Are You Sharing Documents Securely?

Document sharing and collaboration isn’t something exotic anymore. It’s part of the everyday fabric of enterprise work life. The ability to work remotely and collaborate with external partners and clients is a basic IT requirement. For many organizations, the solution is obvious, with Microsoft Teams and Google GSuite providing excellent sharing and collaboration capabilities. But those solutions don’t necessarily provide the levels of control and security that many organizations need. And SaaS solutions may be putting important data at risk. In the title, we asked if you are sharing documents securely. If you can’t answer a categorical yes, then the answer is probably no. If you don’t have strong security and data policy baked into how you share documents, you are probably at risk of data leakage.

The Risks

Document sharing and collaboration can expose your organization to a range of data security risks. From the accidental release of information through sharing with the wrong person to problems created by incorrect lifecycle management – for example, not closing access to former employees, the risks are very real.

A recent post on the Compare the Cloud blog pointed out that a new study from cybersecurity company Avast showed only 23% of remote workers had any specific training regarding security on collaboration platforms. The post cites privilege escalation, insecure data sharing, and downloading data to non-secure devices as the three major threat vectors that file sharing and collaboration platforms can exacerbate.

There are also risks that your hosting or solution providers may have access to some of your data, or the file-sharing system is used as an entry point for cyberattacks introducing malware or ransomware or exfiltrating data. Also, taking a single vendor approach can increase risks, for example, where a hack via the email system also compromises your filesharing or vice versa.

Finally, the underlying technology of your file-sharing system can also be a security issue. If you are using a PHP LAMP-stack-based system, those technologies create a never-ending stream of vulnerabilities.

Best Practices

Sounds scary, right? But at a baseline, you can defend against or at least minimize the impacts of many of these risks by using proper data hygiene to reduce your surface of attack. Here are some of the best practices to implement to improve your data security and reduce your exposure to unwanted data leakage.

• Set up organization-wide data governance and data access policies to provide access based on need and to manage who has access to what and for how long

• Educate your staff on data security and safe practices and make sure they understand and respect your policies

• Implement data lifecycle management policies so that you aren’t storing data unnecessarily (reducing drives storage costs and risk of leakage)

• Choose a security-oriented enterprise platform that supports multiple levels of security to give you the flexibility to implement your policies

• Make sure your sharing and collaboration platform is easy to use so team members don’t resort to using third-party solutions to get their work done

• Review policies, performance, and platform use on a yearly basis and adjust where necessary to optimize the balance between ease of use and security

Share Securely with Pydio

When we referred to “security-oriented” platforms earlier, we were talking about platforms like Pydio Cells. Cells is secure by design. Security isn’t an afterthought: it’s part of the DNA of the platform. Pydio is designed to be self-hosted inside your own controlled network where your security administrators set the level of security they want without external dependencies. In some extreme cases, clients run Pydio inside a VPN with no access to the internet at all.

A key security consideration is ensuring your software is actually used by team members. With Cells, there is zero learning curve for end-users. The Material Design interfaces in all apps using a standard, modern application vocabulary that users understand at a glance. Why is ease of use a security concern? Simple – because if your solution is clunky and hard to use, team members will find workarounds using third-party solutions, putting your data at risk.

In more traditional security terms, Cells is built with granular, multi-layer access control to provide the flexibility needed to implement even complex data access policies. Here are a few of our access control features: 

• Shared workspaces are defined and created only by admins

• Cells are workspaces controlled by users. Each Cell inherits all the security rules defined by admins

• Access control lists can be assigned on a user/role/group basis

• Rule-based security policies add another layer of dynamic ACL resolution based on the context of incoming requests or file/folder metadata

• Cells includes embedded IP banning capabilities

• Administration can be delegated. Every page can be granularly assigned for read/write access to specific management roles

For cybersecurity concerns, Cells also includes powerful audit tools. Dashboards provide an overview of the platform usage at a glance. Detailed activity reports and system logs are searchable and can be output in JSON for integration with modern SIEM tools or exported as security reports quickly in XLSX/CSV format. It’s also possible to integrate protection via your antivirus solution to scan incoming documents in real-time. And via our Cells Flows automation tool, you can program automated workflows to trigger custom alerts in real-time in response to any event on the files.