A question that we often get around here is whether or not file-sharing services such as DropBox, YouSendIt and Google Docs are secure enough for business. If you use any of these services for your business, here’s the scoop…
Treat DropBox As A Public, Shared Environment.
DropBox (and the others mentioned above) is designed to easily share very large files – ones that are not optimal for e-mail because they’re so huge. Examples include videos, audio files, large PDFs and graphics files. These services are typically free (or very cheap), and you shouldn’t have the expectation of great security for this price.
But an increasing use of these tools, even for legitimate reasons such as collaboration, is putting a lot of private information at risk. According to a recent Ponemon study, 60% of organizations have employees that frequently put confidential files on services like DropBox without permission. In fact, companies such as IBM have banned the use of these services completely.
When Does Or Doesn’t It Make Sense?
When you have a file that doesn’t need to be secure and simply needs to easily and quickly get from point A to point B, then DropBox can be a viable solution. On the other hand, you would not send or store any sensitive files, such as contracts or financial statements, on DropBox. These services are also not safe for any files subject to government compliance regulations such as PCI, HIPAA, SOX, Sarbanes-Oxley or HITECH. These file-sharing solutions are NOT compliant.
What To Use Instead
If you need to transfer files outside of your network and need to do so securely, some options to consider are:
- Creating a secure FTP site
- Use 2-factor authentication rules
- Be sure to have audit logs involved to monitor the security of your data
