Sharing files via cloud-based options such as AWS, Box, OneDrive, Dropbox, ShareFile, Google Cloud, and others is the no-brainer option chosen by many organizations. And that choice is made for plenty of good reasons – accessibility, real-time collaboration, scalability, and cost effectiveness, along with version control and less need for hardware.
However, despite the user advantages of these cloud storage providers and platforms, there are disadvantages to consider, especially if your organization is concerned about threats, is responsible for and handles sensitive data, or needs to meet compliance requirements around file security and movement.
Disadvantages of Cloud File Sharing Platforms and Services
Humans are fallible and the risks of simple human error or of misconfiguration of file access is one of the largest threats to an organization’s sensitive files. Without centralized management, organizations can quickly lose control of access to files and of who can share, edit, or view sensitive information. Your organization may also have internal or partner encryption requirements for its data. Additionally, public versus private access to your data poses a risk of files being mishandled. Furthermore, many security attacks launch themselves within files as they can be cleverly disguised which can trick many users.
However files are transferred, a simple key stroke can open the doors to a data breach. According to these two studies, human error accounts for an outsized portion of data breaches:
- 3,000 IT and security professionals confirmed that human error was the leading cause of data breaches at 55 percent, in the 2023 Thales Global Cloud Security Study.
- Verizon’s Data Breach Investigation Report shows 74% of incidents – cloud or otherwise – contributed to 74% of mishandled or breached data.
6 Reasons to Reconsider Your Cloud File Sharing Services
There are many considerations to undertake before deciding on how your organization will send files securely. Below are a few to think about:
Encryption may not be adequate or automated: When transferring files, end-to-end encryption should be considered to encrypt data both while it is in transit, as well as at rest. A secure, Managed File Transfer Solution (MFT) can automatically encrypt sensitive files in motion and rest. In addition, key and certificate management may not be strong with some cloud applications, leaving files open to malicious intent.
Related Reading: Why Automate Encryption and Decryption of File Transfers
- Compliance requirements may not be met: If your organization needs to comply with HIPAA, PCI DSS, GDPR, or other regulatory standards, it’s important to remember that not all cloud platforms can meet the requirements around file transfers, resulting in substantial financial, legal, and reputational damage.
Limited control over data: Unchecked file sharing, collaboration, or sending files to unauthorized individuals are all risks that could be realized without a managed file transfer solution safeguarding how files are handled. With many cloud-based solutions, once files are transferred, there is no control over files once they’ve landed at their intended destination. A secure solution for collaboration can alleviate those fears by putting tight controls on who can access, edit, and transfer files and for how long.
Fortra’s Secure Collaboration solution can secure any type of file in the cloud (or on-premises) when used in conjunction with GoAnywhere MFT. IT teams can then define granular usage rights as to how files are used and shared – even once they are stored on devices outside of your network. Tracking and controls can be put in place to prevent unauthorized access and revoke privileges. If, however, data should ever leak, the Secure Collaboration solution ensures access is granted only to authorized
individuals.No workflows for cloud file transfers: MFT solutions such as Fortra’s GoAnywhere MFT simplify and automate multiple file transfer processes with multi-step workflows to take on repetitive, manual tasks, and keep business moving. You can create "Projects" to define the file transfers and business processes to perform to execute seamlessly without the need for scripting or programming.
For example, a Project can be set up to retrieve encrypted data from a server, unencrypt it, process the file (which may include reading the file contents to extract data), followed by submitting it into a downstream internal application. That received file can also be altered, if necessary, to add content, re-encrypt it, then send it to another external SFTP server.
- Lack of centralized user management: Cloud file sharing solutions may not provide a comprehensive, user-friendly, one-stop- shop for administrators to control access, authentication, and encryption of sensitive files. Instead, multiple tools and applications must be coordinated and can lead to more data at risk. A robust MFT solution should be capable of managing all types of file-send situations, including ad hoc emails, large files, and batch files.
- Threats: Viruses, malware, ransomware, Advanced Persistent Threats, and banned media types all can work their way into your organization’s computing platforms. Using GoAnywhere with Fortra’s Secure ICAP Gateway solution can block all of these threats and more.
Security Best Practices for Cloud File Transfers
As the security of files is an overarching goal or any organization, no matter the deployment selected, utilizing these best practices around how files are managed can help ensure sensitive files are secured:
Ensure proper architecture of virtual networks and network security groups. Implementing strict network security rules can limit who can gain access to your infrastructure therefore mitigating your risk level. Some cloud file sharing platforms do not give you this capability or can’t adhere to specified security requirements. To address the push towards shared systems, consider implementing Zero Trust security principles to properly control system workflows.
This disallows the lateral movement of data, enables automatic scanning for malware or viruses and gives total control over files, wherever they ultimately travel. Additionally, the use of any Identity and Access Management (IAM) solutions should incorporate secure connections, multi-factor authentication, as well as single sign-on capabilities.
- Wherever possible, implement secure end-to-end connections.
- Ensure adherence to your corporate security, data management, and infrastructure, regardless of system type. Controls can range from backup and restore, data synchronization, disaster recovery, and security controls.
- Deploy detection and response tools such as Web Application Firewalls (WAFs) to target the application layer for needed protection amidst the cloud’s interconnectedness, as well as Distributed Denial of Service (DDoS) tools.
Related Reading: WAFs Add Layer of Security When Using Web-based Apps
- Consider forward, as well as reverse proxy/bastian servers, to prevent external connections from directly communicating with internal resources. External or public hosts should not be able to communicate directly with your internal or private resources on your LAN. For security, GoAnywhere’s Gateway, a secure proxy gateway, is installed in the demilitarized zone (DMZ), with GoAnywhere MFT installed in the private/internal network.
The Gateway acts as a deep content inspection engine to detect sensitive or critical data, active, and malicious threats. If detected, it applies the appropriate remedial action which allows safe content to flow through to reduce business disruption, and redacts any information not deemed appropriate to be accessed.
- Utilize similar security controls, regardless of system type, and use the same level of application controls for application servers and networking devices.
- Central deployment of management and monitoring tools with the capability to scan physical, virtual, application, and network devices is also recommended. These tools should address hybrid environments and their abilities around patching, monitoring, management, and vulnerability scanning.
- Put an incident investigation and response solution in place and practice it. Logging and reporting capabilities to review who did what with file movements should also be in place.
- Ensure your IT staff is trained and capable of managing cloud infrastructure.
- Where applicable, deploy a content scanning solution and enforce threat protection and/or Data Loss Prevention (DLP) controls. Fortra’s Threat Protection bundle helps minimize the risks of opening your systems to threats, such as malware or hidden threats within file transfers, and of exposing the wrong content, whether sent by mistake or hidden in metadata.
Connecting MFT with Cloud Applications
Robust MFT, such as GoAnywhere MFT, can also help organizations easily connect to cloud applications such as SharePoint Online, Google Drive and others. GoAnywhere uses Cloud Connectors – built-in web and cloud integrations that offer a standardized way to integrate workflows and projects with SOAP and RESTful web service APIs. Users can choose from established Connectors or create custom ones.
Considering Cloud File Transfers? Consider How GoAnywhere MFT Can Help.
GoAnywhere MFT is flexible, scalable, and highly available. Operating GoAnywhere in a cloud environment can help your organization secure and exchange data with user-friendly ease.