If you're using secure file transfer tools, chances are you're security conscious. Maybe you're working in a highly-regulated industry, or perhaps you don't want your company on the front page of the newspaper for getting hacked. Whatever the case, if you're securing file transfers, that means you should lock down access to your secure file transfer tool as tightly as possible, right? Maybe not.
The Case for Powerful Access Controls
Of course, controlling access to protected data is essential. File transfer systems are an often-overlooked attack vector for cybercriminals. It goes without saying that access to these systems should be controlled. If you don't manage access to sensitive files and data, you're leaving the door unlocked for thieves and hackers. Access should only be granted to people that are required to use it as part of their job—not every employee or external partner needs access to all company information. It's easy enough to control and enforce access by applying simple rules and policies. For a truly sensitive environment like banking or healthcare, you want full control over user access and permissions as well as centralized user authentication, as well as single sign-on via SAML 2.0 integration to IDP or IAM systems. Support for Multi-Factor Authentication can provide even more security. But for regular businesses with regular security concerns, is it possible to go to far with access control?
Too Many Restrictions Can Push Users to The Dark Side (Shadow IT)
One of the most persistent issues facing the modern IT team is the problem of Shadow IT. Any IT pro knows that Shadow IT, the unsanctioned use of cloud-based apps like Dropbox, Google Drive and Evernote, is surging, and it can be a threat to the data-security of any organization.
Time and time again, employees with access to perfectly good secure file storage or file transfer tools turn to consumer-grade file-sharing tools like DropBox and Google Drive. Why? Because employers often forget the importance of ease-of-use when it comes to internal apps. We may be obsessive about our customer's user experience on our websites, but who cares if Joe in marketing has to take an extra few minutes to log in to transfer a file securely? Well, Joe cares. And if he can use Google Drive to move that file in the time it would take him to log in to your Secure File Transfer solution, you can bet he's going to do just that.
When we put too many restrictions on our users and make their user experience poor, they're going to turn to other options. Especially considering the fast-paced, collaborative atmosphere of many modern workplaces.
That's why Shadow IT has become a persistent issue for organizations both large and small. Users are smarter than ever, and if you slow their workflow down, they're going to find ways to get that time back—and that could mean using tech outside of the tools offered to them. And the ubiquity of free file transfer tools only exacerbates the problem. Unfortunately, these tools can be very insecure if set up improperly, and the free versions don't adhere to strict compliance standards that may be a necessity for your organization. So how can you keep your users off of Shadow IT?
The Solution Isn't Compromise—It's Better Tools
Is the answer removing any access controls from your file transfer tools, apart from a simple username/password combo? While some organizations do go this route, some organizations also store sensitive data on public S3 buckets… we hope that you wouldn't do either.
The real solution is simple, and it doesn't involve compromising your security: If you want your employees to work in a secure manner, give them the tools that they need to do so, and make them easy to use. When you find a solution that accomplishes what they need to do, and that makes it as easy as possible to boot, then you've removed any bottlenecks from the process, and you won't have people straying to other tools.
Most people know that, where sensitive data is concerned, consumer-grade file-sharing solutions won't do. You need a Managed File Transfer tool like MOVEit, which can secure your data, with end-to-end encryption in transit and at rest, as well as access controls and audit trails that allow you to manage exactly who is allowed to access and transfer sensitive data.
MOVEit's Secure Folder Sharing capability can remove bottlenecks by letting users create their own secure, shared folders for collaboration with anyone, in or outside of their network, while administrators keep full control of permissions and audit logs. Flexible deployment options can make using Secure Folder Sharing as simple as drag-and-drop folder transfers on Windows and macOS, allowing increased collaboration with unlimited internal and external users, with all of the standard security features of MOVEit, including a tamper-evident audit log and granular permissions for file visibility. Deployment options are also flexible—Secure Folder Sharing is available on-premises, in the cloud, or as a cloud-based managed service, so users can use it from any device, no matter where they are.
