When talking about multidimensional file access rights and enterprise file sharing, it’s a conversation of questions.
Who? What? When? Where? How? Each of these questions drives the conversation. The drawback with many (if not most) enterprise file sync and share (EFSS) solutions is that only a portion of these operative questions are addressed.
IT chiefs and other executives looking for a secure file sharing solution should seek one that addresses each of these enterprise file sharing dimensions.
Consider the people that need access to your enterprise files. This would include internal employees who want to view, download, upload, share, edit, copy and paste files without being hindered by restrictions from the IT department.
However, not all internal employees need access to the same information on your servers. People in human resources, for example, probably don’t require access to the accounting department’s files.
External entities (such as clients, consultants or other third parties) may also need access to your data and servers. For instance, if your organization requests proposals from outside vendors, you likely have a portal to your servers that allows external people to access your system and upload data.
How do you ensure that these documents are uploaded securely? Your enterprise file sharing solution needs to have file access rights parameters that ensure only authorized people have access to information stored in your network. External users should be able to upload files but not see who has accessed the server or any data.
Monitoring the data people access and the devices they use is essential for strong enterprise file security. For example, you may want to restrict file access from mobile devices and only allow access to users on desktop computers. Access rights can also be restricted to certain file types, such as those created by a specific department (finance, R&D, legal, etc.). Or, you could only allow certain users to access files with key phrases, such as “attorney-client privilege.”
Also consider occasions where you’d only want to grant access to certain file formats. You may want external users to only have access to watermarked versions of files in PDF format, whereas internal users might have access to the files in their native format. The most robust enterprise file sharing solutions allow you to control who has access to what, as well as the format that data is in.
On the surface, 24/7 anywhere, any device access to enterprise files seems like a strong solution, provided that access is secure. For many organizations, this is true. But restricting file access by time of day is sometimes necessary. Consider day traders that trade stocks, options, futures and derivatives within the same business day. Once the market closes, any trading information accessed could lead to a regulatory violation, so institutions employing day traders must keep tight restrictions on their file access rights.
Only a small percentage of EFSS solutions are sophisticated enough to handle file access rights within predefined time frames. If you operate in an environment in which when files are accessed is critical, make sure your EFSS system is able to meet your requirements.
Organizations that do business in countries with a reputation for digital thievery must take extra care when employees travel there.
In the past, IT departments would restrict access to the corporate network and enterprise files to anyone traveling in the vicinity of a country known for threats to cyber-security. Some organizations won’t even let employees travel to certain countries with their laptops and smartphones.
As The New York Times reported in 2012, “[It] has become easier to steal information remotely because of the Internet, the proliferation of smartphones and the inclination of employees to plug their personal devices into workplace networks and cart proprietary information around. Hackers’ preferred modus operandi, security experts say, is to break into employees’ portable devices and leapfrog into employers’ networks — stealing secrets while leaving nary a trace.”
If your organization sends employees to places with high cyber-security threats, make sure your data is protected on their devices by an EFSS solution equipped with granular geo-fencing capabilities.
Finally, consider how your end users want to interact with enterprise files. Users want the flexibility to access, view and manipulate data, but they also desire the freedom to email, share, download to a mobile device or upload data to a server for wider distribution.
IT teams want to grant this flexibility while maintaining enterprise file security along the way. This means your EFSS solution needs to have a number of digital rights management (DRM) options for how enterprise files are accessed and shared. A sophisticated EFSS system should have DRM features that allow IT teams to follow data wherever it goes. These features could allow a file to be downloaded with restrictions that limit formats, place limits on how many downloads are permitted, control copy-pasting and sharing information with third-party applications or individuals, or restrict the spread of enterprise information through watermarks or disabling screenshot capabilities altogether.
Remember, control is a good thing. The more control you have over file access rights, the greater your options are regarding who, what, where, when and how your enterprise files may be accessed.