Cloud-based file sharing and collaboration solutions are ripe for the picking, but what’s right for one organization might not be right for another. Accellion presented the pros and cons of various cloud computing choices at the InfoSec World 2013 Conference & Expo last month. To learn more about the top cloud considerations for file sharing and collaboration and to find out where you stand on the privacy and public cloud debate, check out this presentation entitled ”Do You Know Where Your Data Is?
Archive for the ‘Data Security’ Category
It happens every day: individuals on the go turn to free cloud file sharing services to quickly share and access files on mobile devices. The use of these free cloud services including Dropbox and Box is most often not approved by the organization. We’ve heard first-hand the anxiety this causes IT with data security and compliance concerns with users sending out confidential information on a whim, whenever and wherever they please.
Now there is more reason for concern with the publishing of recent research from the University of Glasgow. In the recent report George Grispos of University of Glasgow found that his team could fully recover files that were sent via Dropbox, Box, and SugarSync – even those deleted from the file sharing services. The researchers uploaded a combination of files (Word documents, PDFs, and images); synced with their test devices (an HTC Android smartphone and an iPhone); viewed, saved, and deleted the files; and then made attempts to recover each.
In what InfoWorld calls a “data security perfect storm,” the testers were largely successful, with forensic toolkits recovering numerous deleted files on the Android phone, including 15 files from Box, 11 from SugarSync, and nine from DropBox.
The article reminds readers that these results provide “an excellent example as to why companies need to approach BYOD and cloud adoption with care.” And certainly goes to show that not all cloud solutions were created equal. Accellion provides private cloud file sharing solutions for enterprise use that ensure all enterprise information remains under the management and control of the organization and is not handed over to a third party. Enterprise-level security that extends to all files types, all mobile devices, and all users, is attainable and is a must for today’s organizations on the go. The team at Accellion is here to help.
Employees are more productive than ever. According to the Bureau of Labor Statistics, worker productivity grew 80 percent from 1973 to 2011, and has risen 25 percent in the past 10 years alone.
This uptick is certainly tied to the fact that many employees are able to do their jobs from anywhere. Thanks to flexible work environments and mobile devices, employees are simply better equipped than ever to get their jobs done better – provided they have access to the content they need while out of the office.
To help store and manage access to enterprise documents, 78 percent of Fortune 500 companies rely on Microsoft® SharePoint. And within organizations that have deployed SharePoint, 62 percent of information workers are turning to the application daily to find the files they need. But what happens when those same workers walk out of the office doors and try to access the files via smartphones and other mobile devices? The productivity ends there since for most organizations access to SharePoint stops at the corporate firewall. Why is this? Because external file sharing of files stored in SharePoint is not well supported either for employees wanting access on mobile devices or for organizations wanting to share with external parties.
Lack of external file sharing of SharePoint files leads to increased data risk and reduced productivity. Without supporting mobile access to SharePoint employees seek unsecure workarounds such as downloading files out of SharePoint and sharing via free cloud based services. The same for sharing SharePoint files with external parties. Employees will find a way
But, this doesn’t have to be the case. If you’re ready to mobilize SharePoint or another enterprise content management (ECM) solution, check out the five key requirements to help you maximize security, IT management, and productive employee communications.
With the right SharePoint-enabled secure mobility solution, users can easily and securely get a hold of the information they need and instantly share with others – without a VPN. And, in turn, your organization is able to keep pace with the upward productivity trend – a win-win.
Dropbox, Box, YouSendIt, Google Drive, Evernote, Skype, Google Hangouts. These are just some of the apps that Delyn Simon – a 42-year old executive – rattled off to Quentin Hardy at The New York Times when asked what services she uses on her iPhone.
Forget the malicious cybercriminals, for most IT Administrators, it’s your own employees who are cause for the greatest concern. Downloading dozens of apps aimed to make daily work tasks more automated and convenient has become so commonplace that individuals often don’t think twice about hitting “install” on their smartphones and then using those unapproved apps to access and share company information.
