Ahmet Tuncay, CEO of Soonr, provides information about common file sharing mistakes your customers make, data security vulnerabilities this can cause, and how you can help your customers keep their data secure.
Q: Are there common mistakes businesses make when it comes to file sharing?
Tuncay: Many businesses fail to assess their needs and assume all business-grade file sync and share services are the same. In reality, the ability to sync files across heterogeneous systems like Windows, OSX, Linux, iOS, Android, and BlackBerry, etc., is simply an enabling technology to support a business’s workflow. If the business requires a very high quality of service from an availability and security standpoint, they should ask for service level agreements (SLAs) and audit reports that provide the comfort they need. However, this is just the starting point, and the additional layers of required cloud services, such as computer backup for DR/DP (disaster recovery/data protection), sync, collaboration, and productivity tools, need to be mapped to business logic.
For example, if the workflow in the business requires signing contracts, annotating documents, or even creating and editing Office files from smartphones and tablets — all fairly common in industries like construction, retail, and real estate — then these should be expected as integrated components of the cloud service. It’s always possible to get the required layers from different service providers, but it’s much more manageable and seamless if a single provider can deliver it all.
Q: Can these mistakes make a business vulnerable to data breaches?
Tuncay: Possibly and quite likely. The most basic requirement for any business that cares about data protection is visibility into all the locations data is stored and processed, as well as the ability to perform forensics on device, user, and document access by all users. If manipulating data on “untrusted” devices such as employee-owned smartphones and tablets, and there are no mechanisms to prevent exporting data from the cloud service app to any other app on the device, then it’s safe to assume that company data may “leak” to third-party apps without detection.
Of course it doesn’t help to prevent a worker from doing something he or she needs to do unless you provide a better solution, so policy setting to prevent data export goes hand in hand with the document editing tools built into the cloud service app.
Q: Is this issue complicated by BYOD policies?
Tuncay: BYOD policies exist mostly to prevent the data leakage problem mentioned above and provide some assurance that lost or stolen mobile devices will not create undue risk to a business. Many mobile device management (MDM) and mobile application management (MAM) options exist for businesses, but these are typically not well — or at all — integrated with the cloud-based file sharing service. The best of both worlds is to expect MDM and MAM functionality to be built into the file sync and sharing service — policies for remote wipe, poison pill, device approval, device passcode, multi-factor authentication, and mobile content management should be seamlessly integrated into the cloud service.
Q: Beyond a best-in-breed file sharing program, can VARs and MSPs help their clients in any other ways to keep data secure?
Tuncay: Generally if the file sync and share service architecture is built correctly, with security as a priority, there’s very little incremental risk that is introduced to a business when they start to use cloud-based services. However, this means that any existing policies related to passwords, privacy, sessions, cookies, VPNs (virtual private networks), and the like need to be adhered to even more carefully.
Areas where VARs and MSPs can be very helpful include:
Once the service becomes operational, VARs and MSPs can play a very valuable role acting as the administrator for a team — especially if IT resources are unavailable or not cost effective — helping the business manage security policies, users, and storage on an ongoing basis.
Soonr offers secure file sharing and collaboration and empowers mobile teams and organizations to do business faster from any device anywhere, delivering services through a worldwide network of cloud service providers, VARs, solutions providers, and system integrators.