Bringing file sharing back down to earth
The term ‘file sharing’ evokes a variety of emotions. Clearly, sharing documents and other content between peers is a useful thing to be able to do, particularly in the corporate context. Equally illegal downloads, Napster and Pirate Bay, torrents and warez, file sharing has all done their best to give this most basic of computer functions a bad name.
Despite corporate file sharing tools being around for some time, this is perhaps why they have only recently become a more accepted part of the corporate IT tool kit. Few would doubt their usefulness, for example for exchanging very large files, collaborating on documents or distributing up-to-date versions of information. All very useful functions, but as with any technology, IT decision makers need to think carefully about the associated risks.
Perhaps the biggest of these is data leakage. Shared folders appear like normal folders on a desktop, so it is very easy to drag information in and out of them. Almost too easy – to the extent that a confidential file could be dragged into a publicly shared folder and made visible to everyone who has access to it.
This risk works both ways. Other people can also add files to shared folders, so they can essentially introduce them into the heart of someone’s desktop workspace. A malicious user could easily replace an innocuous file in a shared space with one that contains a virus or Trojan horse, and people would be none the wiser – until, of course, they tried to open it.
Shared folders can hang around for a long time – long after they are no longer necessary. It may be, for example, that a project folder is shared with subcontractors, and is left hanging around long after the project is finished. Even after one of the parties has a falling out, doesn’t get paid or goes to work for the competition, say.
And to the first point - shared folders can also be used to share very large quantities of information illegally, including confidential data – engineering diagrams, customer records or secret formulae, say. They can equally well be used for copyrighted audio and video content, and even porn or information relating to illegal or fraudulent activity.
Given that insiders remain the most likely cause of security breaches, you will want to know you have the measures in place to prevent them, or catch them if anything happens. There are no insurmountable risks here – indeed, an up to date anti-virus program on each desktop, a data leakage protection package, a set of policies for acceptable use of shared folders would deal with just about all of them.
However, if your staff are already using shared folders, you may want to review your existing countermeasures and AUPs to ensure that the risks don’t become realities.