And, the number of different apps within just one organization can be quite startling. In Hardy’s recent article, “Where Apps Meet Work, Secret Data is at Risk”, he shares that the streaming video service, Netflix, discovered employees using 496 different smartphone apps, primarily for data storage, sharing, and collaboration. And, Cisco Systems found several hundred apps touching its own network via employees’ usage.
The risks of accessing these apps for both personal and business interactions become very real when sensitive data is compromised. That’s exactly what happened last week when Evernote, an online note-taking service, experienced a breach, with customer names, emails and encrypted passwords possibly stolen, driving the company to reset passwords for 50 million users.
So, is there any way for organizations to prevent employees from using their own consumer mobile apps? Yes! But, first you must eliminate the need for employees to turn to outside data storage, sharing, and collaboration apps in the first place. That means providing a mandatory alternative – a solution that allows users to easily send, share, and access files and that allows you, the IT administrator, to know what’s being shared, where data is stored, and that corporate data is safe.
Empowering employees with a secure mobile application is the first step to keeping your corporate data safe in today’s mobile world. And it just so happens Accellion can help you with that.
A topic that concerns every law firm CIO and IT manager today is whether to permit legal professionals to bring their own computing devices to work, for work. In other words, to support BYOD or not to support BYOD: that is the question. Or, at least it’s the question of the moment– with law firms, like so many organizations, considering how to support employees’ preferences to use personal mobile devices for work purposes, while keeping corporate documents properly managed and secure.
Should you support unlimited device types? How can you track which documents are shared outside of company walls? How does BYOD fit into your existing compliance strategy? It’s these questions that are currently the talk of the legal world. Check out some recent headlines:
- • “Does Your Firm Have a Bring-Your-Own-Device Policy?”
- • “Top Mobile Use Cases in Law Firms”
- • “Fresno Law Firm Embraces BYOD”
- • “When FTP Sites Aren’t Enough, Law Firm Chooses Secure Mobile File Sharing”
Accellion Chief Marketing Officer, Paula Skokowski, will lead a panel on “Protecting Legal Documents in the Bring Your Own Device (BYOD) Post PC Era” with Chris Zegers, CIO of Lowenstein Sandler, Chad Ergun, Director of Global Services & Business Intelligence at Gibson & Dunn and Avi Solomon, Director of IT at Becker and Poliakoff P.A. at the Law Firm Chief Information and Technology Officers Forum. The panel will take place on Wednesday, January 30, 2013 from 11:30 a.m. – 12:15 p.m. ET in conjunction with the LegalTech New York 2013 conference.
We hope to see you there.
According to analyst firm, Enterprise Strategy Group, the enterprise cloud based file sharing revolution is being driven not by IT, but by end users – individuals who need to access and share data across laptops, smart phones and tablets whenever the need may arise. And, it’s these individuals who often subscribe to consumer-based file sharing solutions on their own and then bring those tools into the enterprise to support business use – creating a data security nightmare for IT.
This situation has IT playing catch up, yet many organizations are hesitant to embrace cloud services. Why? ESG found that 43 percent of organizations are worried about data security and privacy concerns and 32 percent about giving up too much control. Ironically, without a proper file sharing solution in place, users are calling the shots, creating the same security risks and a lack of control that’s been holding them back from the cloud in the first place.
In a new white paper, Evaluating Cloud File Sharing and Collaboration Solutions, ESG advised organizations to find a single, secure file sharing and collaboration solution that they can confidently endorse and provides a checklist of what to ask during the due diligence process, including:
- •Can we sync data across end point devices when offline?
- • Can users easily search for files across synched directory trees?
- • Can we support files of any size?
- • Can we set group policies from a central dashboard?
- • Is there Active Directory integration?
- • Is it easy to de-provision accounts?
