You might have read about the recent Dropbox hack. This is not the first time this has happened to Dropbox, and most cloud file-sharing services have been hacked at some point, including FileDEN, YouSendIt (now Hightail), EverNote, and iCloud. Due to this concern, Dropbox, for example, introduced two new security features as a result of the attack last year, both of which were defeated in this recent attack.
Why are hackers going after cloud file-sharing services? Three reasons:
- Files are where the “important” data is AFTER databases (hence injection is in OWASP Top 10 List at #1)
- Cloud security is still in its nascent phase and needs a lot of work
- Hackers know about #1 and #2 above
With security being a major concern for enterprises, it’s important to understand the building blocks for an enterprise cloud-based file-sharing service. They are:
- Performance and
There is a striking similarity between the building blocks above and Elon Musk’s Hyperloop. All the three aspects are extremely important to make Hyperloop a success - security: because people want to feel safe while traveling in capsules; performance: because they want to get from San Francisco to Los Angeles in 35 minutes; and integration: One of the biggest arguments against Hyperloop due to unproven technology and unrealistic costs for its integration with existing infrastructure.
Looking back at the cloud file-sharing problem, enterprises are also struggling to find a solution that can deliver on all three building blocks. Let us briefly talk about each one of them:
Thanks to all the hacktivists, Anonymous groupsand LulzSecs of the world, security is a board-level agenda now. Security budgets have tripled in the past decade. Many MSPs have created MSSP offerings to tap into this budget increase. An organization’s security is as strong as the weakest link, which in most cases, is the end user. This weakest link has access to all the files containing financial, research, customer and intellectual property data. If this user decides to upload all these files on an unreliable cloud file-sharing site, maliciously or unknowingly, and organizations don’t have proper tools to monitor, audit and control this activity, they might be the next in the news of latest breached companies.
You can always make security important and encrypt everything, use 2/3/4…/N-Factor authentication, and only allow VPN access to data, etc. This is exactly the time when you should bid goodbye to employee productivity and fast access to data. Today, users want ultrafast access to their files from ANYWHERE, ANY TIME and using ANY device (smartphones, tablets, computers, “phablets,” and probably “phabluters” in the future). If data can be accessed from the server sitting in the closet right across the hall, they won’t appreciate downloading a 350 MB video file from the cloud-only file-sharing solution over a slow bandwidth link, which would probably take 100 times longer.
Seamless integration with the existing infrastructure
This is one other piece that differentiates consumer-oriented file-sharing solutions (the ones that have “box,” “drive,” “sync,” and “share” in their names) from enterprise offerings. In an enterprise scenario, 80%-90% of existing files need access, sharing and collaboration capabilities. These files are already stored in some local NETGEAR, NetApp or EMC NAS. It would be a nightmare to re-upload all of these files one by one to a CLOUD ONLY file-sharing solution as compared to an automated in-place sync using an enterprise-grade solution. This hybrid approach enables the flexibility and accessibility of the cloud with the security and control of local storage.
Unreliable consumer cloud file-sharing solutions are getting very popular among the enterprise users and for that reason, among hackers as well. Enterprise IT teams need to provide their users with a solution that is simple to use and at the same time allows enterprise-grade visibility, auditing and security. MSPs can easily increase their revenue multi-fold by selling these enterprise-grade file-sharing solutions along with other storage/security solutions they are already selling.
Varun Kohli heads product marketing at Egnyte.