The risks of personal file sharing within businesses

Share this story:Tweet about this on Twitter0Share on LinkedIn0Share on Google+0Share on Facebook0

In his white paper, “Business-Class File Sharing Best Practices”, Michael Osterman of Osterman Research assesses the current state of
personal file sharing within business, with recommendations about how information technology, risk management and compliance teams can best address the common issues and risks.

Below is an excerpt from the paper, where Michael summarizes some of the key issues with the status quo with personal file sharing within business.  We also invite you to access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.

Excerpted from “Business-Class File Sharing Best Practices”

The Status Quo Doesn’t Work

  • Users are stymied because company email systems often do not permit file attachments of more than 10 to 20 megabytes to be sent, and it is not efficient at sending more than a few files at a time. Moreover, email doesn’t typically include a return receipt so the sender can know if the recipient ever received the email. Also, when email is used for file transfer, it imposes increased storage and bandwidth costs, slow message delivery, long backups, long restores, high IT management costs.
  • Many users will turn to their personal Webmail account because of their ability to send very large files through these systems. However, when users do so there is no IT visibility into the sent or received content, no tracking, no auditability, and no archiving. Moreover, corporate content can reside in personal Webmail repositories for many years, long after an employee may have left the company. While this makes life easier for users, it increases the risk to the organization.
  • USB sticks, tablets and smartphones create the same problems: lack of security, higher costs, their likelihood of being lost or stolen, and the potential for content on them to be accessed by unauthorized parties.
  • Dropbox-like file sharing tools and cloud services can be effective, but they do not permit IT management or governance of content. And, they often are individual accounts and not under the sanction of IT which means that IT doesn’t have the visibility or insight into what is being transferred, nor does IT maintain any type of audit trail for this content.
  • SharePoint and similar tools are useful for sharing information if both senders and recipients are using it. However, SharePoint require the deployment of a dedicated infrastructure and training for end users, and it is not always easily accessible by remote workers or people external to an organization.
  • Basic FTP client-server systems, while useful, require both the sender and recipient to have access to the FTP server to share information, which can be an ongoing provisioning burden for IT.
  • Physical delivery of information – such as CD-ROMs or DVD-ROMs that are burned and sent through overnight services – is expensive and the speed of delivery is slow

Again, at this link you can access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.

This entry was posted in Compliance, Managed File Transfer, Security. Bookmark the permalink. Trackbacks are closed, but you can post a comment.

2 Comments

  1. Posted July 16, 2012 at 7:22 am | Permalink

    You have stated very clearly some of the reasons why personal file sharing is at risk. But don’t forget the user, ease of use is the number one thing to consider when rolling out any software that involves the end user such as the MOVEit Adhoc Outlook Plugin, which to be frank is very easy to use but still adds another ‘thing’ for the end user to do. I would like to see more on how policy enforcement is automated using secure adhoc solutions to ensure company policies, end users and technology vendors are all aligned.

  2. Posted September 1, 2012 at 6:01 am | Permalink

    Thanks Zak for raising these important points. I would also add to this to say that rather than deploy yet another system to overcome these issues, companies want to be able to utilise existing software at best or at least deploy software that can deliver multiple benefits. MOVEit does this as it addresses multiple IT challenges as well as the ones outlined above.

Leave a Reply