- • Is data encrypted in transit and at rest?
- • Are there remote wiping capabilities?
- • Is the data center SAS 70 Type II certified?
- • Is data replicated remotely in the event of site failure?
To help you make a smart investment that’s right for your company, download the complete recommended checklist today.
P.S. Accellion answers “yes” to all of the questions above.
No one would be shocked to learn that organizations aren’t big fans of employees playing online poker or roulette on the job. Which is why, when 1,200 IT decisions makers at private companies were asked to name the top three worst apps that employees could download, gambling was at the top of the list, with 58 percent of responses.
Right behind concerns about bringing a bit of Vegas into the office are serious worries about certain online file sharing applications. But not just any apps – Dropbox and Box in particular. Fifty-one percent of survey respondents named these unapproved cloud file sharing apps as some of the worst offenders in the enterprise, earning the number two spot on the list. And, of the 45 percent of respondents who blacklisted apps, 57 percent named Dropbox and 42percent named Box as the apps being banned.
What happens is that users genuinely need a way to share large files and when there’s not an IT-approved solution in place they find one on their own. Consumer-focused online file transfer solutions, such as Dropbox, are then used behind the scenes to send proprietary documents, creating security risks and headaches for IT. It’s this need for a Dropbox alternative – a secure, proven, enterprise-class solution – that drives organizations to Accellion.
Accellion customer, MiTek, a global construction company, had been there, done that, leading the company to ban Dropbox, deploy Accellion, and not look back. Here’s what Justin Daniels, Web Services/Software Engineering and IT Support Manager with MiTek had to say:
“With public cloud providers, there are so many unknowns when it comes to security: Where exactly are your files? How do you get them back if you change providers? How do you know where your employees are sending files? We weren’t willing to give up the rights to data that was sensitive, proprietary, and was rightfully ours. With Accellion, we know exactly where our files are, can track and monitor both senders and recipients, and enforce file sharing policies at a user- and corporate-wide level.”
When customers say “yes” to Accellion, it makes saying “no” to Dropbox and Box a no-brainer.
With so many organizations wondering how to support the boom of mobile workers, we recently hosted a sponsored webinar, “Empowering the BYOD Workforce”, to provide insight into the state of mobile affairs, the evolving workplace, and what types of users are driving the BYOD charge. In case you missed it, Chris Silva with The Altimeter Group, LLC provided some great research to help guide the development and prioritization of BYOD strategies. Here are some highlights:
- Smartphones are the “it” device: The pendulum is shifting from laptops to smartphones as the mobile screen of choice. Data from Nielsen shows that more than half (55%) of U.S. mobile subscribers have a smartphone – up from 41 percent last year. And that number will no doubt continue to rise with the anticipated arrival of new Google Nexus devices.
- One device is not enough: The average worker now carries 3.5 “mobile” devices (smartphone, laptop, tablet, etc.), up from 2.7 last year, according to the iPass Q1 2012 Global Mobile Workforce Report.
- Mobile computing is now the norm: Insight Research reveals that 89 of the top 100 companies offer telecommuting, with 67 percent of all workers relying on mobile and wireless computing to get work done.
- Work hours are blurred: Research from Good Technology found that individuals are productive well beyond traditional office hours, with more than 80 percent of people continue to work when leaving the office, adding up to an extra 30 hours per month. Plus, 49 percent do work email after 10:00pm and 69 percent will not sleep before checking email.
- Mobilizing sales is a must: The Altimeter Group, LLC found that field/sales employees are the most important user group to mobilize, as these road warriors live on mobile devices and need a simple and secure way to manage, view, store, and share information.
So, the big question is: how do you make enterprise file sharing accessible on phones and tablets to support the mobility trends outlined above, while maintaining tight control and security? Check out our next blog entry to learn how to navigate the security challenges of BYOD while enabling your growing mobile workforce.
