In 1994, TV journalists Bryant Gumbel and Katie Couric famously didn’t know the difference between a web and an email address. Twenty-one years later, many of us have the same beginner’s confusion about cloud computing services, or Enterprise File Sync and Share (EFSS).
Get the Free Pentesting Active
Directory Environments e-book
One reason why consumer file sharing services like Dropbox have become so popular is simplicity. Anyone–even Katie and Bryant–can store copies of their files online, sync files across all of their computers, and effortlessly share data with coworkers and friends.
Simple, but not necessarily safe. Before signing up for an account, you should know that public file sync and sharing does have security risks.
Here are three to keep in mind:
1. You’re trusting a third party
Data stored in a public cloud is, by definition, managed by a third party. And with over 10,0001 cloud providers of one sort or another competing for your business, choosing the wrong one can be damaging to your data. When a cloud provider goes out of business, how do you get your data out? How long does that take? Who holds the encryption keys? Can their employees access my data? Read the terms of service carefully to understand what the risks are.
When it comes to public cloud computing, many customers often share virtualized resources – the same CPU, memory, and namespace. This scenario can be dangerous if there happens to be a multi-tenancy exploit: hackers or even another tenant on the same box peeking into your data or impersonate the identity of other clients.
3. Data Ownership
Often the customer’s data doesn’t belong solely to them. Many public cloud providers state in their contracts that the data stored is the provider’s data, not the customer’s.
Private and Hybrid Cloud
A primary reason why private and hybrid (public/private) clouds are so popular is that they pretty have much the same capabilities as the public cloud, but can keep data isolated either in your network or a network that’s, well, virtually yours.
Private and hybrid cloud EFSS solutions also have some potential gotchas. Here are four to consider:
1. Duplicate Data
If you have data on your existing file servers or NAS that you want to access remotely, some private cloud vendors will make you duplicate the data and move it to a separate repository in order to sync and share it. Besides being disruptive to all your existing processes that rely on the data remaining in place, another major drawback to this approach is that remote users’ changes won’t automatically sync back to the file servers that LAN users are accessing. Result: duplicate, out-of-sync.
2. A “Window” to Your Data
OK, so you found a private EFSS product that doesn’t require that you move your data, rather they give you a “window” into your data in-place. Great, right? Don’t be so sure. The whole idea of EFSS is that your files sync to your devices, but often times a “window” into your data means you can browse the data on your network file servers but they won’t automatically sync to your devices, which can be a deal-breaker – especially for remote users that need to work where internet access is spotty.
3. Reworking Permissions
How much time did it take to get your existing permissions and Active Directory users and groups configured correctly? Surely you don’t want to throw all that work out the window! Make sure your private or hybrid cloud vendor isn’t going to force you to setup all new access control rules using their application. Leveraging Active Directory for authentication and respecting existing permissions is vital—maintaining one user repository is hard enough.
4. VPN Inefficiencies
Does your private or hybrid cloud require VPN connectivity? Availability and performance of the VPN are difficult to control as VPN speeds can be slower than a traditional connection and unreliable networks make staying connected to VPN harder. Mostly though, connecting to a VPN is inconvenient; it’s at best an extra step for the end user, and at worst really cumbersome. The outcome? You’ll find that users revert back to email or transferring data via their personal cloud accounts because it’s faster.
…is there an alternative?
Yes! There’s Varonis DatAnywhere, a solution that can cloud-enable your existing storage. Why move terabytes of data into the cloud when you can get the benefits of file synchronization and secure collaboration with the hardware that already hosts your corporate data?
Private cloud benefits include:
- Definitive copies of files are always stored on corporate storage
- No one gets permission to shared data unless they already have it
- Users authenticate to Active Directory or LDAP and there is no need to reconfigure or replicate permissions
- IT controls speed, availability, and security
- Secure external collaboration using pin code.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Michael has worked as a sysadmin and software developer for Silicon Valley startups, the US Navy, and everything in between.