Posts from ‘Person-to-Person’
In my many travels visiting customers and IT professionals around the world, I ask a simple question, “What do you do when you have to send a file to someone that’s just too big?” They ask me how big is big? I say too big for your email or even worse, something that is too big for the receiver’s email. These attachments are typically large powerpoint files, spreadsheets, uncompressed images, media files or even databases. With a sheepish grin people usually tell me they use one of the free email services, like GMail, MS Live or Yahoo. However, recently the answer has shifted. I’m now being inundated with business users and IT professionals professing their love for Cloud services such as DropBox.
In all fairness if you look at my iPad (peeling it from my cold dead hands) you will see my Dropbox app and PAID Dropbox account. So it’s unnerving for me to think about the four hours on Sunday when Dropbox left user accounts unlocked and you could access anyone of the 25 million users’ accounts and data… Including mine. Yep, just type in an email address and use any password you want and it’s all yours.
According to Dropbox there wasn’t any nefarious activity but if YOUR COMPANY’S information was on there – legitimately or illegitimately – you just had a data breach. So I was a breach victim… And if I had any Ipswitch IP on the servers, the breach is extended accordingly. To Dropbox’s credit, their business is all about collaboration and file syncing, not governed file transfer or managed data at rest. In the end, some of these types of Cloud services will eventually get enough of it right to secure their future. Some will last, many won’t.
Regardless, how are you going to handle your data breach this morning? I’m headed over to my bosses office to explain my brazen disregard for corporate data. He’ll probably buy me a new iPad2 that’s locked down (wishful thinking) and order IT to set up a more secure way for me to be mobile with my documents (more wishful thinking).
Ipswitch has been cautioning companies about the dangers of private/confidential information being sent through Google (and other hosted and person-to-person services), both from a security and a responsibility perspective.
Last week’s GMail hack further drives home the point that organizations must proactively manage and have visibility into what information is being shared with service providers and how information is being sent between people.
Don’t let your guard down and simply treat the cloud as just another internal resource…. They need to be properly managed and governed just like any other third-party.
Ipswitch’s Frank Kenney recently concluded a 4-part webcast series on integration. It’s not too late to watch a replay of it. In parts 3 and 4, Frank talks through the issue of relying on cloud providers and provides tips for managing and governing cloud and person-to-person interactions.
Google revealed yesterday a targeted phishing attack from China against hundreds of GMail users, including government officials and military personnel. The FBI, Department of Homeland Security, and the White House National Security Council are all participating in an investigation of the cyber attack.
My hope is that this breach will serve as the wake up call that public and private businesses need to start enforcing policies around personal email. According to an Ipswitch survey at the InfoSec Europe conference, employee use of personal email is still a major problem. Nearly 70% of respondents send classified information (including payroll and customer info) via standard email every month… And 40% admitted to sending confidential information through personal email accounts specifically to eliminate the trail of what was being sent to whom.
Have you provided your employees with a simple tool to send large and confidential files? Do you have visibility into what is being sent and to whom?? Do you have a documented AND enforced policy around using personal webmail accounts from work computers???
Employees have proven over and over that they will ‘do what they need to do’ in order to be productive. It’s critical that organizations provide simple, safe and auditable tools that enable employees to collaborate and share files. It’s equally important that they govern employee activities to mitigate data risk by increasing visibility, control, compliance and security.
“Google has asked for U.S. government support against censorship, but the government’s response has been to ask companies to take responsibility. If Google does have an ulterior motive, it’s likely to be to pressure the U.S. government to take a more active role in defending U.S. companies in markets like China that present obstacles to fair competition.
Google is urging Gmail users to review their account settings to make sure they’re secure, but Kenney suggested Google could do more to alert users when their accounts are accessed from an unfamiliar IP address or when their accounts have been configured to forward messages.”
Great question asked by Wayne Hemrick at ArticleSnatch. In his answer to “How would you send large files in an ideal world?”,Wayne touches on a few very important considerations when thinking about person-to-person file sharing, including: ease-of-use, large file size, and security.
I agree that the ability to easily send ginormous files is only part of the problem that a business should be looking to solve. It’s no secret that people need to send other people files as part of their jobs. In many cases, these files contain information that is sensitive and confidential. In my opinion, the real issue is that business users lack a way to ensure the security of these information exchanges.
Wayne correctly points out that many of the currently used tools are insecure, inefficient, complicated and some even require the intervention of IT professionals. But the growing risk of privacy loss and data breaches has made the security aspect of sending files a top concern. Organizations need to demonstrate to their customers that they understand this and are taking steps to address it.
Businesses require a simple file sharing solution that:
- Enables employees to easily send files (any size, any type) to other people
- Lowers company risk by securing and protecting internal and customer information
- Provides visibility into what happens after file is sent for auditing and compliance
The ideal solution must provide for guaranteed and trackable file delivery that your business can rely on.