An article in CIO reminds us all of the importance of information sharing and collaboration in successful organizations. The need to share and collaborate is not new at all. We can go back to 1620 when a boat filled with more than one hundred people sailed across the Atlantic to settle the New World.
The first winter for the Pilgrims was very difficult because they had arrived too late to plant crops. However, next spring Native Americans shared valuable information about native crops. In the autumn of 1621, the colonists harvested plentiful crops of corn, barley, beans and pumpkins. The colonists had much to be thankful for, and a feast was planned. The local Indians brought deer to roast with turkey and other wild game. This spirit of sharing and collaboration between the Pilgrims and Indians made it possible for the early settlers to prosper in the New World.
In this season of sharing, Accellion has a few tips for sharing corporate information securely with colleagues, customers, partners, and vendors in order to create more productive enterprises.
1. Choose a secure file sharing solution that is simple enough for employees to use, but secure enough for IT. When secure file sharing is easy, employees make it as part of their daily routine and organizations encourage it.
2. Find a mobile file sharing solution that integrates with your existing enterprise IT infrastructure, including SharePoint, iManage, active directory, archiving systems, mobile device management and data loss prevention (DLP) systems. When secure file sharing works along-side existing applications, no one loses out. Investments are not wasted.
3.Implement a solution that enables secure file sharing across corporate boundaries. When both internal and external users securely collaborate on projects, information shared among partners, vendors, and suppliers is protected.
4. Select a solution that provides native applications for iOS, Android and BlackBerry devices to securely view, share and edit content on-the-go. When mobile file sharing is ubiquitous, there is no excuse for using unsecure workarounds.
5. Select a solution that provides the audit trails and reporting required to demonstrate compliance with industry and government regulations such as PCI, SOX, and HIPAA. When organizations need to not only protect sensitive data, but also demonstrate compliance, sophisticated reporting is a must have feature.
Happy Thanksgiving from the Accellion Team!
Does the name Bradley Manning mean anything to you? If you’re a government organization, the name is synonymous with “colossal data breach” – as Manning spearheaded the biggest leak of classified information in our nation’s history.
To briefly recap, Manning, a U.S. Army soldier, single handedly accessed more than 900,000 intelligence documents, including daily war logs from military operations in Afghanistan and Iraq. And he did it by downloading files onto CDs labeled “Lady Gaga”, which he shared with the whistleblower site, WikiLeaks.
According to Manning’s published chat logs, the event was “childishly easy”; “no one expected a thing”; and the “weak servers, weak logging, weak physical security, weak counter-intelligence, and inattentive signal analysis created a perfect storm.”
With Manning’s trial just a few months away, we take a look back to share three important lessons learned from this monumental event:
Lesson #1: DLP is Important: While Manning had access to a classified network used by the Department of Defense and the State Department, having a data loss prevention (DLP) solution in place that scanned information, across all network points before it left the network, would have provided an additional line of defense to prevent the data from being downloaded – to a CD, flash drive, or any other storage mechanism.
Lesson #2: It’s Time to Cast a Wider Security Net: Because most government agencies are large, data security can be focused on the “core” or interior of the network versus the perimeter of the organization. But, big data security challenges arise as employees have new ways to view and share confidential data – via BYOD movements, wireless access points, and consumer-based, third-party file sharing sites. Now that networks have become more decentralized, agencies need to deploy a wider “net” to secure and manage data.
Lesson #3: Security and Large File Size Aren’t Mutually Exclusive: Large data transfers are not only common within the government domain, they are often required. But how are agencies securing and managing that data? And, can large files be shared simply and on demand? To address these needs, organizations are turning to mobile file sharing solutions that give employees the ability to send and synchronize large, classified and confidential documents with ease, while giving IT the security, authentication, encryption and file tracking and reporting capabilities necessary to support data security best practices.
These are three key lessons to remember as we move into 2013 and strive to keep newsworthy security breaches a part of our past, fully protecting government data exchanges of the future.