Collaboration and Data Leak Prevention (DLP) seem to be at odds with each other. Collaboration requires sharing data and it seems like copying that data to a sharing service is the only viable alternative. The only way IT can protect the organization’s assets is to try to limit the potential for damage by using services that encrypt data, limit access and track activity. The other alternative is to use VPNs to allow access to organizational data, but then IT ends up with the support nightmare that is client VPN software. VPNs also don’t enable collaboration with external business partners. Organizations need another option, one that allows remote access to specific data on file servers inside the data center but does not inhibit authorized collaboration.
File Sync and Share Security Challenges
While file sync and share (FSS) and enterprise file sync and share solutions (EFSS) have made some strides in securing organizational data, they still have some areas of exposure. The first challenge is that most of these services require the organization to move all data to a cloud provider. While cloud providers are fundamentally no less secure than the typical data center, they are bigger targets and deal with more attacks than the typical data center.
The second challenge is that sharing is typically an all or nothing proposition. When a user shares a file with a colleague or business partner, they typically have full access to that file, so they can copy it, cut and paste data to their clipboard or at a minimum take a screenshot of the file. Some EFSS solution allows administrators to limit some of these functions but in doing so break the collaboration process.
The fundamental challenge is how to share a document with an external employee or business partner, so they can make changes to shared data without having that data leave the data center.
MyWorkDrive – Collaboration with Data Leak Prevention
MyWorkDrive is a secure data access and collaboration solution. It does not require the organization to copy all its data to a cloud provider, and it does not require users to access data via VPN. Data is shared and collaborated on in place. The customer installs the MyWorkDrive server software on a server within their environment. IT then points the MyWorkDrive server to the existing fileserver mount points to which it wants to allow access. The solution moves no data in the process. Users can directly access data through the MyWorkDrive WebClient, native desktop client, iOS or Android app.
The software initially presents shared files in a browser window. MyWorkDrive administrators designate the actions users can take on those shared files. The administrator can remove the ability to download the file, to copy data to the clipboard and to take screenshots. The administrator can also watermark the files which should discourage a user from taking a picture of the screen with a smartphone.
MyWorkDrive enables collaboration without risking data leaks by providing direct editing of on-premises Office documents through Office 365 Online. When sharing with an external user, the file launches into the online version of the appropriate Office application. The online version can restrict the use of the local computer’s clipboard and prohibit the user from downloading a local copy. The external user can still review the document, make additions and edits but can’t store a copy, unless authorized, virtually eliminating data leaks.
In addition to preventing data leaks because of collaboration, MyWorkDrive also provides robust security capabilities. The Web file manager provides an encrypted view of over sixty file types. It can restrict clipboard copying and organizations can add custom watermarks to files. The software captures all user interaction with files in its logs.
The Mapped Drive client provides users with a native and familiar interface for managing files. There is no need to learn a new way of accessing their data. The client can block file extensions from being shared, stored or accessed. It can force users to enter their password each time they access the client and it can require two-factor authentication. The Mapped Drive client can also force the online editing of office files instead of allowing local editing.
One of the best ways to prevent data leaks is to make sure data never leaves the data center. Keeping data in the data center eliminates most FSS and EFSS solutions from consideration. Keeping data in the data center also means that IT must provide secure and simple access to data for users and business partners outside of the data center. MyWorkDrive unapologetically ties itself to Microsoft and Office data, but for organizations which primarily count on these solutions (which is the vast majority of businesses), it provides an effortless and very secure way to enable collaboration while at the same time making it very difficult for data to leak out of the data center.