File sync services like Dropbox, Box, and Skydrive make it very easy to store an individual’s data across multiple devices and share it with friends and colleagues. These freely available file syncing and sharing services are incredibly convenient, but also make it possible to inadvertently expose or share private data.
When sharing a file through one of these services, only the person with the link is able to view the file. But there is nothing stopping the person you send the link to from sharing it again or posting it online. The sharing features in these apps and services makes it possible (and even likely) that private data will be shared publicly.
However, free consumer services are not the only problem. Any system that allows employees and other users to share files leaves open the possibility of mishandling sensitive data. Even the way most email clients will auto complete an email address makes it very easy to accidentally send an internal document or private data to the wrong “Tom” in your address book. Therefore, for sharing sensitive documents (even internally), email is not the most secure medium. It would be better to have an internal document management system, where employees can share links to files that are protected behind a login screen with multi-factor authentication.
The default public settings of free file sharing and syncing services are not to blame if your company’s sensitive data is exposed through them. Especially with free services, there is not a contractual liability on the part of the service provider. They may make their best effort to make a secure system, but if employees at your company share sensitive data on their services, they cannot be held liable. Also, it will be difficult to tell what files could have been leaked and what data could have been exposed.
Keeping sensitive company data off of free file sync applications is a good step in the right direction. But it is also important to keep it encrypted while stored and being transferred so that only the intended recipient and those with the proper credentials can decrypt and view the files and data.
The benefits of simple file synchronization and sharing, should not be understated. They do help employees work more efficiently across all their devices and make it easier for teams to collaborate on internal documents. However, the risks that come with it should give IT security managers pause. If enough employees use these sorts of apps and services to sync and share their business documents, inevitably some sensitive business information will be leaked. Companies seeking to keep better track of how their files and data are disseminated should seek out internal solutions that provide a full audit trail of everything that happens to sensitive files.
Keeping sensitive data secure during the sharing process, requires strong encryption. ASPG’s mainframe encryption software, MegaCryption makes this possible. MegaCryption uses proven cryptographic techniques that allow companies to achieve hardware-enhanced cryptographic processing, secure storage of cryptographic keys, and the ability to securely share confidential data with non-z/OS systems or business partners. The open format of MegaCryption’s encrypted files allows for compatibility across with most PC or Unix environments. If you want to learn more about how you can secure the data on your mainframe, read more about MegaCryption or request a free trial today.