Easy access to all relevant company data via a central platform for data transfer creates a more flexible, productive and secure working environment. That is why more and more Enterprise Filesharing solutions are being used in companies. However, some points have to be taken into account – not only because of the currently implemented data protection regulations (EU-GDPR).
Filesharing allows a user to share and exchange different types of files with friends and colleagues on public, mostly cloud-based filesharing pages, such as Dropbox, Google Drive etc. Especially in enterprises these services are often used – often, however, against company agreements and without consent of the IT-administrators. Not without reason the use of public clouds annoys the data protection officer: The servers of these free online-storages often lie outside of the EU (USA, Russia, Far East), which already violates the General Data Protection Regulation. In case of a problem (e.g. liability for loss of data) the operators of these platforms are hard to find, and nobody knows the exact data security regulations of these cloud services. For this reason alone, the principal applies that critical company files do not belong in a public cloud!
In some companies, provisional workarounds for filesharing have been created. This often involves the classic email that is hardly practical nowadays because of large data sizes: Due to limited file sizes, version conflicts and insufficient security the email is hardly up-to-date. A further solution would be a network-based storage device within the company. However sufficient access from outside for the employees is missing: VPN-connections are often slow. Therefore, access with mobile devices (notebook, tablet or smartphone) from outside is hardly possible. And even if it is possible, it entails additional administrative efforts.
Central data retention and provision in form of modern solutions for data transfer is becoming more and more popular in companies. They offer internal, but also location-independent data access, as well as storage possibilities in a secure cloud. Productive services need to be easy to handle and administrable, device-independent and controllable. Access control settings for every single file, user and group are a central element of filesharing solutions.
If a file is dropped unencrypted on a filesharing server, the server provider still can view the file. Not only since the disclosures from Edward Snowden, do we know that some cloud-servicers do not take data security very seriously: a court order – no matter where – is enough to hand files over to investigating authorities or secret services. Therefore, end-to-end encryption is obligatory for enterprise filesharing-solutions.
However, the encryption procedure is only effective, if it is used at the right place: the sender and recipient of a file. This ensures that the file contents are always encrypted on the filesharing server. Thus, the data is protected against access by unauthorized third parties. The access permissions for the encrypted files can be managed centrally and transparently. Therefore, only the employees with a file-access-permission and an appropriate encryption “key” can gain access. In short: Only the sender and entitled recipient can view the decrypted file.
DRACOON is a German Filesharing solution for companies.
With the software you can securely store, manage and send all your company data.