04 Mai 2015

7 Security Risks from Consumer-Grade File Sync Services

Consumer-grade file sync solutions (referred to as CGFS solutions) pose many challenges to businesses that care about control and visibility over company data. Below are seven of the biggest risks that these solutions pose in a business environment.*

 

  1. Data theft

Most of the problems with CGFS solutions emanate from a lack of oversight. Business owners are not privy to when an instance is installed and are unable to control which employee devices can or cannot sync with a corporate PC. Use of CFGS solutions can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.

  1. Data loss

Lacking visibility over the movement of files or file versions across endpoints, CFGS solutions improperly backup (or do not backup at all) files that were modified on an employee device. If an endpoint is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file or any version for that matter.

  1. Corrupted data

In a study by CERN, silent data corruption was observed in 1 out of every 1500 files. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most CGFS solutions don’t implement data integrity assurance systems to ensure that any bit-rot or corrupted data is replaced with a redundant copy of the original.

  1. Lawsuits

CGFS solutions give carte blanche power to end-users over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information that can break privacy agreements in place with clients and third-parties.

  1. Compliance violations

Since CGFS solutions have loose (or non-existent) file retention and file access controls, you could be setting yourself up for a compliance violation. Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict controls over how long files are kept and who can access them.

  1. Loss of accountability

Without detailed reports and alerts over system-level activity, CGFS solutions can result in loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious admin gains access to the system, hundreds of hours of configuration time can be undone if no alerting system is in place to notify other admins of these changes.

  1. Loss of file access

Consumer-grade solutions don’t track which users and machines touched a file and at which times. This can be a big problem if you’re trying to determine the events leading up to a file’s creation, modification, or deletion. Additionally, many solutions track and associate a small set of file events which can result in a broken access trail if a file is renamed, for example.

 

Consumer-grade file sync solutions pose many challenges to businesses that care about control and visibility over company data. Allowing employees to utilize CFGS solutions can lead to massive data leaks and security breaches.

Many companies have formal policies or discourage employees from using their own accounts. But while blacklisting common CFGS solutions may curtail the security risks in the short term, employees will ultimately find ways to get around company firewalls.

The best way for businesses to handle this is to deploy a company-approved application that will allow IT to control the data, yet grants employees the access and functionality they feel they need to be productive.

Share this
24 Avr 2014

How many licks does it take to get to your data

Is your network protected?

When I talk to many of our prospects, and even some of our existing clients about security, most of them think they have protected their networks completely.

They have installed and even updated their desktop AV, they have a firewall at the network perimeter, and even do their windows updates. They feel safe because they are being ‘pro-active’ with patching and endpoint security and their firewall is keeping all the bad things on the internet out. The truth is they are
not safe. Basic patching and endpoint protection with a standard perimeter firewall no longer offers the protection required. Security holes exist in every software application, some of the latest threats to emerge exploit Adobe Flash and Java, software that exists on every corporate network and in many cases is required to do business. Not only is the focus of attacks moving away from the OS but the number of zero-day attacks is increasing and spreading even faster through the internet.

Most of these attacks and exploits are used as footholds to injects other malicious software into the machine and in most cases the goal is to extract information. At the end of 2013 a slew of Crypto locker attacks generated an estimated 27M$ for the attackers. The attackers made millions of dollars by holding personal and corporate data hostage, forcing people to pay to get their data back. A single unpatched or infected machine on your network could turn all your corporate data to useless ones and zeroes, hopelessly encrypted and inaccessible unless you paid the ransom, which many people did. The success of these attackers has only emboldened others to come up with new ways to infect and disrupt corporate and personal machines.

How many licks does it take to get to the center?

tootsie_pop_layers_of_securityUsing a layered security model is a best practice, I like to use the Tootsie Pop as an analogy for this security model because it immediately makes me think of the commercial “how many licks does it take to get to the center of a Tootsie Pop”. This is how businesses have to think about security too. Create multiple layers of security to protect corporate data and make it difficult for attackers. Layers of security can be added at the corporate firewall, endpoints (mobile and workstations), servers, and even the physical network. The corporate firewall is one of the easiest and best places to add security layers, as this is the chokepoint for traffic entering and leaving the corporate network, so it becomes a great spot to filter and block traffic. Most firewalls today support the addition of services that will scan traffic for viruses, malware, spyware and known attacks. SonicWALL appliances call these types of services UTM or Unified Threat Management, which uses packet scanning technology to identify threats at the gateway as they pass through the firewall. SonicWALL bundles these services into their Comprehensive Gateway Security Suite or CGSS as a yearly subscription.

How does an extra service like CGSS create a new protective layer?

With recent threats like the Heartbleed flaw, SonicWALL released a new signature they day it was announced that picked up and blocked the activity generated by an attacker exploiting the flaw. This means that even if your server or application was vulnerable, the SonicWALL Intrusion Prevention Services were able to block the traffic and prevent the attack. Another example is the Crypto viruses and their variants, they require access to a certificate server where they can download a certificate to use in encrypting data. Even though the virus might bypass the desktop anti-virus and infect the system, a packet scanning service like SonicWALL IPS can prevent the virus from completing the process and essentially neutralize it. Utilizing the chokepoint of the network to scan for and block attacks, as they enter and leave the company creates a new checkpoint in the network that will augment the basic protection that is offered by a desktop anti-virus. These services are automatically updated and maintained by the manufacturer so the intervention required is minimal.

Adding this service layer at the firewall is by no means the only spot where additional protective layers can be added but it is probably the easiest and most cost effective. I always recommend to our clients that they add these services, some agree and others don’t, but clients that do have the services active have seen the benefits.

So I ask you this question. How many licks does it take?

Share this

© 2016 Industries Bang Inc. All rights reserved.

Click Me