Cloud vs. On-premise File Sharing for Business: 4 Keys to Data Security (2/3)

02/08/2015 / 0 Comments

Understanding the advantages and features of cloud-based file sharing vs. running a private cloud on your own servers can help you keep your sensitive business data out of the hands of cybercriminals and attackers.

When evaluating your options for choosing a cloud-based or on-premise solution for secure file sharing for business, there are four important factors to keep in mind when data security is your highest priority.

 

1. Control of Files and Infrastructure

The first issue to consider when deciding between cloud or on-premise file sharing for business is control of your files and how they are stored and accessed.

A cloud-based file sharing solution can be a very convenient option, especially if your business prefers to rely on third party hosting and infrastructure rather than take on the responsibility of storing files and running a sharing service on your own architecture. Also, the right third party vendor will have specialized security expertise, advanced cryptography, and convenient tools and administrative controls that make it easy to protect your critical business data and manage your file sharing service through the cloud.

This is extremely important because, with many cloud services, you may never know whether your data are always encrypted and how your vendor’s data centers are protected. You may not know who ultimately has access to your data, including your provider’s internal personnel.

This is why it is critical to ensure that your chosen service offers comprehensive encryption and additional access security that ensures that unauthorized users or individuals can never gain access to your data. For example, a provider should use a shared secret mechanism that requires the simultaneous approval and authentication of multiple administrators in order to access the encrypted server keys for its data center servers.

Of course, if your business prefers to have total control over your data and the architecture and services that provide file sharing, an ideal third party will also offer the ability to install and run its solution on your own servers and behind your organization’s firewall.

This provides a private cloud file sharing solution that gives you full control over the underlying architecture and ensures that your data are not stored on external servers or stored along with data from other businesses. Moreover, with an on-premise or private cloud installation, you always have total control over the user database and all user accounts for your file sharing solution. And you can get the added security of your own shared secret mechanism so you can limit access to your server keys and require the simultaneous approval by multiple authorized individuals to access them.

Another key consideration here is that, if your total data volume exceeds the thresholds for various pricing plans from your third party cloud sharing service, it will often be cheaper to operate your own on-premise solution, even if you have to purchase an on-site license from your provider.

An additional benefit of an on-premise deployment is that your own private cloud server can be integrated into your data backup and disaster recovery strategy. For example, you can configure your in-house file sharing server to store or back up its data at regular intervals on another server or even on an external hard drive.

 

2. Integration and Customization

Cloud-based file sharing solutions are usually scalable in terms of your data storage and sharing needs. When using a proper third party vendor, the required back-end infrastructure and your files will be hosted on high-capacity, high-speed servers that can easily accommodate larger scale file storage and larger volume file sharing. The architecture is already available and maintained by your vendor, and it can be adapted and customized to meet your changing needs.

However, this does not provide any way to integrate cloud file sharing with your own servers and architecture, and the only ways that you will typically be able to integrate cloud file sharing with your other applications is by using third party software that includes support and functionality for syncing and sharing data with your third party cloud sharing service.

You will also not have the ability to customize your end user experience with private labeling or branding, so you will be confined to simply using applications and user interfaces that are branded by your third party provider.

If integration and/or customization options are important for your business, a private cloud file sharing solution will provide the best results. For example, with an on-premise installation, an expert vendor can work with you to integrate your file sharing service with other applications by using an API that allows those applications to store data securely in your own private cloud.

This allows you to extend file sharing functionality throughout your organization with internal integration rather reliance on separate, external applications. And, if your provider uses next-generation authentication technology, such as public key infrastructure, access to data stored by your applications can be kept completely secure by avoiding the use of passwords and other sensitive credentials that enable cyberattacks against user accounts (we cover this advanced form of user authentication in detail below).

As an additional benefit, deploying private cloud sharing can allow you to customize your user experience and brand your file sharing service with your own company name, logo, and color scheme. You can even assign a custom URL to the web-based interface for your on-premise file sharing service, like www.yourcompanybox.com.

 

3. User Authentication

Even if your chosen solution offers data encryption, if user access is not sufficiently protected and an employee’s user account is compromised, then no amount of encryption will keep your business data secure.

Unfortunately, most file sharing solutions provide clear opportunities for user accounts to be compromised because they use traditional ID and password combinations to protect user logins. This is an outdated and dangerous method that is easily thwarted by brute force hacking, malware, and phishing schemes, and it flies in the face of an increasing consensus among tech industry leaders and data security experts who have called for the death of the password.

