Public Versus Private Cloud File Sharing: Pros and Cons

In 1994, TV journalists Bryant Gumbel and Katie Couric famously didn’t know the difference between a web and an email address. Twenty-one years later, many of us have the same...
Michael Buckbee
3 min read
Last updated October 6, 2022

In 1994, TV journalists Bryant Gumbel and Katie Couric famously didn’t know the difference between a web and an email address. Twenty-one years later, many of us have the same beginner’s confusion about cloud computing services, or Enterprise File Sync and Share (EFSS).

Public Cloud

Get the Free Pentesting Active
Directory Environments e-book

One reason why consumer file sharing services like Dropbox have become so popular is simplicity. Anyone–even Katie and Bryant–can store copies of their files online, sync files across all of their computers, and effortlessly share data with coworkers and friends.

Simple, but not necessarily safe. Before signing up for an account, you should know that public file sync and sharing does have security risks.

Here are three to keep in mind:

1. You’re trusting a third party

Data stored in a public cloud is, by definition, managed by a third party. And with over 10,0001 cloud providers of one sort or another competing for your business, choosing the wrong one can be damaging to your data. When a cloud provider goes out of business, how do you get your data out? How long does that take? Who holds the encryption keys? Can their employees access my data? Read the terms of service carefully to understand what the risks are.

2. Multi-Tenancy

When it comes to public cloud computing, many customers often share virtualized resources – the same CPU, memory, and namespace. This scenario can be dangerous if there happens to be a multi-tenancy exploit: hackers or even another tenant on the same box peeking into your data or impersonate the identity of other clients.

3. Data Ownership

Often the customer’s data doesn’t belong solely to them. Many public cloud providers state in their contracts that the data stored is the provider’s data, not the customer’s.

Private and Hybrid Cloud

A primary reason why private and hybrid (public/private) clouds are so popular is that they pretty have much the same capabilities as the public cloud, but can keep data isolated either in your network or a network that’s, well, virtually yours.

Private and hybrid cloud EFSS solutions also have some potential gotchas. Here are four to consider:

1. Duplicate Data

If you have data on your existing file servers or NAS that you want to access remotely, some private cloud vendors will make you duplicate the data and move it to a separate repository in order to sync and share it. Besides being disruptive to all your existing processes that rely on the data remaining in place, another major drawback to this approach is that remote users’ changes won’t automatically sync back to the file servers that LAN users are accessing. Result: duplicate, out-of-sync.

2. A “Window” to Your Data

OK, so you found a private EFSS product that doesn’t require that you move your data, rather they give you a “window” into your data in-place. Great, right? Don’t be so sure. The whole idea of EFSS is that your files sync to your devices, but often times a “window” into your data means you can browse the data on your network file servers but they won’t automatically sync to your devices, which can be a deal-breaker – especially for remote users that need to work where internet access is spotty.

3. Reworking Permissions

How much time did it take to get your existing permissions and Active Directory users and groups configured correctly? Surely you don’t want to throw all that work out the window! Make sure your private or hybrid cloud vendor isn’t going to force you to setup all new access control rules using their application. Leveraging Active Directory for authentication and respecting existing permissions is vital—maintaining one user repository is hard enough.

4. VPN Inefficiencies

Does your private or hybrid cloud require VPN connectivity? Availability and performance of the VPN are difficult to control as VPN speeds can be slower than a traditional connection and unreliable networks make staying connected to VPN harder. Mostly though, connecting to a VPN is inconvenient; it’s at best an extra step for the end user, and at worst really cumbersome. The outcome? You’ll find that users revert back to email or transferring data via their personal cloud accounts because it’s faster.

…is there an alternative?

Yes! There’s Varonis DatAnywhere, a solution that can cloud-enable your existing storage. Why move terabytes of data into the cloud when you can get the benefits of file synchronization and secure collaboration with the hardware that already hosts your corporate data?

Private cloud benefits include:

  • Definitive copies of files are always stored on corporate storage
  • No one gets permission to shared data unless they already have it
  • Users authenticate to Active Directory or LDAP and there is no need to reconfigure or replicate permissions
  • IT controls speed, availability, and security
  • Secure external collaboration using pin code.

You can download DatAnywhere instantly and it’s free for up to 5 users!

1 http://searchcio.techtarget.com/news/2240031598/Advice-for-dealing-with-the-top-10-risks-in-public-cloud-computing

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

difference-between-organizational-units-and-active-directory-groups
Difference Between Organizational Units and Active Directory Groups
Active Directory loves hierarchy. Domains, Organizational Units, groups, users, etc. Sometimes it can be confusing—how do I best structure my AD? 
someone-deleted-my-file.-how-can-i-find-out-who?
Someone Deleted My File. How Can I Find Out Who?
If you’ve ever been tasked with recovering a lost file or folder and had to explain exactly what happened (Who moved or deleted it? When did it happen? Why?), you...
the-difference-between-ssl-and-tls
The Difference Between SSL and TLS
SSL and TLS are used interchangably in conversations as they are incredibly closely related. Knowing the subtle difference is key. 
fighting-golden-ticket-attacks-with-privileged-attribute-certificate-(pac)
Fighting Golden Ticket Attacks with Privileged Attribute Certificate (PAC)
Learn how and why to control the Active Directory Environment state with PACRequestorEnforcement, the implications of doing so and how to detect Golden Ticket attacks happening in your network.