Top 10 Security Risks From Consumer-grade File Sync Services
Consumer-grade file sync solutions (referred to as CGFS solutions below) pose many challenges to businesses that care about control and visibility over company data. Below are ten of the biggest security risks that these solutions pose in a business environment:
1. Data theft
Because most consumer-grade file sync solutions are unable to control which employee devices can or cannot sync with a corporate PC, use of these solutions can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and in friends’ hands, exponentially increase the chance of data being stolen or shared with the wrong parties.
2. Data loss
Lacking visibility over the movement of files or file versions across end-points, most CGFS solutions can improperly backup (or not backup at all) files that were modified on an employee’s device. If an end-point is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file or any version for that matter.
3. Loss of accountability
Without detailed reports and alerts over system-level activity, CGFS solutions can result in loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious admin gains access to the system, hundreds of hours of configuration time can be undone if no alerting system is in place to notify other admins of these changes.
4. Loss of file access information
Consumer-grade solutions don’t track which users and machines touched a file and at which times. This can be a big problem if you’re trying to determine the events leading up to a file’s creation, modification, or deletion. Additionally, many solutions track and associate a small set of file events which can result in a broken access trail if a file is renamed, for example.
5. Compliance violations
Since consumer-grade solutions have loose (or non-existent) file retention and file access controls, you could be setting yourself up for a compliance violation. Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict controls over how long files are kept and who can access them.
Consumer-grade file sync solutions give carte blanche power to end-users over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information that can break privacy agreements in place with clients and third-parties.
7. Corrupted data
In a study by CERN, silent data corruption was observed in 1 out of every 1500 files. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most CGFS solutions don’t implement data integrity assurance systems to ensure that any bit-rot or corrupted data is replaced with a redundant copy of the original.
8. Data leakage
Lacking many of the aforementioned features, CGFS solutions prevent admins from properly controlling copies of business-critical data leaving the system. By default, consumer-grade file sync solutions promote the use of their applications on every end-point the user owns, and don’t consider the implications of data leakage due to excessive access across all devices. As a result, admins can find themselves in situations where they can’t account for the sanctity of restricted or confidential information when probed about the whereabouts of a file or how many copies exist.
9. Exploited software
Often having had dorm-room beginnings, CGFS solutions can result in sync clients that are easily reverse engineered and exploited. This makes CGFS clients prime targets for hackers looking to exploit communications between the end-points and intercept data on its way to the server. Avoid solutions that weren’t engineered by security-minded development teams with experience building enterprise-grade communications systems.
10. Client loss
Allowing clients to utilize consumer-grade sync solutions can lead to massive data leaks and security breaches. MSPs and VARs are the first and last line of defense for clients and their data. If security risks are tolerated, the client will likely blame their IT solution provider for permitting the risks to persist and will in most cases fire their provider.
With the increasing demand for cloud file sync solutions amongst businesses, it is important to consider the above risks before choosing a vendor. Look for vendors that mitigate these risks through proactive features that make it easy for MSPs, IT departments and end-users alike to avoid security pitfalls.
Ted Hulsy is VP of marketing at eFolder, which offers branded cloud backup, BDRs, cloud file sync, replication, and email security solutions designed for MSPs.