The protection of business-critical data is at the top of the agenda among companies – and not just since PRISM. However, good approaches often remain a gray theory, since in everyday life the employees themselves send sensitive or personal data by e-mail. This allows hackers, spies, competitors or secret services to easily read the communication. In addition, the recipient may, in principle, make what he wants – store, forward or even publish it. Ultimately, the sender has no control over this.
Simple and practical
The storage of the data with Dropbox or other publicly accessible online storage services offers, in comparison, a little more security for the information exchange. Access to the files can be limited to certain users. In addition, it can be limited to a fixed period of time. If the sender has not done this, but the file still wants to retract, this is also possible. If it deletes it from the file sharing service, no one can access it in PCs that are synchronized with it.
No problem with large files
In the case of publicly available services, however, the security problem remains that the sensitive data are often transmitted in an encrypted manner via unsafe lines. In addition, the identification and authentication methods for file access are generally not particularly strict, so they can be handled comparatively easily. For these reasons, it is recommended to use a company-specific file sharing solution called Dropbox, a so-called enterprise online store. It allows, for example, data transmission via secure, tunnelled lines as well as strict access checks.
Selection criteria for companies
Enterprise online storage has many other advantages over traditional data exchange solutions. This includes the higher security of the
Public Cloud Storage
More frequently used mobile devices. If this is lost, a dishonest finder can usually open the file from the device memory or an e-mail relatively easily.
If the employee has directly called the file directly in a dropbox, edited and saved, there is no copy in the device memory or e-mail account. In addition, after losing the mobile device on his desktop PC, he can delete the sensitive files from the folder so that they disappear on all networked and synchronized devices.
The employees benefit from the simpler operation of online storage services. These require only a few entries when logging in, are instantly usable with every device, the personal folder structure can be set up as desired and the access data can be sent quickly. In contrast, previous document archives are mostly based on servers in the company's data center. Here, because of the numerous documents, the folder structures are very complex and differentiated. In addition, the use of mobile devices or external partners is usually quite slow.
However, the size limitation of e-mail attachments is usually decisive for switching to an online storage solution. By increasing the use of large files, such as videos, presentations, or high-resolution images, the
limit is used
To a few megabytes more and more frequently to the problem. The alternative alternative FTP server is, however, too complex for many employees, since they mostly need their own software and predefined access data, as well as inserting files into a defined folder structure.
In order to comply with all corporate guidelines, the IT department is often consulted. Even traditional web portals or content management systems like Microsoft SharePoint are too complicated for many employees and their directory structures are too complex.
On the other hand, online storage not only provides a convenient solution for exchanging large files, but also allows automatic data synchronization when employees access multiple devices or different team members. In this case, documents that have just been processed are blocked for other users.
Generally accessible online storage has the disadvantage that the exact location of the data is usually unknown. They are usually provided via cloud servers, which are often distributed around the world. Accordingly, the customer can not
Control who is accessing it or what security precautions are taken. For companies, however, this is unacceptable due to the compliance, data protection and security policies to be adhered to.
A question of security
In addition, the server loses its full data loss. Accordingly, they should offer a unified online store that meets the needs of the employees as well as their own guidelines and protects the intellectual property of the company. This should be administrated by company employees. It is important to know who is responsible for authorizing the data.
Various variants are available for this purpose. For example, companies can have their own solution programmed. This is useful when they have very specific requirements and require unusual functions. However, most people are better off with a solution provided by third-party vendors, since there is no programming required and only minor adjustments to layout or functions are necessary. These are partly also carried out by the provider itself.
The best choice is
The individual online storage can be used with high security requirements in the own data center. Because with the corresponding foreclosure mechanisms
And strictly regulated access rights, sensitive or personal information can be exchanged or processed confidentially. This variant is also suitable for a large number of internal users. However, it requires its own administration, which requires a corresponding effort.
Other possibilities are the use in the cloud or as a hybrid solution. In the case of cloud offers, operation, management and maintenance are outsourced to an external service provider. When many mobile workers and external partners access the data, the solution is appropriate in the cloud.
The data exchange by e-mail
Acceptance among users
Private Clouds ensure a high level of security and are therefore the only reasonable alternative to the cloud for companies. Because a hybrid solution often makes management too complex and public cloud offerings are not suitable for company use because of the often too weak security precautions.
Meanwhile, there are hundreds of vendors of online storage solutions. These change and expand their services all the time. As a result, there is currently no recommendation, but only general indications as to the criteria to be taken into account when deciding. Because of the many variants, companies should consult external service providers to select and implement the solution.
In the field of security, online storage, in addition to two-factor authentication, can provide comprehensive management and encryption methods at
Date offer. The access key can be located centrally at the provider or on all accessing devices. Mixing forms, for example, the provider for file management and the customer itself is responsible for the key management, are usually very complicated.
Companies should be aware of where the data center of the cloud provider is located. Even if there is nowhere a hundred percent security, the legal situation in the United States at least ensures a high level of data privacy. More importantly, the outsourced data can be returned to the company at any time or migrated to other offers. The files have to be completely deleted by the previous service provider. In addition, directories should be moved and modified from any device - with fast synchronization of data.
When selecting the solution, an early involvement of the employees is urgently recommended. Many already use one of the common online storage services. If the implemented solution can be used in a similar way, this considerably facilitates acceptance. The first step is to determine how many employees already use which online storage solution. It should not only be a question of professional use, but also the private ones, on a voluntary basis.
After the decision for a system, this can only be an additional tool, flanked by an understandable idea of the functions as well as an incentive to try it out. In this way, the employees gather experience on the operation and the company information on the acceptance.
Compared to previously used services, however, enterprise online storage has to offer real added value, for example simpler operation, faster synchronization between mobile devices or integration into professional applications. If it is established, the solution should be gradually introduced, opened by a single mouse click in more and more applications, and available via a mobile app.
Then file sharing becomes a success, and sensitive data in unencrypted mails or publicly accessible services are a thing of the past.
No comments:
Post a Comment