Recently Dropbox and Microsoft have publicly promoted new features for their free consumer file sharing solutions that could result in security risks for companies if used incorrectly or by those with malicious intent. Microsoft announced today a change to their SkyDrive collaboration feature. File sharing in SkyDrive is now defaulted to not require authentication.
Dropbox announced their open Sync APIs making it even easier for a 3rd party to register and download the Dropbox SDK and use it to embed Dropbox into applications. Given the already widespread usage of DropBox by not only consumers but also business users, this ease of integration only deepens the risk that enterprise content can leak into the unknown. The simplicity to leverage Dropbox APIs also allows the opportunity for people with malicious intent to develop free apps that users perceive as useful but in turn allows access to dropbox accounts. Behind the scenes the app could be copying content.
And lack of authentication as a default setting can lead to similar negative consequences. For example, without care and attention and end user could inadvertently share documents with unintended recipients.
Accellion advises the following to any organisation looking for a file sharing solution that will protect enterprise information.
1. Ensure you can set authentication to be turned on by default. Sending without this should be the exception not the rule.
2. Restrict the apps your employees can access via the file sharing solution through white/black listing
3. Only approve/white list applications to integrate with file sharing apps after they have been tested internally
4. Increase security by ensuring only the recipient can open up the document.
For more information on how organisations can reduce the risk of data leakage from unsecure file sharing, read this free Osterman Research report “The Need for Enterprise-Grade File Sharing and Sync”.