The growing popularity of consumer file-sharing software is clear. In March this year, a Strategy Analytics survey concluded that iCloud and Dropbox were the most widely used cloud platforms in the US. Worryingly, Dropbox also boasts approximately 2 million enterprise customers, with 95% of the Fortune 500 featuring on this list.
In spite of this mass adoption, the security history for both of these solutions is not without blemishes and Dropbox in particular has had various issues in recent years.
For instance, at the beginning of April this year, Nir Goldshlager, one of the world’s top white hat security researchers, discovered a critical defect in Dropbox’s security that could have potentially allowed hackers to hijack the Facebook accounts of Dropbox users. Although this defect was patched before anyone could exploit it, it was a troubling example of how vulnerable these consumer-grade solutions are.
As if that wasn’t bad enough, many Dropbox-specific email accounts are still plagued by spam resulting from a data breach in August last year when a Dropbox employee’s email account was broken into and a file containing customer contact details was stolen.
One of the main issues with consumer-grade services is that they have a larger hacker attack profile. Hackers are very wise to the amount of sensitive corporate data that is shared through these services every day and they are even wiser to their questionable security protocols, making companies who use these an attractive target.
For example, business leaders examining the privacy policies of consumer file-sharing solutions will notice that the providers could be gathering information about companies from the files transferred through the service. It is difficult to gauge what these providers are doing with this information and it is very unlikely that it is stored with enterprise-level security.
When companies charge a third party with the movement of their data, there is always some risk involved. A good MFT solution can significantly alleviate this risk in a number of ways:
1. Full control over data encryption keys to organisations using the service. This is achieved with Public Key Infrastructure that ensures only customers can read their data.
2. Help companies satisfy regulatory compliance. When taking a closer look at the terms and conditions of consumer file-sharing offerings, business leaders will notice that many do not mention compliance. Companies in the financial sector are particularly vulnerable to compliance pitfalls as they must meet the Payment Card Industry Security Standard (PCI DSS). Achieving compliance is no mean feat, and relying on a consumer-grade solution will either make the job even harder or simply won’t work. Leading MFT providers equip companies with the required functionality to reach compliance such as enterprise-grade encryption and the assurance that files will not be kept in a publically accessible zone.
3. Centralise control over file transfer and allow IT to easily implement and enforce policies. Solely relying on a consumer file-sharing service will often decentralise control over the movement of corporate data because it presents no way for the IT department to monitor it. For example, if a company were to use Dropbox for its file-sharing provision, every employee might have an individual account handling sensitive corporate information. The IT department would have no way of knowing who staff members were sharing information with. This presents various implications, including a potential breach of the Data Protection Act.
A company that uses a leading MFT solution is better able to securely manage external, internal, and ad hoc file transfers conveniently through its existing network by snapping on to the existing email service. It will guarantee the most stringent levels of compliance such as PCI DSS, FIPS-140-2, HIPAA, and SOX. Any solution worth its salt will also offer a flexible service, deployable in the cloud, on premises, or fully managed, giving organisations the confidence that they are receiving the convenience and functionality of a consumer solution with enterprise-level security and compliance.