Secure file sharing - five success factors

Central file sharing solutions promise companies fast, simple and device-independent file exchange. Employees can easily access, synchronize and share all the files they need, whether they are stationary or mobile. 

But not all file sharing is the same. To ensure efficiency, security and compliance with legal requirements, companies need to consider a few key aspects. The file sharing specialist ownCloud explains the key success factors:

1. do not move mission-critical files to public clouds. Many companies use US public cloud solutions such as Dropbox, Box, Google Drive or Amazon Drive for file sharing. In doing so, they give up sovereignty over their data. They have no control over the storage location and have to accept losses in security and data protection. Since US providers are subject to the Cloud Act, DSGVO-compliant data storage is not possible with them. Therefore, companies should set up a solution where the files can remain on their own servers or in data centers of their own choice.

2. encrypt files even during transfer. To protect files comprehensively, end-to-end encryption is also required, covering the entire transport route. Files can only be decrypted on the end devices of the sender and recipient. In this way, they are protected even if an unauthorized third party should succeed in penetrating a server. This also renders so-called "man in the middle" attacks, in which attackers attempt to spy on data during transmission, ineffective.

3. protect sensitive files by classification. To protect particularly sensitive documents, the file-sharing solution should also offer the option of defining specific rules for certain files or folders - for example, which user groups are allowed to access them, how long they should be accessible, or when a file should be deleted. This not only protects trade secrets; personal data that is subject to the GDPR can also be separated from the other data and treated separately in this way.

4. provide transparency with file versioning and activity view. If several employees are involved in a project, they must be informed about the current status at all times and be able to track all changes. Therefore, the solution should provide a file control and versioning system that backs up files, displays their history, and ensures that employees always have access to the latest version. In addition, they should be able to edit a file simultaneously with special editors, keeping track of all changes in real time.

5. promote the solution through the management. If a company has a suitable solution in place, that does not make it a no-brainer. There is still a risk that employees will operate a shadow IT system and use insecure file-sharing services on their own initiative; or handle equally insecure e-mails and USB sticks when exchanging files. That's why the solution should be driven from the top and embedded throughout the organization from there. Executives should lead by example and use the solution themselves with full conviction.

"If companies approach the topic of file sharing correctly, they can kill two birds with one stone: increase productivity and security in the company in equal measure," says Tobias Gerlinger, CEO of ownCloud. "They create a modern way to manage unstructured corporate data in a controllable, centralized and flexible way, while protecting it comprehensively."