Thursday April 24th 2014 | 11:53
Cloud-based collaboration: Golden goose or white elephant?
Have you ever stopped to consider the sensitivity and potential value of the information you disclose using one of the many widely available, online collaboration and file sharing websites?
The go-to solution for multiple email threads and file transfers, as well as for improved project and document management between co-workers and external third parties, collaboration sites have grown in prominence within business. Offering the ability to edit in real time and check in / check out documents, these sites seem to solve many business challenges, such as efficiency, cost overheads, and sharing information from private networks without numerous emails and file transfers.
While these sites all claim to have invested heavily in security and authentication mechanisms designed to keep user data safe, recent stories in the press have caused many to question this:
Understanding the security threats
Typically, security breaches can be routed back to one of the following causes –or in some cases, both.
By their very nature, collaboration platforms have been designed with ease of access in mind. Internal and external access to documents and information enables users to share content and work collectively on files, which in turn offers substantial efficiency and cost saving potential. However, if insufficient access control mechanisms are put in place, the risks to data protection can be significant.
In many cases, once a user has gone through the initial authentication process steps, there is nothing to stop them from sharing personal or commercially sensitive data with an extended group of external third parties. Additionally, with no auditing or tracking capabilities, in many cases an organisation’s IT team will have little to no visibility over what information has left the corporate network.
This reduced control also extends to the types of devices and applications that are used to access the data. With links being forwarded to different email addresses, for instance, sensitive information can be downloaded onto personal laptops. This is not only a concern due to potential malware or viruses existing on these devices, but also means that individuals can continue to access certain information after they have left a project or, even, the company.
The hacker / cyber security threat
The recent disclosure of the Heartbleed bug and the ease with which hackers have bypassed the security / authentication mechanisms of many websites that were previously perceived as secure raises a more fundamental security concern. As Dropbox found out when they were hacked two years ago, the consequences of unpermitted users gaining access to unencrypted data can be disastrous. An attentive reading of the security credential webpages of many online collaboration service providers shows that although they may have taken measures to protect data in transit using TLS, very few have taken steps to encrypt information at rest.
A secure approach to online collaboration
These factors pose significant threats to data security – however, they shouldn’t be used as excuses to avoid collaboration through Cloud-based service providers. Organisations should be able to take advantage of the benefits offered by online collaboration sites, such as time and cost efficiencies, without compromising their data security.
Investment must be made in suitably secure platforms. Sensitive data needs to be encrypted both in transit and at rest, and appropriate access control mechanisms need to be implemented so that organisations and central administrators have full visibility and control over who accesses information – including the ability to restrict the access rights of those no longer relevant to the project, such as ex-employees. Online collaboration shouldn't be an issue that makes senior management and IT departments uncomfortable. The benefits of Cloud services and data protection shouldn't be mutually exclusive.