If you would like to read the next part in this article series please go to Secure Sharing: Collaboration without Compromise (Part 2).
Introduction
You’ve probably heard the quote attributed to Benjamin Franklin (Poor Richard’s Almanack) that goes like this: “Three may keep a secret – if two of them are dead.” It’s a fact of life that the more people with whom you share something that’s meant to be confidential, the more likely it becomes that someone who wasn’t meant to will also get access to it. That’s just as true in the digital realm as it was in Franklin’s day.
That poses a problem, because in most business environments today, teamwork has become an important element of the majority of jobs. Twenty-five years ago, many more office workers and professionals did their work in comparative isolation. The computerization of the workplace and the increasing sophistication of computer networks and ubiquitous connectivity have made it much easier for people to work together, even if they’re physically located hundreds or even thousands of miles apart.
Why collaboration is king
The focus on a collaborative work style has many benefits. Another old saying (so old that no one seems to know where it originated) says “two heads are better than one.” That is, two people working together can generally produce a better result than one person, working alone.
Two (or more) people can bounce ideas off each other and inspire one another to come up with new ideas. A second pair of eyes will often see potential pitfalls or errors that a lone worker might not have noticed. They can cover for one another and keep the momentum going even if one has to take time off or is ill or otherwise not at peak performance. They bring individual strengths and skill sets to the job that just one person might not have. And by working together, they can learn from each other and each can develop new skills and expertise more readily.
Adding more people to the team can improve efficiency and effectiveness even more – up to a point. There have been many studies done in an effort to determine what size team tends to work together most cohesively and with optimum performance. Most of those studies show the ideal number of team members to be somewhere between four and nine. More than that, and the team begins to get unwieldy, with discussions often getting stuck in endless disagreements and sub-groups aligning themselves on one side or the other rather than all working together in harmony. Of course, individual personalities have a lot to do with that, as well.
Whatever the size of the team, collaboration is necessary today because the modern workplace moves at a much faster pace than in past times. Spreading a workload over multiple people obviously allows for getting more done, more quickly. However, effective collaboration requires sharing of information, not just at the onset but on an ongoing basis. In our current business world, the right people for the job often aren’t able to sit down in a room together on company premises to share their thoughts and progress.
That’s where the global network comes in and makes things easier for knowledge workers to share that knowledge with their co-workers – but also makes it harder for those who are tasked with keeping the data containing that knowledge secure and safe from others outside the company who might be able to use it for purposes detrimental to the organization or to individuals.
Networks changed everything
Data security is much more straightforward when that data is only used by one person. Securing your personal journal that’s strictly for your eyes only isn’t too difficult. You can use a locally installed program to write your daily entries, and save the files (after encrypting them, of course) to a removable USB stick or a flash memory card that you take out of the computer and lock in a drawer when you aren’t using it. The data never travels across the network and its exposure to the network is very limited.
If your secrets are particularly deep and dark or you’re just particularly paranoid, you might even disconnect your computer from the network while you write in your diary – something that’s pretty easy to do by disabling your network adapter or unplugging your Ethernet cable (just be sure all NICs are disabled; many new computers have both Ethernet and wireless adapters and if you unplug the cable, the system might fail over to wi-fi if you have a wireless network that you’ve set up on it in the past).
Of course, even with all this your journal entries may not be completely safe from prying eyes. The strength of the locks on your desk drawer aside, depending on the program you used to create your files, there may be temp files on your computer and/or remnants of your private musings still residing in RAM on your system.
Still, if you take care of all that, you can be fairly confident that your sensitive files will stay secret. But networks changed everything, and the Internet changed it again and now the cloud is changing it even more. Security gets far more complicated when you share information with others by sending it across a network populated by computers other than just your machine and the destination computer, and when that network is the public global Internet with literally billions of devices connected to it, security becomes a real challenge. Add to that the fact that many of us are sharing to and from mobile devices across different operating system platforms and we might be using cloud-based storage services for easy anytime/anywhere sharing, and you can see why you really need to think through your strategy for secure sharing.
How users share – and why you should care
Part of the problem is that we share information across the network in many different ways. We can email files, we can share them through communications programs such as Skype, we can put them in the cloud in our OneDrive, Google Drive or Dropbox account, and if you’re a little old-fashioned you can upload them to an FTP server and have people download them that way.
With all this sharing going on, it’s important for company policies to address which methods are and aren’t acceptable for sharing business information. For example, you might want to set policies that allow emailing files (or discussing business matters) only via the corporate email account, and not via personal accounts such as Gmail or Hotmail or Yahoo Mail. You have no control over the security mechanisms employed by those web mail services, nor can you set technological requirements on password length and complexity and so forth.
Other significant risks are involved in installing popular third-party file sharing software. This is especially true of P2P application that some people use for exchanging files. Others can send files to users that contain malicious code, and then the malware may be able to steal the contents of other files, including business files, and expose it to attackers. Or the malware may infect the user’s computer and steal his/her passwords to company accounts. Because some P2P programs require users to open ports on their firewalls, that opens up another avenue of attack.
According to reports, a large majority of corporations have policies that prohibit the use of consumer file sharing services, but studies have shown that the employees in many of those companies are using them anyway. In this age of BYOD and the consumerization of IT, the IT department has less control over the devices that employees use to connect to the company network. Today’s digital natives, unlike so many of their predecessors, are not intimidated by technology and are savvy enough to get around controls that may be in place. They also tend to be a bit more opinionated regarding their technological preferences and want to use the same programs for work that they’re used to using at home.
If you block file sharing services on the network – which would involve both blocking installation of P2P software and blocking the web sites of web-based sharing services that don’t require software installation – users can still share company files by copying them to removable media, and then uploading them to their favorite services on their home networks. There is probably no sure-fire way to prevent a determined user from “oversharing” but there are many things you can do to help protect data that’s shared in accordance with your policies and to make it more difficult for those policies to be violated.
Summary
Thus begins our discussion of secure sharing, from importance to implementation. In Part 2 of this series, we’ll start to dig further down into the nitty-gritty of different file sharing methods and the security (and persuasive) mechanisms that you can put into place to ensure that your users use the safest ones and that your data is as secure as it can be when in the process of being shared.
If you would like to read the next part in this article series please go to Secure Sharing: Collaboration without Compromise (Part 2).
