Introduction – Security Best Practices for External Sharing on Content Collaboration Platforms
Content Collaboration Platforms (CCPs) like Box, Citrix ShareFile, Dropbox, Egynte, Google Drive, and Microsoft OneDrive have come along way since the early 2010’s when the two original innovators, Dropbox and Box, were just cloud storage with some nifty partial syncing. Today, they have taken center stage and are now considered vital to the real-time collaboration goals of the connected economy. Gartner predicts that by 2020, 80% of large and midsize organizations will have deployed at least one of these platforms as part of their “content collaboration strategy.” Gartner also recently renamed the category from Enterprise File Sync and Share (EFSS) to Content Collaboration Platforms to reflect its growing importance.
Not surprisingly as these platforms have become more strategic they have also come under greater scrutiny regarding their security. For the most part they have made great strides with increased security controls for collaboration amongst their “managed” or internal users, but very real security challenges remain for collaboration with “non-managed” or external users. Sadly, data breaches are keeping pace with the torrent of data being put on to the cloud and the trend is not likely to change. The “flavor” of breaches that this blog series will focus on are not traditional hacks, but serious data leakage that stems from platform vulnerabilities, lax security procedures, misconfiguration or just ignorance (remember Anthony Weiner’s use of Twitter for what he thought were private messages?). The blame is shared between vendors and users because both sides make mistakes so the advice will target reducing vulnerabilities from any source to keep your data secure. For example, in 2017 security researchers discovered that collaboration invitations to sensitive files from companies like Dell and Ford could be found on search engines. The issue was quickly corrected but it is likely that we will see more and more of these stories in the future. For many enterprises what happens to their files once they leave the walled garden of their cloud provider remains a troubling blindspot. Resolving this vulnerability will always be a challenge since enterprises will never have the same level of control over external users as they do over their own managed users. With that said there are steps that enterprises can take to mitigate the risk involved with external collaboration.
The objective of this blog series is to examine the state of security for external sharing and collaboration for the leading Content Collaboration Platforms. Each week we’ll review a different platform and make best security practice recommendations. First up in the series will be Box so stay tuned.