Online Content Sharing: Security Considerations

The increasing move towards a remote workforce and fast uptake of smart phone devices shifted how users are accessing and communicating data. Typically, a knowledge worker today, has more than two endpoint devices– basically mobile phone, workstation/laptop and a tablet. All these devices are usually synced in order to be used for business, thus creating the need to access documents and data from any device, at any time and at any place.

A growing number of users have solved the issue of activation on their own in a trend that is known as “Shadow IT”, wherein users subscribe to free and easily available cloud-based applications, and file sharing services without obtaining the decision of the organisation’s IT department. A recent research conducted to understand the perception of the IT department on how widespread the issue is, revealed that Shadow IT was a highly pervasive problem. An overwhelming 75% of IT managers were aware and believed that knowledge workers had access to business information in their own personal file sharing folders.

Risk factors

The risk behind knowledge workers storing business information and personal accounts is that the organisation has no idea about the kind of information being stored in personal accounts or which unauthorised individual has access to that information. In addition, when a knowledge worker leaves the organisation, the information in that personal account goes with him. This is why organisations are looking to deploy online file sharing and collaboration systems (OFS) to offer their workers the access to information and collaboration capabilities that they require, while at same time providing the information technology department the visibility and control it needs to protect organisational data.

 Adobe

In spite of the many benefits of implementing OFS solutions, there are still a number of hurdles, with data securitybeing the topmost priority. The problem does not centre on security concerns for new deployments; rather it focuses more on the security challenges experienced after deploying OFS solutions, such as monitoring and enforcing guidelines, integrating the solution with existing systems and organisational tools and the lack of administrative audit and controls.

The biggest security concerns for any organisation that has implemented OFS solutions, plans to or even interested in considering the solution is usually related to information loss or data security breaches. However, the dangers of exposure to any data security problems, including document content loss is dependent on a number of elements—for public, private, hybrid cloud system—such as best practices in enforcing security by the service provider; security of encryption keys and there storage; and how and where important information is stored on the cloud.

When considering cloud implementation, IT experts must look into the pros and cons of each cloud approach. There are security considerations, control issues, and trade-offs in performance in all approaches.

Public cloud file sharing

In a public cloud deployment, the cloud provider offers maintenance, administration, equipment procurement and data security. The organisation that stores the data in the public cloud file sharing service is responsible for account and user administration.

Some of the advantages of using public cloud file sharing include:
  • The public cloud service provider takes into account all connected costs, such as hardware and software maintenance, infrastructure and staffing
  • The service provider assumes responsibility for the availability of information stored online, backup of files and disaster recovery
  • Implementing and configuring a public account on the cloud is simple and relatively easy to use
Some of the disadvantages include:
  • The organisation is completely dependent on the service provider for document and file security
  • As knowledge workers wait for documents to be uploaded or downloaded, performance might be degraded
  • Depending on the cloud service provider’s terms, file sizes may be limited
  • The organisation is completely dependent on the service provider for a quick response time to unforeseen breakdowns
Hybrid cloud services

In a hybrid cloud service deployment, the service provider supplies some equipment, while the organisation or the knowledge worker also procures internal elements. Both the parties share management responsibilities for the equipment, although the hybrid cloud provider basically absorbs the impact of the work. Administration and maintenance of the application is the responsibility of the hybrid service provider while the administration of the account and the user is the enterprise’s responsibility.

Some advantages of hybrid cloud services include:
  • Local caching helps in mitigating latency issues
  • Greater local capacity helps the enterprise in storing large file sizes
  • Key security controls can be locally maintained by the enterprise
  • The enterprise can easily monitor what information gets uploaded to the cloud and what information stays within the organisation
  • The organisation has the option of relying on the service provider for backup of files and disaster recovery concerning the kind of content stored on the hybrid cloud
Some of the disadvantages include:
  • The organisation has to bear a certain amount of costs associated to storing files onto the hybrid cloud
  • Maintaining and deploying data files onto the hybrid cloud are far more complex to configure and implement
  • There might be data integrity hurdles when applications access information from both locations thus leading to synchronisation issues
Private cloud services

In a private cloud server, the organisation is wholly responsible for all kinds of functions, operations, and maintenance and equipment procurement. Private cloud services may be delivered as a system in which the service provider offers compute cycles, also known as control plane in the cloud, while all information and documents remain in-house. Under such a scenario, the software is often authorised based on a subscription model, while the service provider offers maintenance and administration on the application, whereas the organisation takes charge of account and user administration.

Some advantages of using a private cloud include:
  • Latency concerns are completely eliminated as local file sharing is used
  • There is no limit on file sizes
  • The organisation controls key security factors locally and can incorporate with in-house security procedures
  • Information stays behind the organisational firewall
  • The organisation is accountable and held responsible for all policies and processes involving data protection of the private cloud
Disadvantages of private cloud include:
  • The organisation is responsible for all costs of setting up the private cloud
  • It is extremely complex to maintain and provide the implementation and configuration of the private cloud

Ultimately, no matter how hard one tries, ensuring a 100% secure IT environment, irrespective of how well-established or disciplined the service provider or the IT organisation is, it is an almost-impossible task to achieve. It is important that organisations perform due diligence and ask the right questions when choosing the right service provider for their respective requirements.

Related posts

Leave a Comment

CommentLuv badge