Data security has taken on a whole new level of importance in light of recent events like the Heartbleed bug and revelations that major cloud sites have had millions of user credentials compromised by hackers.
Recently I sat down with the CEO of PanTerra Networks, Artie Chang and Storage Switzerland Senior Analyst Colm Keegan to discuss how businesses can mitigate the risk of end users relying on file sync and share services to collaborate while securely storing and sharing business data.
For even more information, you can click here to listen to our webcast “How To Create An Enterprise Class File Synch And Share Solution” to learn how to secure your data on the edge.
Charlie: File sync and share, it’s a great idea. You send your files to a place and you can work with others at the same time. But, how do you keep it secure? Colm, we’ve recently had a very well attended webinar with PanTerra talking about how businesses really need to get their hands around user file sync and share. I understand one of the chief concerns around the webinar attendees was data security. Can you comment on that?
Colm: One of the reasons that security is such a hot button right now is – just take a look at the news. We had the HeartBleed security hole recently, and not long before that there were news stories about how major cloud application providers have had literally millions of credentials leaked by hackers. In fact, it seems like there are new stories coming out all the time about information breaches. So it’s really no surprise that 60% of webinar attendees stated they had specific concerns around end users storing sensitive business documents out in public file sync and share services.
Charlie: Artie, how does PanTerra’s SmartBox solution help mitigate the risk of user end accounts getting compromised?
Artie: Sure, certainly as a cloud service provider, we have to provide secure data centers, but what I think a lot of people don’t understand is that the actual end user can be compromised. The credentials (the log on credentials) can be compromised fairly easy in most file store sync and share solutions, and then the data is compromised. So, SmartBox has built-in end user authentication capability which increases the security to protect the data from identity hackers.
Charlie: Colm, from a security standpoint, what are some other things listeners should be thinking about?
Colm: I think any point of exposure for businesses is that end user subscribers to public file sync and share services is: What happens when an employee leaves the company? That information is out of the reach of IT admins, and essentially there is zero visibility into the documents that particular person is taking with them to their next job. What happens if they go to work for a competitor? What kind of exposure might there be? What’s interesting about SmartBox is it allows businesses to reign in control of the information, without impeding the ability of their end users to do their jobs. In fact, it’s designed to actually enhance user to user collaboration. Artie, what are some of the benefit’s your clients are seeing with collaborating on SmartBox?
Artie: That’s a great question, Colm. I want to just touch base on another pretty recent announcement in this area as well. You see the mobile platforms have all agreed to implement a “Kill Switch” in their mobile devices, which essentially will provide a uniform way to wipe data off of devices. So that’s another step in the right direction of giving control, management, and security in those cases when devices are lost, stolen, or an employee leaves.
So now to get to the collaboration aspect of your question. The real important thing there is to balance collaboration – use of collaboration – with the security and privacy aspects of the service. What we did specifically in SmartBox, was to fully integrate and build in those collaboration features directly into the file store sync and share service. So this allows users to literally share content and then make a phone call for those people that they shared content to, or have a conference call, or even a video conference call.
SmartBox can even set up a one-click deskshare or web meeting with all of the share users as well. So it really reduces the friction of collaborating with those people that you shared content with. That’s what makes SmartBox pretty different than other standard file sync and share solutions out there.
Charlie: Colm, how does someone get started with using SmartBox? Does it require implementing separate storage in the data center?
Colm: Actually no, it doesn’t. That’s an important point because a lot of organizations are trying to consolidate infrastructure and not add anything to their existing environment; nor do they want the additional management burdens. So one of the nice things about SmartBox is, it’s actually a fully hosted service and it’s very easy to implement.
It’s a simple software download through a browser, and then you can actually start immediately storing data out in their cloud. It’s fully protected and in a fully hardened off-site data center facility. But importantly, IT still maintains control over managing all the data.
Artie, with security being such a top-of-mind issue, what are some of the unique attributes of SmartBox hosted locations?
Artie: Certainly when we think about security in a cloud data center, the first thing that would come to mind would be physical security, and we certainly provide significant enterprise level physical security for ISO 9000 and SAS 70 certified. So, we have all of those physical security levels, guaranteed and maintained.
There’s also cyber security. You mentioned at the very beginning of this podcast how retail store’s data centers are being hacked. That’s a cyber security issue. And we’ve implemented a number of cyber security measures that prevent those types of things. One in particular example is the recent HeartBleed bug. I can tell you we were completely secure and immune from that HeartBleed hole even when it came out. So what you’re getting with an expert cloud service provider is that piece mind that we’re on top of those types of levels of security.
Some of the other levels of security that people don’t think about maybe as often is connectivity security. Of which, we do fully encrypt the content as it rides from the user to the data center. Then as I said again, the client level security. So, implementing multi factor authentication, and the ability to block devices and wipe devices, is all built into the solution. So we give you an end to end comprehensive security blanket for your content.
Charlie: The webinar that Colm mentioned earlier is On-Demand. You can get it by clicking here:
PanTerra Networks is a client of Storage Switzerland