secure file sharing basics - what every file sharing provider should have
TRANSCRIPT
With the cloud being an essential part of so many IT organizations, best practices have emerged to help IT evaluate the right vendors’ ability to meet mission critical security needs.
The following slides outline the basic cloud features any vendor should have, as well as basic and advanced security measures.
This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014
STOREStore files with user-controlled recovery
SYNC Silently sync local directory with the server
SHAREShare in/out of the organization at a file or folder level
VIEWHas an in-browser viewer
Basic Cloud File Sharing Features
COLLABORATECan add comments on documents in a web interface
WEB/MOBILE SUPPORTCan access files from web/mobile
INTEGRATE VIA APIsAble to integrate directly with other platforms
MANAGE CONTENTOrganize files and folders, manage versions, and check-in/check-out
DATA CENTER SECURITYIncludes physical controls, logistical controls, and third party certifications like SOC 2 or ISO 27001
BUSINESS CONTINUITY Provider has a plan for catastrophes such as power outages
APPLICATION SECURITYFree from vulnerabilities to SQL injection, CSS, CSRF and other application and business logic attacks
Core Security Features:
Security Baseline
INTERNAL CONTROLS Well-documented internal controls to prevent outside/inside attacks
TRANSPARENCY, STAFFING AND DOCUMENTATIONIncludes a dedicated team, transparent operations, and good documentation
ENCRYPTIONAll customer data should be encrypted at rest and in transit
Core Security Features:
Identity and Access Management FeaturesSERVICE IDENTITYWhen sharing documents externally, collaborators should not be required to register with your internal identity provider.
FEDERATION AND SSOSupport internal identity for automatic registration with the service. SAML is preferred.
TWO FACTOR AUTHENTICATIONUsers are required to enter a second piece of ID
AUTHORIZATION AND ACCESS CONTROLSPermissions should be at the directory, subdirectory and file level and integrate internal, external and anonymous users
DEVICE CONTROL MANAGEMENTAdministrators can manage which devices users use to access the system
CENTRALIZED MANAGEMENTAdministrators can manage all permissions and sharing through the web interface
COMPLETE AUDIT LOGSContains user, device, file accessed, activity performed, and metadata such as time and location
LOG DURATIONDoes it ever expire?
LOG MANAGEMENT AND VISIBILITY How do you access it and how easy is it to use?
INTEGRATION AND EXPORTYou should be able to export the logs and integrate them with other logs
Core Security Features:
Audit and Transparency
With a centralized service, you can easily track down files and logs to determine if leaks happen. This is a powerful security feature.
Search features let you search your entire index for keywords or content.
Advanced Security Features:
Universal Search and Investigation Support
Advanced Security Features:
Client-Managed Encryption
In both cases you will need your own Key Management Infrastructure
Two Options For Client-Managed Encryption
Cloud platform endpoint agents handle encryption
Cloud platform manages encryption in their backend, but offers key management to enterprise users. Customer has exclusive access to encryption keys.
1
2
Advanced Security Features:
Data Loss Prevention
Advanced Security Features:
Information Rights ManagementDEFINITION: Limiting usage of a file according to access policies
EXAMPLE: • You can let someone view a file, but not email, share or
download it• Protects against copy and printing
• Good data loss prevention will include full-text indexing and search + audit log of all activity associated with a file. Third-party DLP integration may provide more capabilities.
• Bonus points for real-time monitoring of content
Advanced Security Features:
Device Security
Advanced Security Features:
API SupportRobust APIs are quickly becoming standard. They should be able to integrate with all tools, future and existing.
• Restrict access only to approved devices
• Prevent offline access
• Prevent data leakage through copy/paste and “Open in” other applications
Advanced Security Features:
Security Tool Integrations
STANDARD INTEGRATIONS:
• Cloud security gateways
• eDiscovery
• Data loss prevention (DLP)
• Mobile device management
• SIEM/log management
For more information:
Download: The Security Pro’s Guide to Cloud File Storage and Collaboration
This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014