Skip to navigation Skip to content

Secure File Sharing for Small Contractors

Scroll to Read

What will you find in this guide?

Most small companies do not have ability to hire a full-time IT staff or effectively monitor the file sharing practices of their organization. As a result, small organizations need a secure file sharing service that is maintained, supported and monitored to ensure that their employees remain in compliance and prevent security risks.

This guide will go into detail about the considerations small business need to take into account when it comes to securely sharing files, as well as the layers of protection necessary for end-to-end security:

  • Secure transport of data
  • Secure file storage
  • User authentication
  • Access controls
  • Monitoring and auditing

You'll learn how GoSilent Share provides a turnkey, private-label, secure, cloud-based file sharing and collaboration solution with true, end-to-end data security .

↓ Scroll to Read

Download the PDF

Introduction

Consumer-based storage, file transfer and file sharing services - such as iCloud, OneDrive and DropBox - have become staples of the consumer marketplace. With their built-in interfaces on our phones, tablets and laptops, these services are often used to quickly share information among groups of people.

While these services are easy and acceptable for individual consumers to opt in to, their overuse can quickly leak into work situations, where information security is much more critical. The lack of oversight and centralized management of these services by an enterprise information technology (IT) department can create data security traps that unsophisticated employees can easily stumble into.

Large organizations (both public and private) employ highly trained IT professionals that define security policies and ensure that their users are in compliance. As such, they can wrap their own policies and procedures around the use of commercial file sharing services so that they are considered safe for enterprise use.

By contrast, many small companies do not have the luxury of hiring a sophisticated IT staff, nor the ability to monitor and report on information security practices. These small organizations need a secure file sharing service that is maintained, supported and monitored to ensure that their employees remain in compliance.

-- Scroll down to continue reading --

Layers of protection and control

There are several layers of protection and control that should be designed into an end-to-end security solution for file sharing, including:

  • Secure transport of data
  • Secure file storage
  • User authentication
  • Access controls
  • Monitoring and auditing

Secure transport of data

With Transport Layer Security (TLS) built-in to our web browsers and cell phones, consumers have become complacent about sending files and data over an encrypted communication channel, as long as their browser shows a secure padlock icon.

The reality is that the majority of users do not know which encryption algorithms are being used or their level of security. If your small company deals with Controlled Unclassified Information (CUI) for the US government, then the transport security should be evaluated.

Moreover, for government contractors, there has been an increased importance placed upon NSA-grade encryption and algorithms that are FIPS-compliant. It is important to note that many TLS-based products are not certified by NSA and the National Information Assurance Partnership (NIAP).

 

User authentication

Consumer-based file sharing services are intentionally designed for quick enrollment and ease of sharing. Individuals can sign up for free or low cost and begin sharing information with other individual users.

Left to their own oversight, individual users can unintentionally expose proprietary information or leave it open for attack. Small companies require an easy way of granting access to only their users, so that more controls can be placed around company-sensitive information.

 

Access controls

Employees within the same organization may want to share their files, but they may not want those files to be accessible outside of their organization.

When using a multi-tenant cloud storage service, there must be enhanced controls around which users and organizations are permitted to access the information. An added benefit is the ability to grant or deny access to individual employees or groups of employees within certain subfolders of the file sharing service.

 

Secure file storage

It may seem obvious that files should be securely stored or encrypted at rest; however, not all vendors offer this level of service.

An important differentiation of a cloud service is that file-based encryption should not only protect against external attackers, but the cloud service should also protect against internal attackers. Internal employees of the service providers should not have access to, or be able to decrypt the files of, their customers.

 

Monitoring and auditing

Large organizations have security officers that define policies and IT departments that monitor and audit their employees to ensure compliance.

Small organizations often do not have these same capabilities. The lack of oversight not only affects the small organization, but it can also affect the whole supply chain that they support.

A cloud-based sharing service must provide visibility into which users have accessed and manipulated their files, so that small companies can ensure their users are in compliance.

-- Scroll down to continue reading --

Secure file sharing made simple.

Ideal for organizations looking to secure data and information shared with third parties, and built to provide true, end-to-end data security, using encryption strong enough for controlled unclassified (CUI) level protection, GoSilent Share is secure enough for every organization.

Secure file sharing with GoSilent Share

Attila Security is committed to, and heavily invested in, securing information on behalf of our customer base. More importantly, Attila has focused on the small companies that do not have the technical expertise to implement a highly sophisticated network topology.

We gained our start by securing data in transit via an NSA-approved hardware VPN that does not require a technical expert to install and configure. Our vision has expanded into protecting information in the cloud via a secure file sharing service, a new platform referred to as GoSilent Share.

Attila's GoSilent Share platform provides a turnkey, private-label, secure, cloud-based file sharing solution with true, end-to-end data security using encryption strong enough for corporate use, as well as controlled unclassified information (CUI) for government contractors.

Designed to be fully controlled and managed by the organization, the GoSilent Share platform combines the award-winning GoSilent Cube, the world's smallest portable VPN, firewall and Wi-Fi hotspot, with Attila's GoSilent Cloud Service.

Together, they create a NIAP-approved, IPSec VPN tunnel, fully encrypted with CNSA algorithms to secure all data in-transit, as well as storage for encrypted structured and unstructured data at-rest.

 

GoSilent_Share_IPSec-VPN-tunnel

With GoSilent Share, even the smallest of GoSilent_Quarter-2organizations can control the authentication, access and auditing of their file sharing. A single pane of glass makes it easy to quickly provision new users, set roles and permissions, and specify access by company, individual, and/or device.

Enterprise-grade layers of protection and control are now available to small companies at a reasonable price point.

Summary

Despite considerable growth in cybersecurity spending, small supply chain subcontractors remain the weakest link for malicious actors to mount an attack.

The proliferation of consumer grade file sharing services makes it easy to share large files or small, but the lack of oversight and auditing can make small companies an easy target.

The GoSilent Share platform was developed to meet this challenge. Attila Security is committed to helping these small companies by providing a service with layers of protection and control, so that an IT staff does not need to be hired to ensure that files can be securely shared and managed.

Whether you are protecting controlled unclassified information or proprietary trade secrets, the security of your file sharing service should be of utmost importance to your company.