record of everyone who has accessed, changed, or deleted a file at any time to meet most compliance requirements. Most consumer-grade file sharing solutions don’t meet this requirement because they are built for ease of use and integration with personal devices, which is where audit trails are less important.
A solution for both
At Attila, we often deal with small government contractors who are struggling with these very problems, to the point where they refused to use any file sharing services due to the sensitive nature of the data they stored. Secondarily, we have found that many of the small contractors don't have a sophisticated IT staff to select tools and manage their network.
In an effort to provide them with a solution that could work for a highly distributed and mobile team, we paired the best parts of a typical file sharing service with our GoSilent Cube hardware VPN. This became the genesis of GoSilent Share.
The combination of the two technologies solved some of the major problems with audit trails (as well as a few others, like the security of data transmission).
Each employee that needs access to the shared file system is issued a GoSilent Cube (Hardware VPN Device). The secure file sharing system is built to allow access only through connections originating from one of the Cubes.
This means that your employees can only access your file share through a Cube. Every transaction on your data, as well as edits or deletions of files are recorded, which can also be traced to the employee to whom the Cube was issued.
GoSilent Share captures a full and complete audit trail:
- Creation of files and folders
- Transactions on those files and folders
- The employee associated with the transaction
- Permission modifications, such as sharing activities
In addition, administrators can quickly and easily manage groups, and assign access levels to each of the individuals issued a GoSilent Cube. Which allows you to manage access and prevent sharing (even to employees inside your organization who should not be allowed to view).
Small companies have the same requirements for file sharing as large enterprises -- they just don't have the budget or the trained IT staff to deploy an elaborate file share. Selecting a consumer grade file sharing solution is easy, but lacks all of the desired security and audit trail. All of the requirements associated with a complete audit trail are often not well understood, until a solution is fully deployed. That is too late in the process.
Save yourself some time by scrutinizing the security and audit trail of your file sharing solution at the start of your product survey and evaluation process.