MPEG. PDF. DOC. or JPEG. – in a digitised world, data transfers and sharing files are as normal as changing socks. For private use, it might not be a big deal which provider one decides on. As for a business however, the risks are greater. The wrong provider can jeopardise the security of confidential material!
In a world where 70% of UK firms will allow their employees to work remotely (Statistics: Charity Digital News/Sage), transferring files over cloud services is a great way to stay connected with other remote workers. However, there are concerns businesses should have regarding the provider their employees choose to work on.
Though it is reducing cost, using a free software for storing and sharing confidential documents is not the best way to go in terms of data protection. The user is often not informed where exactly their data will be physically stored, and there’s risk of data theft due to vulnerability in other files on the same platform.
The security risks taken when using a free, non-certified solution to transfer documents can also be hidden behind a branded name. Dropbox, Google Drive and Yahoo’s cloud are just some of these. A couple of years ago, the commonly known cloud provider Dropbox was exposed to a cyber-attack. It resulted in leakage of 68 million user accounts and their information. Thus, showing a lacking security protocol by said company. This type of breach has also been the case for Yahoo and Google, which both have their cloud services frequently used for business purposes.
The security risks of free software
It’s easy to think that because a provider is popular, it is using encrypted data transfer and therefore is a safe solution. That is not always true either. There are still occasions where data can be subject to unauthorised access. The explanation according to the Information Commissioner’s Office (ICO) is that metadata isn’t always encrypted, depending on the web-host or software. Some cloud storage providers are not even as safe as they are portrayed to be. Sometimes passwords or encryptions are only put in place to ease the users mind, but very easy for hackers to get through.
There’s a new type of cyber-attack called « Man in the Cloud » (MITC) where hackers access a cloud service through the easiest obtainable cloud account names and passwords. No hard code necessary or synchronisation protocol to get by; Once the hackers are in, they can access all they need from any account on the cloud. That is the main reason never to trust a cloud service without proper certification and encryption.
What to consider when choosing a certified or non-certified provider
Some of the non-certified providers do offer a simple type of encryption or authentication giving a false sense of security. Though they still can’t promise to keep the data safe. When sharing, identity assurance and password protection are not enough as the MITC-hackers can get through it. There also needs to be a valid server certificate in use to ensure that the provider is secure and will withstand cyber-attacks.
With an uncertified solution, no one can account for where the information goes through, or where it is being stored. With a certified solution, depending on provider, one can trust that the documents are kept safe.
Here are some of the important points to think (and ask!) about before choosing which provider will store and share your files:
- Make sure all data is accounted for
If a provider only covers for the document security but not the metadata, then the security is not strong enough. Be sure to ask these questions before choosing to go with a solution.
- Price is not a guarantee
When paying for a service, normally there’s an assumption that it will guarantee the most secure solution possible. Unfortunately, that is not always the case. The encryptions used by the software can be a good indicator to understand if a solution is safe or not. The AES-256 encryption is the most frequently used Advanced Encryption Standard today, and it has the most secure encryption algorithm on the market.
- Where are the servers allocated?
All might be fine and dandy with the security of a provider. However, if your provider has their servers in the US, they are placed under the Freedom Act. Documents are not necessarily unsafe when stored in USA, but can then be subject to governmental control and end up in hands of others anyway.
DiliTrust keeps you safe
Security is our number one priority!
DiliTrust MFT respects the different privacy, regulatory and security constraints of each customer and enables companies to monitor and keep track of all exchanged data. The solution uses AES-256 encryption. This Advanced Encryption Standard is the most frequently used today, and has the most secure encryption algorithm. Together with our secure and certified servers, we give insurance that the information stays safe.
DiliTrust MFT also offers full traceability of actions (usage and administration) and an integrated audit function (search interface and access to detailed traces) within the data transfer service.
You might also be interested in our article; Cybersecurity, crucial part of your Digital Transformation?