Don't Gamble w/ File-Sharing When it Comes to Security, Control and Compliance

Securely sharing files with colleagues and partners isn’t easy. While there are many user-friendly consumer-focused collaboration tools on the market like OneDrive, Dropbox, and Google Drive, these lack the security measures necessary to confront the increasingly sophisticated level of threats targeting modern enterprises.

Many organisations rapidly deployed cloud storage solutions during the Covid-19 pandemic to make it easier for employees to collaborate and work from home, but the gamble on this productivity "hack" is not paying off...

Last year, for example, 80% of organisations reported they were unable to identify excessive access to sensitive data in IaaS/PaaS environments, and these insecure consumer-focused cloud sharing solutions are a key contributor to that challenge due to their lack of enterprise-grade access controls.

Now, as supply chain attacks become increasingly prevalent among threat actors, organisations are under pressure to move away from inadequately optimised file sharing solutions and towards truly enterprise-grade encrypted environments.

The Limitations of Consumer-Focused File Sharing and Storage Solutions

The main limitation of consumer-focused file sharing and storage solutions is that they are designed to focus on providing an exceptional user experience to acquire and retain customers rather than on delivering enterprise-grade data security and maintaining regulatory compliance.

In short, these solutions aren’t built with regulated organisations in mind and are unfit for sharing sensitive information due, in part, to their lack of end-to-end encryption.

For example, while Google Drive encrypts files in transit and at rest, it stores decryption keys at the server level, which admins can recover to decrypt information.

Admin access also opens the door to hacking attempts as a threat actor can target a service provider with phishing scams or brute force attacks to obtain login credentials to internal systems, recover decryption keys from the server, and use them to steal data.

Evidence of this was seen last year in the Dark Halo attack, where hackers leveraged weaknesses in Microsoft 365 to gain unauthorised access to encrypted files within OneDrive, and directly accessed the sensitive data of a number of organisations.

The Biggest Mistake Organisations Make with File Share and Storage Solutions

In light of the inherent security weaknesses of many cloud-based file-sharing solutions, the biggest mistake employees make is assuming that confidential data is safe when stored in the cloud. As highlighted above, this is not necessarily the case and puts the entire organisation at risk of a data breach.

While many organisations often assume that the prospect of a hacker breaching a popular file-sharing solution is unlikely, attackers are beginning to use cloud storage solutions as an entry point to harvest protected data.

In addition to the Dark Halo attack, earlier this year hackers also breached Accellion’s file-sharing solution and compromised the data of a number of organisations, including Morgan Stanley, Shell and the University of California.

It’s important to note that during this attack the hackers still managed to obtain decryption keys and stole customer addresses and social security numbers, even though they were encrypted at rest.

As a consequence, it is vital for employees to understand that any and all information stored in the cloud without end-to-end encryption (and even more specifically, decentralized private root of trust e2e encryption) is at serious risk of disclosure, and the risk will only heighten as more attackers start to capitalise on the insecurities of consumer file-sharing programs.

HighSide One: The Controlled, Secure, and Compliant Way to Store, Share, and Sync Files

HighSide One helps organisations to avoid making costly mistakes with file sharing by securing files with end-to-end encryption via the HighSide distributed Encryption and Authentication Protocol (HEAP). