SlideShare a Scribd company logo

Secure File Sharing Basics - What Every File Sharing Provider Should Have

Download as PPTX, PDF
BoxHQ
BoxHQ
Technology
1 of 12
Secure File Sharing Basics What every file sharing provider should have
With the cloud being an essential part of so many IT organizations, best practices have emerged to help IT evaluate the right vendors’ ability to meet mission critical security needs. The following slides outline the basic cloud features any vendor should have, as well as basic and advanced security measures. This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014
STORE Store files with user-controlled recovery SYNC Silently sync local directory with the server SHARE Share in/out of the organization at a file or folder level VIEW Has an in-browser viewer Basic Cloud File Sharing Features COLLABORATE Can add comments on documents in a web interface WEB/MOBILE SUPPORT Can access files from web/mobile INTEGRATE VIA APIs Able to integrate directly with other platforms MANAGE CONTENT Organize files and folders, manage versions, and check- in/check-out
DATA CENTER SECURITY Includes physical controls, logistical controls, and third party certifications like SOC 2 or ISO 27001 BUSINESS CONTINUITY Provider has a plan for catastrophes such as power outages APPLICATION SECURITY Free from vulnerabilities to SQL injection, CSS, CSRF and other application and business logic attacks Core Security Features: Security Baseline INTERNAL CONTROLS Well-documented internal controls to prevent outside/inside attacks TRANSPARENCY, STAFFING AND DOCUMENTATION Includes a dedicated team, transparent operations, and good documentation ENCRYPTION All customer data should be encrypted at rest and in transit
Core Security Features: Identity and Access Management Features SERVICE IDENTITY When sharing documents externally, collaborators should not be required to register with your internal identity provider. FEDERATION AND SSO Support internal identity for automatic registration with the service. SAML is preferred. TWO FACTOR AUTHENTICATION Users are required to enter a second piece of ID AUTHORIZATION AND ACCESS CONTROLS Permissions should be at the directory, subdirectory and file level and integrate internal, external and anonymous users DEVICE CONTROL MANAGEMENT Administrators can manage which devices users use to access the system CENTRALIZED MANAGEMENT Administrators can manage all permissions and sharing through the web interface
COMPLETE AUDIT LOGS Contains user, device, file accessed, activity performed, and metadata such as time and location LOG DURATION Does it ever expire? LOG MANAGEMENT AND VISIBILITY How do you access it and how easy is it to use? INTEGRATION AND EXPORT You should be able to export the logs and integrate them with other logs Core Security Features: Audit and Transparency
With a centralized service, you can easily track down files and logs to determine if leaks happen. This is a powerful security feature. Search features let you search your entire index for keywords or content. Advanced Security Features: Universal Search and Investigation Support
Advanced Security Features: Client-Managed Encryption In both cases you will need your own Key Management Infrastructure Two Options For Client-Managed Encryption Cloud platform endpoint agents handle encryption Cloud platform manages encryption in their backend, but offers key management to enterprise users. Customer has exclusive access to encryption keys. 1 2
Advanced Security Features: Data Loss Prevention Advanced Security Features: Information Rights Management DEFINITION: Limiting usage of a file according to access policies EXAMPLE: • You can let someone view a file, but not email, share or download it • Protects against copy and printing • Good data loss prevention will include full-text indexing and search + audit log of all activity associated with a file. Third-party DLP integration may provide more capabilities. • Bonus points for real-time monitoring of content
Advanced Security Features: Device Security Advanced Security Features: API Support Robust APIs are quickly becoming standard. They should be able to integrate with all tools, future and existing. • Restrict access only to approved devices • Prevent offline access • Prevent data leakage through copy/paste and “Open in” other applications
Advanced Security Features: Security Tool Integrations STANDARD INTEGRATIONS: • Cloud security gateways • eDiscovery • Data loss prevention (DLP) • Mobile device management • SIEM/log management
For more information: Download: The Security Pro’s Guide to Cloud File Storage and Collaboration This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014

Recommended

Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseBoxHQ
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App SecurityAlvaro Rezende
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Cryptzone SharePoint and Office 365 Security Solutions Guide
Cryptzone SharePoint and Office 365 Security Solutions GuideCryptzone SharePoint and Office 365 Security Solutions Guide
Cryptzone SharePoint and Office 365 Security Solutions GuideDavid J Rosenthal
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksMicrosoft
 

Recommended

Decriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseDecriminalize Your Colleagues - How to Address Shadow IT in the Enterprise
Decriminalize Your Colleagues - How to Address Shadow IT in the EnterpriseBoxHQ
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App SecurityAlvaro Rezende
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Cryptzone SharePoint and Office 365 Security Solutions Guide
Cryptzone SharePoint and Office 365 Security Solutions GuideCryptzone SharePoint and Office 365 Security Solutions Guide
Cryptzone SharePoint and Office 365 Security Solutions GuideDavid J Rosenthal
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksMicrosoft
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionMicrosoft
 
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT OperationsLeading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT OperationsOneLogin
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudMicrosoft
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonJoel Oleson
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection Syed Sabhi Haider
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Techorama - Shadow IT with Cloud Apps
Techorama - Shadow IT with Cloud AppsTechorama - Shadow IT with Cloud Apps
Techorama - Shadow IT with Cloud AppsDavid De Vos
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights ManagementDavid J Rosenthal
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Bitglass
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Priyanka Aash
 
File Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveDavid J Rosenthal
 
Cloud Computing Risks by Ravi Namboori Cisco Evangelist
Cloud Computing Risks by Ravi Namboori Cisco EvangelistCloud Computing Risks by Ravi Namboori Cisco Evangelist
Cloud Computing Risks by Ravi Namboori Cisco EvangelistRavi namboori
 
Azure information protection
Azure information protectionAzure information protection
Azure information protectionKjetil Lund-Paulsen
 
Community IT - Single Sign On
Community IT - Single Sign OnCommunity IT - Single Sign On
Community IT - Single Sign OnCommunity IT Innovators
 
6 ways to manage IT Security
6 ways to manage IT Security6 ways to manage IT Security
6 ways to manage IT SecurityMonami Saluja
 
Microsoft Cloud App Security Demo
Microsoft Cloud App Security DemoMicrosoft Cloud App Security Demo
Microsoft Cloud App Security DemoCheah Eng Soon
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
Box for Production
Box for ProductionBox for Production
Box for ProductionBoxHQ
 
Your Digital Transformation Journey
Your Digital Transformation JourneyYour Digital Transformation Journey
Your Digital Transformation JourneyBoxHQ
 

More Related Content

What's hot

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionMicrosoft
 
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT OperationsLeading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT OperationsOneLogin
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudMicrosoft
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonJoel Oleson
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection Syed Sabhi Haider
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Techorama - Shadow IT with Cloud Apps
Techorama - Shadow IT with Cloud AppsTechorama - Shadow IT with Cloud Apps
Techorama - Shadow IT with Cloud AppsDavid De Vos
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights ManagementDavid J Rosenthal
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Bitglass
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Priyanka Aash
 
File Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveDavid J Rosenthal
 
Cloud Computing Risks by Ravi Namboori Cisco Evangelist
Cloud Computing Risks by Ravi Namboori Cisco EvangelistCloud Computing Risks by Ravi Namboori Cisco Evangelist
Cloud Computing Risks by Ravi Namboori Cisco EvangelistRavi namboori
 
6 ways to manage IT Security
6 ways to manage IT Security6 ways to manage IT Security
6 ways to manage IT SecurityMonami Saluja
 
Microsoft Cloud App Security Demo
Microsoft Cloud App Security DemoMicrosoft Cloud App Security Demo
Microsoft Cloud App Security DemoCheah Eng Soon
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 

What's hot (20)

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT OperationsLeading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
Leading Trends in IAM Webinar 2: Minimizing Complexities in IT Operations
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloud
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel Oleson
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App Security
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Techorama - Shadow IT with Cloud Apps
Techorama - Shadow IT with Cloud AppsTechorama - Shadow IT with Cloud Apps
Techorama - Shadow IT with Cloud Apps
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?
 
Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1Workshop: Threat Intelligence - Part 1
Workshop: Threat Intelligence - Part 1
 
File Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDrive
 
Cloud Computing Risks by Ravi Namboori Cisco Evangelist
Cloud Computing Risks by Ravi Namboori Cisco EvangelistCloud Computing Risks by Ravi Namboori Cisco Evangelist
Cloud Computing Risks by Ravi Namboori Cisco Evangelist
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
 
Community IT - Single Sign On
Community IT - Single Sign OnCommunity IT - Single Sign On
Community IT - Single Sign On
 
6 ways to manage IT Security
6 ways to manage IT Security6 ways to manage IT Security
6 ways to manage IT Security
 
Microsoft Cloud App Security Demo
Microsoft Cloud App Security DemoMicrosoft Cloud App Security Demo
Microsoft Cloud App Security Demo
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection
 

Viewers also liked

Box for Production
Box for ProductionBox for Production
Box for ProductionBoxHQ
 
Your Digital Transformation Journey
Your Digital Transformation JourneyYour Digital Transformation Journey
Your Digital Transformation JourneyBoxHQ
 
Box Premier Support Overview
Box Premier Support OverviewBox Premier Support Overview
Box Premier Support OverviewBoxHQ
 

Viewers also liked (6)

Box for Production
Box for ProductionBox for Production
Box for Production
 
Your Digital Transformation Journey
Your Digital Transformation JourneyYour Digital Transformation Journey
Your Digital Transformation Journey
 
Box Premier Support Overview
Box Premier Support OverviewBox Premier Support Overview
Box Premier Support Overview
 
Php Ppt
Php PptPhp Ppt
Php Ppt
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPT
 
Black box
Black boxBlack box
Black box
 

Similar to Secure File Sharing Basics - What Every File Sharing Provider Should Have

Document Management System - docManager
Document Management System - docManagerDocument Management System - docManager
Document Management System - docManagerRajesh Shah
 
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareThe Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareHybrid Cloud
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Cryptolab cse datasheet v1.1.pdf
Cryptolab cse datasheet v1.1.pdfCryptolab cse datasheet v1.1.pdf
Cryptolab cse datasheet v1.1.pdfMassimo Bertaccini
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareKonverge Technologies Pvt. Ltd.
 
Cloudoc brochure eng_20170823
Cloudoc brochure eng_20170823Cloudoc brochure eng_20170823
Cloudoc brochure eng_20170823sang yoo
 
IRM Secure on SecuLogica Technical Whitepaper
IRM Secure on SecuLogica Technical WhitepaperIRM Secure on SecuLogica Technical Whitepaper
IRM Secure on SecuLogica Technical WhitepaperJim Kitchen
 
SMB Security Product Overview.pptx
SMB Security Product Overview.pptxSMB Security Product Overview.pptx
SMB Security Product Overview.pptxkovec2684
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesPT Datacomm Diangraha
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportKiran Girase
 

Similar to Secure File Sharing Basics - What Every File Sharing Provider Should Have (20)

Document Management System - docManager
Document Management System - docManagerDocument Management System - docManager
Document Management System - docManager
 
CIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdfCIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdf
 
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and ShareThe Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
The Enterprise File Fabric for Cloudian | GDPR ready File Sync and Share
 
Irm11g overview
Irm11g overviewIrm11g overview
Irm11g overview
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Cryptolab cse datasheet v1.1.pdf
Cryptolab cse datasheet v1.1.pdfCryptolab cse datasheet v1.1.pdf
Cryptolab cse datasheet v1.1.pdf
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
 
DLP and MDM Datasheet
DLP and MDM DatasheetDLP and MDM Datasheet
DLP and MDM Datasheet
 
Cloudoc brochure eng_20170823
Cloudoc brochure eng_20170823Cloudoc brochure eng_20170823
Cloudoc brochure eng_20170823
 
IRM Secure on SecuLogica Technical Whitepaper
IRM Secure on SecuLogica Technical WhitepaperIRM Secure on SecuLogica Technical Whitepaper
IRM Secure on SecuLogica Technical Whitepaper
 
SMB Security Product Overview.pptx
SMB Security Product Overview.pptxSMB Security Product Overview.pptx
SMB Security Product Overview.pptx
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Cloudciti Enterprise File Share Services
Cloudciti Enterprise File Share ServicesCloudciti Enterprise File Share Services
Cloudciti Enterprise File Share Services
 
Airwatch od VMware
Airwatch od VMwareAirwatch od VMware
Airwatch od VMware
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing report
 
