In his white paper, “Business-Class File Sharing Best Practices”, Michael Osterman of Osterman Research assesses the current state of
personal file sharing within business, with recommendations about how information technology, risk management and compliance teams can best address the common issues and risks.
Below is an excerpt from the paper, where Michael summarizes some of the key issues with the status quo with personal file sharing within business. We also invite you to access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.
Excerpted from “Business-Class File Sharing Best Practices”
The Status Quo Doesn’t Work
- Users are stymied because company email systems often do not permit file attachments of more than 10 to 20 megabytes to be sent, and it is not efficient at sending more than a few files at a time. Moreover, email doesn’t typically include a return receipt so the sender can know if the recipient ever received the email. Also, when email is used for file transfer, it imposes increased storage and bandwidth costs, slow message delivery, long backups, long restores, high IT management costs.
- Many users will turn to their personal Webmail account because of their ability to send very large files through these systems. However, when users do so there is no IT visibility into the sent or received content, no tracking, no auditability, and no archiving. Moreover, corporate content can reside in personal Webmail repositories for many years, long after an employee may have left the company. While this makes life easier for users, it increases the risk to the organization.
- USB sticks, tablets and smartphones create the same problems: lack of security, higher costs, their likelihood of being lost or stolen, and the potential for content on them to be accessed by unauthorized parties.
- Dropbox-like file sharing tools and cloud services can be effective, but they do not permit IT management or governance of content. And, they often are individual accounts and not under the sanction of IT which means that IT doesn’t have the visibility or insight into what is being transferred, nor does IT maintain any type of audit trail for this content.
- SharePoint and similar tools are useful for sharing information if both senders and recipients are using it. However, SharePoint require the deployment of a dedicated infrastructure and training for end users, and it is not always easily accessible by remote workers or people external to an organization.
- Basic FTP client-server systems, while useful, require both the sender and recipient to have access to the FTP server to share information, which can be an ongoing provisioning burden for IT.
- Physical delivery of information – such as CD-ROMs or DVD-ROMs that are burned and sent through overnight services – is expensive and the speed of delivery is slow
Again, at this link you can access the full white paper including Michael’s case for why IT needs to provide and manage file sharing solutions.