File Sharing/File synchronization/Shared drive services: OneDrive©, Goggle Drive©, Dropbox© …
These services are a very good tool for sharing information. Conceptually, it puts files to be shared OUTSIDE your network. A common problem more and more businesses face today is sharing information with other companies. Collaboration has its distinct advantages, but previously, the only way to share files with organizations outside your company has been enabling VPNs (virtual private networks) that open-up a secure link into your in-house computer network. While the link is secure, once the outside organizations is INSIDE your network, it becomes very difficult to control or even track where they go and what they access.
File sharing gives outside organizations to files & information, but keeps it outside your in-house computer system. Nonetheless, there are several areas of concern in order to maximize the utility of file sharing (technically called “file synchronization”). They were originally developed around consumer use and lack important security features. This is very important – be sure your staff is not already using consumer-grade file sharing. In many organizations, staff have adopted file sharing in order to make the work with each other and outside groups easier. Identify any/how many and plan to migrate off the consumer services onto a secure commercial grade service. Look for a file synchronization service with the following features:
- Fully encrypted access & storage of your files – if hacked, the information will be unreadable.
- Multiple passwords, multiple levels of passwords – every user should be assigned a unique password. File sharing passwords should be managed like internal computer system passwords – REAL passwords changed at regular intervals, no repeats for 1 year.
- Forensics – the service should be able to track any access by anyone at any time. It can be used for training purposes; that is, staff that consistently have problems working with shared files, or prosecution of individuals who deliberately mis-use, steal or damage files.
- Ability to offer “open” access to non-secure information, not unlike landing pages on your website. It could be product information, etc. The file sharing service should give you the option to limit files to read-only.
- Back-up, recovery, versioning – shared files can easily be corrupted, lost, or damaged. The service should maintain several versions of each shared file; that is, file ABC is updated by an employee. The service saves the updated version, BUT still keeps the previous version available for reference and recovery. Typically, a dozen layers or more is a safe “depth”. Some services offer a hundred or more.