Business Risks of Public File Sharing
Posted in Articles on Thursday, September 4, 2014 by Richard Vester - Director, EOH Cloud Services
While there's no doubt that the so-called "public" cloud-based file sharing services like Dropbox and Google Docs offer excellent collaboration efficiencies and are an absolute boon for a mobile workforce, the use of these public file sharing services is fraught with risk for business organisations.
The high level of business user adoption - often without company permission or even knowledge - is creating a scenario where public file sharing is surpassing email as the primary way that employees are sharing company documents, particularly in the BYOD realm.
This creates significant vulnerabilities for a business
The first and most obvious vulnerability is the security risk. Even though the large public file sharing services have sophisticated security protection, this is still no guarantee that the company documents your employees share are secure. The file sharing services are still susceptible to sophisticated hacking attempts - and in fact are even more tempting targets than dedicated business data centres because of their massive levels of adoption. The high-profile breach of Amazon's file sharing service a while back is a good example of such targeting.
And those are only the breaches that one finds out about. Unless there is a high-profile intrusion that makes the news, chances are that company data can be compromised without you even knowing about it. The risk is not only that confidential company information falls into the wrong hands, but that there could be a serious compromise of intellectual property.
Risk of data integrity compromise
Unlike dedicated enterprise-grade file sharing services, public cloud services don't come with SLAs or any guarantees of redundancy or disaster recovery. This means that valuable company information can be corrupted or lost, without any recourse or recovery procedures. Loss of important company data can create costly business interruption or worse.
Governance and compliance
Because of the often cross-border nature of public file sharing services, employees who use them may be unwittingly exposing the company to corporate governance and compliance violations. These regulations often strictly specify where data may be housed and the use of public file sharing services could be wholly inappropriate.
No audit trails
Another aspect of corporate governance, best-practice and information control is a comprehensive audit trail of document development and changes. Public file sharing services typically don't offer any kind of audit trails or version control.
No centralised control or monitoring
Any business would want to control and monitor the sharing of company documents and information. User access permissions and document change permissions are crucial to ensure information integrity. Public file sharing services offer no control and management layer, no monitoring capabilities and no reporting abilities.
Mobile device risks
The massive BYOD trend has created an increased demand for an easy-to-use way of accessing company documents and information on multiple devices. Public file sharing services provide this - and many of them come with downloadable apps that allow the mobile device storage to sync with the cloud storage facility. Of course this means that entire swathes of company data are being stored on any number of mobile devices without any supervision. This creates serious vulnerabilities should the devices be lost or stolen.
So while public file sharing services have their place and can fill some of the gaps for a company that does not yet have a dedicated private file sharing system, they should be approached with caution - and in most cases should not be considered a suitable business solution.
Richard Vester has been in the ICT industry since 1997, intimately involved in product development, operations and product marketing. He has worked for some of the leading ICT companies in South Africa and joined EOH as the Divisional Director Cloud Services in 2012. He has a detailed knowledge and understanding of cloud computing and has developed one of the leading cloud businesses in Africa.