Secure File Sharing BasicsWhat every file sharing provider should

have

With the cloud being an essential part of so many IT organizations, best practices have emerged to help IT evaluate the right vendors’ ability to meet mission critical security needs.

The following slides outline the basic cloud features any vendor should have, as well as basic and advanced security measures.

This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014

STOREStore files with user-controlled recovery

SYNC Silently sync local directory with the server

SHAREShare in/out of the organization at a file or folder level

VIEWHas an in-browser viewer

Basic Cloud File Sharing Features

COLLABORATECan add comments on documents in a web interface

WEB/MOBILE SUPPORTCan access files from web/mobile

INTEGRATE VIA APIsAble to integrate directly with other platforms

MANAGE CONTENTOrganize files and folders, manage versions, and check-in/check-out

DATA CENTER SECURITYIncludes physical controls, logistical controls, and third party certifications like SOC 2 or ISO 27001

BUSINESS CONTINUITY Provider has a plan for catastrophes such as power outages

APPLICATION SECURITYFree from vulnerabilities to SQL injection, CSS, CSRF and other application and business logic attacks

Core Security Features:

Security Baseline

INTERNAL CONTROLS Well-documented internal controls to prevent outside/inside attacks

TRANSPARENCY, STAFFING AND DOCUMENTATIONIncludes a dedicated team, transparent operations, and good documentation

ENCRYPTIONAll customer data should be encrypted at rest and in transit

Core Security Features:

Identity and Access Management FeaturesSERVICE IDENTITYWhen sharing documents externally, collaborators should not be required to register with your internal identity provider.

FEDERATION AND SSOSupport internal identity for automatic registration with the service. SAML is preferred.

TWO FACTOR AUTHENTICATIONUsers are required to enter a second piece of ID

AUTHORIZATION AND ACCESS CONTROLSPermissions should be at the directory, subdirectory and file level and integrate internal, external and anonymous users

DEVICE CONTROL MANAGEMENTAdministrators can manage which devices users use to access the system

CENTRALIZED MANAGEMENTAdministrators can manage all permissions and sharing through the web interface

COMPLETE AUDIT LOGSContains user, device, file accessed, activity performed, and metadata such as time and location

LOG DURATIONDoes it ever expire?

LOG MANAGEMENT AND VISIBILITY How do you access it and how easy is it to use?

INTEGRATION AND EXPORTYou should be able to export the logs and integrate them with other logs

Core Security Features:

Audit and Transparency

With a centralized service, you can easily track down files and logs to determine if leaks happen. This is a powerful security feature.

Search features let you search your entire index for keywords or content.

Advanced Security Features:

Universal Search and Investigation Support

Advanced Security Features:

Client-Managed Encryption

In both cases you will need your own Key Management Infrastructure

Two Options For Client-Managed Encryption

Cloud platform endpoint agents handle encryption

Cloud platform manages encryption in their backend, but offers key management to enterprise users. Customer has exclusive access to encryption keys.

1

2

Advanced Security Features:

Data Loss Prevention

Advanced Security Features:

Information Rights ManagementDEFINITION: Limiting usage of a file according to access policies

EXAMPLE: • You can let someone view a file, but not email, share or

download it• Protects against copy and printing

• Good data loss prevention will include full-text indexing and search + audit log of all activity associated with a file. Third-party DLP integration may provide more capabilities.

• Bonus points for real-time monitoring of content

Advanced Security Features:

Device Security

Advanced Security Features:

API SupportRobust APIs are quickly becoming standard. They should be able to integrate with all tools, future and existing.

• Restrict access only to approved devices

• Prevent offline access

• Prevent data leakage through copy/paste and “Open in” other applications

Advanced Security Features:

Security Tool Integrations

STANDARD INTEGRATIONS:

• Cloud security gateways

• eDiscovery

• Data loss prevention (DLP)

• Mobile device management

• SIEM/log management

For more information:

Download: The Security Pro’s Guide to Cloud File Storage and Collaboration

This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014