In our computerized world, things tend to be reduced to binary as often as possible. 1 or 0. On or Off. Positive or Negative. Access Granted or Access Denied. That shouldn't always be the case.
It’s easy for IT to get caught up in that mindset because that’s how computers think and that’s how you need to talk to them. But the real world isn’t binary and it’s important to get out of that mindset when determining permissions for accessing sensitive data.
If you’re on-boarding someone who is going to be accessing files or folders that you’ve deemed secure, you almost definitely don’t want to give them unlimited access to everything. Not only do they not necessarily need the keys to the kingdom, it’s going to make it that much harder for you to not only keep that data secure but to track down any leaks or breaches after they happen. The goal for sharing any data should be to embrace granular permissions rather than access granted or denied.
Granular permissions are used with sophisticated folder sharing tools to grant varying degrees of access depending upon the requirements of both the sharer and the sharee. An administrator should be able to determine whether a user can list, upload, download or delete files. They should also be able to grant permission to list other users. If the administrator is giving the new user permission to create and share sub-folders of their own, they should also be able to apply granular permissions to the users of those sub-folders as well. Why is all of this important? Well, let’s look at a few use cases.
Bulk Tax Preparation
Let’s say John the tax preparation specialist has contracted with XYZ Corporation to prepare the taxes for all their employees. John can set up a shared folder with individual access for each employee and grant them only upload permissions. They can’t download or delete anything and they can’t even list the files that are in the folder. This way John makes it easy for his clients to submit their protected financial information in one place while keeping all those files secure and private.
Collaborative Marketing Material Creation
Mary is in charge of creating a marketing video for a major product launch a few months from now. She has a presentation that includes highly sensitive diagrams that can’t be leaked before the launch, but she needs an external video production team to animate the presentation, a professional voice-over (VO) actor to read the script and a 3rd-party editor to put it all together. At the same, time, there are multiple other internal employees that need to be able to review each iteration of the video and provide feedback during the process.
Mary can set up a folder that lets the video production house download the presentation and upload animations. The VO artist can only upload audio tracks and can’t see any other files, ensuring he’s not exposed to the sensitive diagrams. The editor can see and download everything while uploading the finished product. None of them can list the other users of this folder. Mary and her coworkers can, however, and they are able to provide feedback to each individual vendor without exposing privileged information.
Rufus manages IT for a large healthcare organization and is responsible for ensuring that protected health information (PHI) stays secure. However, there’s a team of physicians that often need to send patient information to external specialists on an adhoc basis. Rufus can enable this team to create their own shared folders for third parties with limited permissions.
The radiologist may only want to securely send images to other specialists, granting them download rights only. The hematologist may need to collaborate with multiple specialists on blood test results which will require them to download and upload PHI. Another physician is just sending billing information to different insurers every day and needs to be notified when they download them. Each physician can create a shared folder only with the permissions that Rufus has granted and, in turn, those who access that folder get only the same permissions. This way Rufus enables his physicians while avoiding HIPAA violations.
There are a ton of other use case for granular permissions when it comes to shared folders. The important thing to remember is that they’re an easy way to share data and collaborate without having to give away the keys to the kingdom every time you grant access. Granular permissions are supported feature in MOVEit’s Secure Folder Sharing functionality and you can learn more about it here.