[ Note: This article was published on LinkedIn on Jan 20th 2020. Here is the link to the original article ]
Digital Transformation is again a big word for 2020. As more and more organizations becoming digitalized, the opportunity to communicate, interact and collaborate has become easier, faster, more convenient than ever.
File Sharing forever
Working in projects, file sharing is a fundamental activity that underpins communication and collaboration. Network drives via NAS (network attached storage) for file sharing are common within the confines of the company network. The perimeter of the company’s network is further extended via VPN (virtual private network) access, allowing branch offices and remote individuals to access the files from the central NAS server. It is a workable solution albeit poor network performance in delivery, challenges of siloed data management and difficult scalability.
The phenomenon of Dropbox
When Dropbox arrived circa 2008-2009, it took the industry by storm. They practically invented the term BYOD (bring your own device) and capture the imagination of the file sharing market. Gartner recognized this and coined EFSS (enterprise file sync and share) to consolidate the burgeoning file sharing market. Pretenders and challengers flooded the market, and after the shakedown, Box.net, Microsoft OneDrive, Google Drive and of course, Dropbox, are some of the market leaders today.
A recent report by Markets & Markets listed these companies as players in the EFSS market.
As the wheels of Digital Transformation turn, EFSS is changing as well. Gartner EFSS is now the CCP (content collaboration platform), releasing their Gartner Content Collaboration Platforms MarketPeer Insights report in April 2019.
Files are Ransomware’s favourite breakfast, lunch and dinner
Like it or not, files are the most common vector of ransomware. Files are the ones which are encrypted and unfortunately, file sharing is the most common distribution methods spreading ransomware in company networks.
How do these malicious files come into the company? Via emails; via USB drives; via attachments; via clicked mal-advertised websites; poor authentication and privileges implementations and more. Apart from exploits and software weaknesses, almost all lead to the human factor.
Poor user passwords and privileged account policies are from human convenience. Downloading unsuspecting email attachments are from human ignorance and curiosity. Backdoor downloads from mal-advertised websites are from human desires.
Hackers and ransomware attackers are targeting the weakest link – PEOPLE!
Security and Backup are a must now
Strangely, despite all the talks about the ease of file sharing and the convenience of it via Dropbox, OneDrive and so on, many companies are not scrutinizing how files are brought into the company networks and shared among peers and teammates. The public cloud file sharing and sync services like Dropbox, OneDrive, and Google Drive are basic services that often to do not put 2 key data protection measures into them.
The first is Data Security. Within the Data Security domain, the typical username/password authentication has been a weak point. User passwords are often easily broken with brute force attacks, and many do not change their passwords on these public cloud services at all. The inconvenience of changing passwords sets an inertia, a status quo that most users are happy to live with … until there is a breach that is close to them.
Furthermore the endpoint detection and response solutions in place are underspec. The free versions give a lull sense of data security where again depends on the human perception of security.
The second is Data Backup and Restoration. It is not the job for Dropbox or OneDrive to backup your files. These are usually optional added pricing items. Is the monthly pricing attractive enough to compel the users to pay more?
The conditioning of People Behaviour
I want to conclude that regardless of the all the fancy and sophisticated technologies out there, the Digital Transformation implementation must look at conditioning and altering the behaviour of the People in the digital ecosystem. The importance to inculcating the knowledge and discipline to ensure the protection and the security of the data in the file sharing activities must be promoted to the highest priority.
The 2 factor authentication (2FA) requirement has peppered extensively in the Bank Negara RMiT (Risk Management in Technology) framework. The desired effect is really to compel the change in how we approach the use of technology in the financial institutions in Malaysia.
It is time to question how secure will be these public file sync and share services like Dropbox and OneDrive are. Without the 2FA, we are not setting the right priorities for file sharing services in implementing Digital Transformation. We are opening gaps for ransomware and more.