Category Archives: File Sharing

Bringing the enterprise out of the shadows

Ian McEwanIan McEwan, VP and General Manager, EMEA at Egnyte discusses why IT departments must provide employees with secure, adaptive cloud-based file sync and share services, or run the risk of ‘shadow IT’ — inviting major security vulnerabilities and compliance issues within organisations.

The advent of cloud technology has brought a wide range of benefits to businesses of all sizes, improving processes by offering on-demand, distributed access to the information and applications that employees rely on. This change has not only made IT easier for businesses, it is also fueling new business models and leading to increased revenues for those making best use of the emerging technology.

The cloud arguably offers a business the greatest benefit when used for file sync and share services, allowing users to collaborate on projects in real-time, at any time on any device from any geographic location. File sync and share makes email attachments redundant, allowing businesses to reclaim and reduce the daily time spent by employees on email, as well as the chances of files being lost, leaked or overwritten. If used correctly, IT departments can have a comprehensive overview of all the files and activity on the system, enabling considerably better file management and organisation.

Employees ahead of the corporate crowd

Unfortunately business adoption of file sharing services is often behind where employees would like it to be and staff are turning to ‘shadow IT’ – unsanctioned consumer-grade file sharing solutions. These services undermine the security and centralised control of IT departments. Businesses lose visibility over who has access to certain files and where they are being stored, which can lead to serious security and compliance problems.

CIOs need to protect their companies from the negative impact of unsanctioned cloud applications by implementing a secure solution that monitors all file activity across their business.

Secure cloud-based file sharing

To satisfy both the individual user and business as a whole, IT departments need to identify file sharing services that deliver the agility that comes with storing files in the cloud. It starts with ensuring that a five-pronged security strategy is in place that can apply consistent, effective control and protection over the corporate information throughout its lifecycle. This strategy should cover:

  • User Security – controlling who can access which files, what they can do with them and how long their access will last.
  • Device Security – protecting corporate information at the point of consumption on end user devices.
  • Network Security – protecting data in transit (over encrypted channels) to prevent eavesdropping and tampering.
  • Data Centre Security – providing a choice of deployment model that offers storage options both on premises and in the cloud and total control over where the data is stored.
  • Content Security – attaching policies to the content itself to ensure it can’t leave the company’s controlled environment even when downloaded to a device.

A solution that addresses these security areas will allow efficient collaboration without sacrificing security, compliance and control.

A user friendly, business ready solution

Furthermore, the selected solution and strategy will need to keep up with business demands and industry regulations. Flexibility can be achieved if businesses consider adaptive file sharing services that give them access to files regardless of where they are stored – in the cloud, on premises or a hybrid approach. This enables a business to adapt the service for its own changing business preferences, as well as industry standards that can dictate where data is stored and how it is shared. Recent changes to the US-EU Safe Harbour regulations which determine how businesses from the US and EU must share and keep track of data, highlight the necessity for businesses to have an adaptive file sharing solution in place to meet the demands of new regulations,  or else risk heavy fines and reputational damage.

The final hurdle towards successful implementation of a cloud-based file sharing service is ensuring user adoption through simple functionality. If a service isn’t easy to use, staff may find themselves falling back on shadow IT services due to convenience. It is important, therefore, that IT seeks solutions that can be accessed across all devices, and can be integrated with other popular applications already in used within an organisation.

The integrity and privacy of a business’ information requires a secure, adaptive cloud-based file sharing solution that gives organisations comprehensive visibility and control across the lifecycle of its data. Overlooking the security implications of shadow IT services can result in a company incurring significant costs – not just in financial terms, but for a company’s brand, reputation and growth potential. It’s time for IT departments to act now and adopt cloud services that enable efficient collaboration, mitigate any chances of risk and lift the shadow from corporate data.

File Sharing in Parallels Access 3.0

There are a number of great features in the recently released Parallels Access 3.0, but the one I believe that I’ll use the most is the ability to share files directly from my Mac, without any uploading to a cloud service. Don’t get me wrong—I love the Cloud, and Dropbox has saved me more times […]

The post File Sharing in Parallels Access 3.0 appeared first on Parallels Blog.

