Are your cloud file sharing services secure?
Cloud-based file sharing services such as Dropbox and Google Docs offer solutions to many of the document management challenges faced by organizations; it can help to maximize productivity by providing a collaborative way of working, it cuts down on paperwork, and allows users to work remotely across a number of devices.
However, hackers are viewing file sharing services as an easy way of obtaining data, as many of these services do not offer adequate authentication or encryption for data at rest or during transmission. Additionally, users that do have these features available to them may still choose not use them, further increasing the risk of data breaches.
Employees that use file sharing services that have not been approved for use by their organization further exacerbate these issues, as there is no audit trail to access following a breach. A study by the Ponemon Institute revealed that 62 percent of their respondents believed that providing an approved file-sharing tool would reduce employee use of public cloud, further demonstrating the need for organizations to adopt a cloud solution from a reputable vendor.
Organizations considering the move to a cloud based solution need to examine whether the exchange, storage and modification of documents will meet stringent compliance standards. This is especially important to those in the healthcare sector who must ensure that HIPAA security standards are met, or face fines.
The front-end controls of the majority of file sharing services are incredibly robust against hackers, but this does not protect data downloaded or shared outside of the cloud. With approximately 80 percent of clinicians using some type of mobile device in addition to the desktop and/or laptop they use at their office, data becomes even more vulnerable to hacks should a device be lost or stolen; especially if that user has failed to encrypt their device.
When looking for a cloud based collaborative solution, organizations need to consider the following:
The vendor should be able to demonstrate a proven track record for protecting data, and show that every precaution is taken to keep data secure.
Adherence to Safeguards
Especially important in the healthcare sector; the vendor must be able to meet all required and addressable administrative, technical and physical safeguards to support compliance with HIPAA.
Audit trails are crucial to demonstrate that organizations are fully aware of what data has been shared, with whom, and when.
Security of data is paramount. Access control over users, robust authentication and authorization functionality, and multi-layered encryption for data at rest and during transmission are an absolute must.
Scalability, Compatibility and Flexibility
The chosen cloud platform should be scalable, and flexible, allowing users to securely access data across all devices and operating systems.
The solution needs to be easy to use to prevent breaches occurring due to human error as a result of not understanding how to use the solution.
While there are file sharing services out there that offer mutlifactor authentication and encryption, there are few that can offer a full end-to-end solution. This is where Sfax, and its parent company, Scrypt Inc. are able to provide a complete solution to organizations, allowing them to work confident safe in the knowledge that their data is protected by military-grade encryption, and shared securely via a HIPAA compliant data transmission solution.