Secure Your Files in the Cloud

This guest blog was contributed by Bill Melo | 6/24/13
Mobile devices and the use of cloud collaboration services are growing rapidly. This is true when it comes to sharing information among business partners, customers and even internal users. It’s very easy to drag files on a PC into a folder and access them from a smartphone, tablet or another computer. It’s also easy to sync information among multiple devices quickly. I love that I can save something on my iPad and have it available almost immediately on my laptop or a partner’s device.

Using cloud-based collaboration tools like Dropbox or Google Drive makes it easy to share documents with anyone, but it can be risky if you put confidential information into them. It’s great to pull up a customer contract on your iPad, but if you accidentally share it with the wrong person, you could have legal and financial troubles.

The recent revelations about the top-secret program at the National Security Agency (NSA) that collects emails, documents, photos and other material for agents to review makes this all the more relevant. The NSA PRISM program is intended to enable the U.S. government to gather information on terrorism and other threats to the United States. Part of this process is to go through the court system as defined in the Foreign Intelligence Surveillance Act (FISA) to get permission for electronic surveillance. Apple, Facebook, Google and Microsoft may have helped the NSA with data collection as part of this process. This raises the question of whether your personal files in the cloud are truly secure.

Many organizations are locking down access to mobile devices, but this doesn’t protect the information on them if someone syncs files to the cloud. Local encryption is important, but when the file moves to the cloud, you lose control of it. A colleague, customer or your service provider could send that file anywhere, and at that point, anyone could grab it. It’s like locking your front door but leaving the key on the front porch.

Restricting access to mobile devices is good, but you need to focus on protecting the files themselves. By applying a persistent security policy to your files, you maintain control of them. You decide who can view, edit or print your files no matter where they are. You have the same control whether the files are on your laptop, a mobile device or in the cloud. If you want to remove access to them, you can do it with a few clicks.

Let’s say you have a credit application that you need to share with a customer and some internal people. You want to make sure that only your customer’s finance department and your internal credit group can access it. This file most likely has bank account and routing information in it, and you want to make sure it’s secure. You can apply a security policy that allows your customer to edit the document and your credit group to read it. No one else should have any access.

An easy way to share it is through a cloud-based collaboration tool like Dropbox. By encrypting it with a security policy, you protect the document no matter where it is or who has it. If someone at another company – or even the government – were to get the file, it would be useless to that person. The security policy ensures that only authorized people have access to it.

Sharing documents through cloud services is convenient. To protect yourself against possible privacy intrusions, though, you need to encrypt sensitive files before putting them in the cloud. You never know who will want to access them. You need to control your files no matter where they are, especially since moving files from mobile devices to the cloud and back again is so simple.

It’s always better to be safe than sorry when privacy is at stake. Before you copy a file to the cloud, lock it down. It’s the best cloud security there is.

 

Bill Melo

Bill Melo is Toshiba America Business Solutions, Inc.’s vice president of marketing, services and solutions. In this capacity, Melo oversees product marketing, managed and professional services, marketing communications, training, and service support and operations.