7 Things About Parallels Access Your Boss Wants to Know

We’ve all been there—you’re out and about, but you get an email from your boss asking for an urgent file. Thankfully, you can do this: That’s right—with Parallels Access, it’s easy to get what you need anytime, anywhere. As the typical 9-to-5 workday continues to evolve, remote access and productivity tools are becoming even more […]

The post 7 Things About Parallels Access Your Boss Wants to Know appeared first on Parallels Blog.

Secure File Delivery with an Audit Trail

My Docs Online has enhanced its web-based secure file delivery feature to add additional controls and a comprehensive delivery audit trail.

“We were the first to offer web-based file delivery, back in 1999,” said Stephen Campbell, CEO of My Docs Online, “and we’ve consistently enhanced and expanded our capabilities as user needs have evolved. What we are seeing now is the need for optional controls like passwords, variable expiration limits, and most importantly, a detailed audit trail documenting delivery and the ability to make changes after the fact. No other product offers our range of options coupled with an audit trail.”

In order to offer such a wide range of options without making the feature cumbersome to use, customization controls allow unneeded options to be hidden, allowing a streamlined, custom experience for each user. In addition, group administrators can control defaults and enforce group policies such as requiring passwords or setting a fixed expiration.

The new “Smart Label” feature allows users label a Share, and also save default values like custom comments and expirations for future use. Smart Labels also add more value to the Share Management portion of the product, making it easier to locate, verify and control Shares.

Users also have the option to generate a link they can send themselves, or select email addresses from an address book and let My Docs Online send the email.

The file delivery page displays the customer’s logo, and offers an optional zipped download of all files when there is more than one.

A web API is also available for third-party use.

More details are available in the My Docs Online FAQ.

When Businesses Share Files They Need Control, Tracking and Audit

When My Docs Online, an online file sharing and delivery service with 15 years experience, revamped their Share feature in July, they focused on control, tracking  and audit.

“We’ve been doing this for businesses and professionals for some time,” said CEO Stephen Campbell, “And we know that in addition to ease of use for both sender and recipients, the sender also needs the ability to control, modify, and track delivery.”

The result is the addition of a Share Management tool that lets senders see exactly what transpired on the receiving side, with download logging, IP addresses, and results. The new tool also allows easy cancellation, modification of expiration, addition or change to delivery passwords, and more.

The new release also introduced labels to allow tagging of a Share with a meaningful label, including “Smart Labels” that pre-determine delivery features including a default password, number of days before the delivery expires, and a pre-formatted comment.

“A decade ago all our file deliveries were done with My Docs Online sending an email on the customer’s behalf,” said Campbell. “Now fully 50 per cent of the time customers choose to get a link from us and send it themselves. The label option in part replaces the email address they are no longer including, making it easier to find and track a particular Share.”

Six weeks into the new release, the company has been able to gain some insight into usage patterns:

  • 8 percent of Shares use a delivery password for increased security
  • 59 percent involved a single file, and another third were for between 2 and ten files. Only one in a hundred Shares involved more than 30 files.

More stats and info are available on the My Docs Online blog.

How an Adwords Campaign Accidentally Exposed Dropbox and Box User’s Confidential Files

We previously reported on a Dropbox Security Snafu (and their correction for it). Now we’re learning more about how it came about, and how it was discovered.

There are several ways users can inadvertently leak confidential files, but the one that is the real head-scratcher is a combination of a user entering the URL of a Dropbox or Box file-sharing link in their browser’s “search box” rather than the “URL box”, combined with Google AdWords campaigns by competitors who want their ads to appear with people “search” for Dropbox or Box (pretty standard stuff).

The sites running such a campaign then — completely innocently — see what users are searching for, and what they are “searching for” turns out to be fully-clickable URLs to files that often contain sensitive personal or company data.

If you think that’s too rare a scenario to worry about, think again:

In one short and entirely innocently designed ad campaign alone, we found that about 5 per cent of hits represented full links to shared files, half of which required no password to download. This amounted to over 300 documents from a small campaign, including several tax returns, a mortgage application, bank information and personal photos. In one case, corporate information including a business plan was uncovered.

That’s from Richard Anstey of Intralink, the people who stumbled on the issue.

