There are several layers of protection and control that should be designed into an end-to-end security solution for file sharing, including:
- Secure transport of data
- Secure file storage
- User authentication
- Access controls
- Monitoring and auditing
Secure transport of data
With Transport Layer Security (TLS) built-in to our web browsers and cell phones, consumers have become complacent about sending files and data over an encrypted communication channel, as long as their browser shows a secure padlock icon.
The reality is that the majority of users do not know which encryption algorithms are being used or their level of security. If your small company deals with Controlled Unclassified Information (CUI) for the US government, then the transport security should be evaluated.
Moreover, for government contractors, there has been an increased importance placed upon NSA-grade encryption and algorithms that are FIPS-compliant. It is important to note that many TLS-based products are not certified by NSA and the National Information Assurance Partnership (NIAP).
Consumer-based file sharing services are intentionally designed for quick enrollment and ease of sharing. Individuals can sign up for free or low cost and begin sharing information with other individual users.
Left to their own oversight, individual users can unintentionally expose proprietary information or leave it open for attack. Small companies require an easy way of granting access to only their users, so that more controls can be placed around company-sensitive information.
Employees within the same organization may want to share their files, but they may not want those files to be accessible outside of their organization.
When using a multi-tenant cloud storage service, there must be enhanced controls around which users and organizations are permitted to access the information. An added benefit is the ability to grant or deny access to individual employees or groups of employees within certain subfolders of the file sharing service.
Secure file storage
It may seem obvious that files should be securely stored or encrypted at rest; however, not all vendors offer this level of service.
An important differentiation of a cloud service is that file-based encryption should not only protect against external attackers, but the cloud service should also protect against internal attackers. Internal employees of the service providers should not have access to, or be able to decrypt the files of, their customers.
Monitoring and auditing
Large organizations have officers that define policies and IT departments that monitor and audit their employees to ensure compliance.
Small organizations often do not have these same capabilities. The lack of oversight not only affects the small organization, but it can also affect the whole supply chain that they support.
A -based service must provide visibility into which users have accessed and manipulated their files, so that small companies can ensure their users are in compliance.
-- Scroll down to continue reading --