The survey by Hornetsecurity shows that many employees store corporate data in file-sharing services – without the IT department knowing about it. From their home office, on the train or during an appointment at the customer: The desire for mobile access to corporate data is certainly not new. What is relatively new is that it can easily be implemented by employees. File sharing and sync services like Dropbox or Google Drive make it easy and employees are familiar with them from their private environment. According to a recent survey by Hornetsecurity, 30% of respondents use online file sharing, of which 40% do so without the knowledge of the company’s IT department. This is confirmed by data from an IDC survey dating from December 2013, according to which about half of the respondents used file-sharing and synchronization solutions without the knowledge of the IT department. Both studies carried out in Germany show that shadow IT has long been a reality. The uncontrolled storage of company data in file-sharing services is risky. In a Guardian interview from July 2014, for example, Edward Snowden explicitly warned about the use of Dropbox as constituting “a threat to privacy.” The problem for many online file sharing services: Although data is transmitted from and to users in encrypted form, it can be read by service providers, who are even based outside of the EU. Edward Snowden’s revelations clearly demonstrated the resulting possibilities. IDC had already stated the following back in 2012: “Security features of cloud file services are optimized around preventing common security violations in support of sharing and collaborating on public or semiprivate content and not for highly secure content.” There are also compliance requirements. For example, the storage and processing of personal data outside of the EU legal sphere is problematic from the perspective of many privacy advocates. Even Edward Snowden has pointed out what a secure service should look like: So-called “zero-knowledge” technology ensures that providers are not given a look at data. This is implemented by ensuring that the keys used for encryption remain exclusively in the hands of the user and the provider is not given access to the keys. From compliance perspective, it is also desirable for German companies that the provider is also a German company and the storage location is in Germany or at least in the EU. Companies are therefore well advised to not only accept the need for mobile access to corporate data, but to consider such options as an important component in their IT strategy. They should actively seek to provide secure file-sharing services. This is the easiest way to dissuade employees from using unsecure services. Hornetdrive, the online storage service from Hornetsecurity, takes into account both the security needs of businesses and the service requirements of users. Data stored online is automatically synchronized with the systems of users and is also available there offline. The invitation feature allows data to be shared with others. All transferred files are encrypted before transmission. The key remains in the user’s device – no third parties are given access. Even Hornetsecurity as the operator cannot access data stored online. The files are stored in secured data centers in Germany.
The new Cyberthreat Report
Cyberthreat Report 2021
The brand new Cyberthreat Report tells you all about current cyberthreats and gives you access to exclusive numbers and statistics.