Look at this to see (redacted) images of one person’s tax return, and another’s mortgage application. Identity theft, anyone?

Read more about how Intralink discovered all this, along with some good advice on protecting yourself.

TL;DR: sensitive file? Use a sharing application that offers a password or PIN option.

Dropbox Forced to Kill Shared Links Due to Security Snafu

Oops! Dropbox announced it is killing existing shared links where documents include ordinary hyperlinks to websites. The problem is the plain old referrer in the header tells that website the URL the inbound link came from. That’s a standard way sites know where their non-direct traffic is coming from. In this scenario, however, the referrer is the URL of the shared dropbox document.

The symptom Dropbox users will experience? Complaints from recipients that the link they were given doesn’t work (if in doubt check the link yourself).

From the Dropbox post on the issue:

While we’re unaware of any abuse of this vulnerability, for your safety we’ve taken the following steps to make sure this vulnerability can’t be exploited:

  • For previously shared links to such documents, we’ve disabled access entirely until further notice. We’re working to restore links that aren’t susceptible to this vulnerability over the next few days.
  • In the meantime, as a workaround, you can re-create any shared links that have been turned off.
  • For all shared links created going forward, we’ve patched the vulnerability

Here’s how to rebuild affected links.

Aereo Decision: the Cloud at a Crossroad?

Broadcasters’ latest legal target is 2-year-old upstart Aereo—which retransmits over-the-air broadcast television using dime-sized antennas to paying consumers, who can watch TV online or record it for later viewing. The case, before the Supreme Court, may have impact on cloud computing generally, not just on Aereo’s business. A federal appeals court said that Aereo’s service is akin to a consumer putting a broadcast antenna atop their dwelling. Aereo, the appeals court ruled, “provides the functionality of three devices: a standard TV antenna, a DVR, and a Slingbox”

Companies like Google, Microsoft, Mozilla, Yahoo, and others are worried that a victory for the broadcasters could upend the cloud. The companies, in trade association briefs, told the justices in a recent filing that the “dramatic expansion of the cloud computing sector, bringing with it real benefits previously only imagined in science fiction, depends upon an interpretation of the Copyright Act that allows adequate breathing room for transmissions of content.”

Consider any file-hosting service that allows people to store their own material, such as Dropbox. What if it can be shown they are storing copyrighted work. Do they need a license?

Mitch Stoltz, an Electronic Frontier Foundation attorney, said in a telephone interview that, “If the Supreme Court rules in favor of the broadcasters, their opinion might create liability for various types of cloud computing, especially cloud storage.”

But, in urging the high court to kill Aereo, the broadcasters said that “The disruption threatened by Aereo will produce changes that will be difficult, if not impossible, to reverse.”

More detail and analysis.

Dropbox Outage Postmortem: Not Hacked, Just Another Maintenance Fiasco

 

From Dropbox:

…On Friday at 5:30 PM PT, we had a planned maintenance scheduled to upgrade the OS on some of our machines.

…In this case, a bug in the script caused the upgrade to run on a handful of machines serving production traffic.

…some master-slave pairs were impacted which resulted in the site going down.

…We were able to restore most functionality within 3 hours, but the large size of some of our databases slowed recovery, and it took until 4:40 PM PT today for core service to fully return.

Deeper details

Secure File Delivery API Aimed at Medical Records Sharing

My Docs Online yesterday released its “Secure File Delivery API” which allows web and mobile apps to easily incorporate HIPAA-compliant file delivery. Although My Docs Online supports a wide variety of professionals and small businesses needing secure file sharing, a significant part of their customer base uses the product for files containing “Protected Health Information” (PHI). This core competency should make My Docs Online an attractive partner for adding ad hoc file delivery to a variety of EMR, EHR and other medical applications.

My Docs Online Secure File Delivery includes the following features and options:

  • Branded web page listing the files being delivered
  • Optional PIN or password
  • HIPAA compliant
  • SSL standard for all connections
  • Files encrypted at rest using AES256
  • Default file delivery expiration in days with override
  • Control panel enabling checking of delivery results, link reuse, and delivery cancellation
  • Delivery results query via API
  • Delivery cancellation via API

Details and documentation.

(disclosures)