VISULOX-Summary-SN
VISULOX-Summary-SNVISULOX-Summary-SN
VISULOX-Summary-SN
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Secure File Sharing Basics - What Every File Sharing Provider Should Have

  • 1. Secure File Sharing Basics What every file sharing provider should have
  • 2. With the cloud being an essential part of so many IT organizations, best practices have emerged to help IT evaluate the right vendors’ ability to meet mission critical security needs. The following slides outline the basic cloud features any vendor should have, as well as basic and advanced security measures. This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014
  • 3. STORE Store files with user-controlled recovery SYNC Silently sync local directory with the server SHARE Share in/out of the organization at a file or folder level VIEW Has an in-browser viewer Basic Cloud File Sharing Features COLLABORATE Can add comments on documents in a web interface WEB/MOBILE SUPPORT Can access files from web/mobile INTEGRATE VIA APIs Able to integrate directly with other platforms MANAGE CONTENT Organize files and folders, manage versions, and check- in/check-out
  • 4. DATA CENTER SECURITY Includes physical controls, logistical controls, and third party certifications like SOC 2 or ISO 27001 BUSINESS CONTINUITY Provider has a plan for catastrophes such as power outages APPLICATION SECURITY Free from vulnerabilities to SQL injection, CSS, CSRF and other application and business logic attacks Core Security Features: Security Baseline INTERNAL CONTROLS Well-documented internal controls to prevent outside/inside attacks TRANSPARENCY, STAFFING AND DOCUMENTATION Includes a dedicated team, transparent operations, and good documentation ENCRYPTION All customer data should be encrypted at rest and in transit
  • 5. Core Security Features: Identity and Access Management Features SERVICE IDENTITY When sharing documents externally, collaborators should not be required to register with your internal identity provider. FEDERATION AND SSO Support internal identity for automatic registration with the service. SAML is preferred. TWO FACTOR AUTHENTICATION Users are required to enter a second piece of ID AUTHORIZATION AND ACCESS CONTROLS Permissions should be at the directory, subdirectory and file level and integrate internal, external and anonymous users DEVICE CONTROL MANAGEMENT Administrators can manage which devices users use to access the system CENTRALIZED MANAGEMENT Administrators can manage all permissions and sharing through the web interface
  • 6. COMPLETE AUDIT LOGS Contains user, device, file accessed, activity performed, and metadata such as time and location LOG DURATION Does it ever expire? LOG MANAGEMENT AND VISIBILITY How do you access it and how easy is it to use? INTEGRATION AND EXPORT You should be able to export the logs and integrate them with other logs Core Security Features: Audit and Transparency
  • 7. With a centralized service, you can easily track down files and logs to determine if leaks happen. This is a powerful security feature. Search features let you search your entire index for keywords or content. Advanced Security Features: Universal Search and Investigation Support
  • 8. Advanced Security Features: Client-Managed Encryption In both cases you will need your own Key Management Infrastructure Two Options For Client-Managed Encryption Cloud platform endpoint agents handle encryption Cloud platform manages encryption in their backend, but offers key management to enterprise users. Customer has exclusive access to encryption keys. 1 2
  • 9. Advanced Security Features: Data Loss Prevention Advanced Security Features: Information Rights Management DEFINITION: Limiting usage of a file according to access policies EXAMPLE: • You can let someone view a file, but not email, share or download it • Protects against copy and printing • Good data loss prevention will include full-text indexing and search + audit log of all activity associated with a file. Third-party DLP integration may provide more capabilities. • Bonus points for real-time monitoring of content
  • 10. Advanced Security Features: Device Security Advanced Security Features: API Support Robust APIs are quickly becoming standard. They should be able to integrate with all tools, future and existing. • Restrict access only to approved devices • Prevent offline access • Prevent data leakage through copy/paste and “Open in” other applications
  • 11. Advanced Security Features: Security Tool Integrations STANDARD INTEGRATIONS: • Cloud security gateways • eDiscovery • Data loss prevention (DLP) • Mobile device management • SIEM/log management
  • 12. For more information: Download: The Security Pro’s Guide to Cloud File Storage and Collaboration This ebook is based on “The Security Pro’s Guide to Cloud File Storage and Collaboration” by Securosis, September 12, 2014