6 must-haves for a secure enterprise file-sharing solution
Facilitating file sharing between government employees and their external stakeholders like partners and constituents can get complicated if the information being shared is of a sensitive nature. Ultimately, information can be categorized into three different segments: content that is safe for publishing openly without restrictions; content that is restricted and can never be shared outside the firewall; and content that needs to be shared outside the firewall, but only if the proper security controls are in place.
This third segment poses significant risk for organizations. Unfortunately, most file-sharing solutions -- whether traditional email solutions like Gmail and Office 365 or public cloud solutions like Dropbox and Evernote -- lack the necessary security controls to protect sensitive files. For organizations that prioritize security over ease-of-use, solutions like Secure File Transfer Protocol are so cumbersome that users often opt for easier-to-use (and less secure) alternatives, often without IT's permission. This is commonly referred to as shadow IT.
The need to share sensitive information with trusted external partners isn’t going to go away. As a result, agencies must identify systems, solutions and processes that let their employees share sensitive information securely and efficiently. Here are some key capabilities agencies should keep in mind when evaluating a file-sharing solution that meets both security and efficiency requirements:
1. Comprehensive file protection. When it comes to securing sensitive information, there is no such thing as a silver bullet. Agencies therefore need a number of security features to ensure sensitive information stays private. Encryption of files in transit and at rest, role-based access, file/folder locking and expiration, watermarking, antivirus scanning and integration with single sign on and data loss prevention solutions are just some of the many security features a file sharing solution should have. Generally speaking, the more security capabilities that are available and deployed, the less likely sensitive information will be compromised.
2. FedRAMP-authorized cloud. Any data migrated to the cloud must be stored securely. In fact, any cloud service provider used by a government agency must be authorized by the Federal Risk and Authorization Program. To become FedRAMP-authorized, CSPs thoroughly document their implementation of controls in personnel, IT and physical security. Given the number of data breaches this year stemming from lax security practices in public cloud storage environments, consider a FedRAMP-authorized cloud solution as essential to data security.
3. Automatic version control. Making sure all users see changes to a file in real time is key to streamlining workflows and improving employee productivity. The creation and storage of multiple versions of files can cause confusion for employees who wonder which version is the most current. Having multiple file versions also creates a greater surface area for hackers. A file-sharing solution that only displays the most current file version (and archives, rather than deletes, earlier versions) ensures every employee with access to the file is working with the right file.
4. Two-factor authentication. Smartphones, tablets and laptops are susceptible to data breaches not only when they are lost or stolen but also when exposed to vulnerabilities in the device or operating system, a compromised Wi-Fi network or brute-force attack. Two-factor authentication, whether it’s an alphanumeric code, predetermined security question, biometrics or other form of authentication, provides an additional -- and therefore critical -- layer of security that mitigates the risk of sensitive information falling into the wrong hands.
5. Automation. Automating file-sharing processes streamlines workflows and enables users to focus on more strategic (read: less tedious) projects. Consider a Defense Department staffer who needs to share a new version of a technical manual with hundreds of affected contractors or even thousands of personnel. An email isn’t efficient or secure. Manually updating individual repositories might take days or weeks. Instead, with automated file sharing, the staffer can create a customized workflow (ideally without the assistance of a software developer) that automatically distributes the file to designated repositories that can be accessed by all affected personnel.
6. Full visibility into all content. Long gone are the days were files were stored in a single repository. It’s not uncommon for public-sector organizations to have files stored on various on-premise enterprise content management systems like SharePoint and Documentum and also in a variety of databases. Productivity increases when employees can find, access and share files quickly, especially if they can do so from a single user interface. For compliance purposes, agencies must demonstrate full visibility into all agency content with a trusted, detailed log of all activity. This includes where a file resides, who has access to it, when is it accessed, what’s done with it (downloaded, printed, shared, etc.), from what IP address and what device the file was accessed. Ultimately, a record of file activity not only provides an audit trail should any file be compromised, but it also provides valuable insight into how users interact with data.
Because government organizations must involve external partners in their workflows, they trust their partners will handle sensitive data responsibly. Having a file-sharing solution that incorporates these components will help agencies maintain a strong content security and governance posture without hampering users’ ability to get their work done.
Bob Ertl is senior director of industry solutions at Accellion.