Any solution that uses passwords during the authentication process is not only potentially insecure but also invites attacks by using sensitive credentials that attackers target in an effort to steal them, use them to gain access to files, and to potentially gain access to user accounts for other services that are secured by the same credentials.

Some cloud file sharing solutions, like Dropbox, now offer two-step verification as an additional option to require a second authentication factor to secure user accounts. However, this is typically an optional security measure that is invoked only when the user attempts to connect to the service from a new device. Thus, if an attacker is able to take over a user’s computer, then the required application or cookie for user recognition will likely be present, and this can allow the attacker to easily access the user’s file sharing service and steal sensitive data.

Moreover, the standard method of two-step verification or two-factor authentication, which requires that the user receive a one-time code (OTC) or one-time password (OTP) via SMS text messaging or a telephone call and then enter it through the login process, is still highly vulnerable to cyberattacks. Man-in-the-middle attacks and SIM card cloning have already proven capable of bypassing and defeating two-factor authentication, including in a recent data breach involving Swiss banks and other financial institutions in Europe.

Ultimately, to ensure that your business data are protected, it is critical to work with the right vendor and to use next-generation authentication that is compliant with emerging industry standards, such as those recommended by the FIDO Alliance, a consortium of tech companies and other stakeholders in data security that includes Google, Microsoft, PayPal, Visa, MasterCard, and Bank of America.

These specifications call for authentication methods that eliminate passwords from the login process and use advanced cryptography, such as public key infrastructure (PKI) and mobile software push authentication. As with comprehensive encryption, this type of authentication is available for both cloud and on-premise file sharing solutions, but, to date, only one solution has offered both of these security features.

 

4. Data Encryption

When using a third party solution for cloud-based file storage and sharing, data security and encryption are provided in the cloud. If the right cryptography is used, such as AES-256 encryption at every moment of storage and transfer, a cloud service can offer powerful security that will ensure that your data cannot be comprised.

However, most cloud file sharing solutions do not provide this level of security and are prone to temporarily expose data in unencrypted form.

A perfect example of encryption vulnerability is the infamous data breach involving customer payment data at Target Corporation. Although this incident did not involve a file sharing service, it illustrates the huge risk of allowing data to be unencrypted at any moment, which is a risk shared by many popular file sharing services.

After compromising a user account and gaining access to Target’s payment system servers, hackers were able to deploy malware to ‘scrape’ and steal payment card data while it temporarily resided in unencrypted form in compromised systems’ memory. Many popular cloud file sharing solutions have similar vulnerabilities, so it is possible for hackers to use similar attacks to steal data while files are temporarily unencrypted and exposed.

Whether you choose cloud file sharing or an on-premise, private cloud file sharing solution, if you want to achieve the strongest possible security for your business data, then you need to make sure that your chosen solution provides encryption to protect your data at every moment of uploading, downloading, storage, and transfer.

This comprehensive encryption is available in both cloud and on-premise solutions, but the advantage of deploying an on-premise solution with this level of security is that it also provides on-site convenience and control, with administrative tools and reports that allow businesses to more closely monitor user activity.

 

More Key Considerations

In our next blog post, we will discuss four more keys to evaluating cloud vs. on-premise file sharing, with a focus on additional practical issues that IT administrators and stakeholders should consider.

In the meantime, if you have questions about choosing the right solution for your business, we can help!

 

Contact Us for Expert Advice and Consultation

Our security engineers can provide insight and assistance in deploying secure cloud or on-premise file sharing to protect your enterprise data. Contact us today to request a free consultation and to learn more about our SecSign Portal solution, which delivers secure file sharing with PKI authentication for business.

To request your consultation, please visit our Contact Us page and submit your request, and one of our representatives will be in touch with you within one business day.

 

About SecSign Technologies

SecSign Technologies is a sister company of SecCommerce Informationssysteme GmbH, a pioneer of cryptography solutions with more than 16 years of experience in developing data encryption, public key infrastructure (PKI), electronic signature, and smart card technologies. Our security experts and cryptography engineers have developed, deployed, and maintained systems that have successfully protected confidential business data and user access for numerous major corporations, including IBM, Siemens, Johnson & Johnson, Fujitsu, T-Systems, BMW, and Audi.

Do NOT follow this link or you will be banned from the site!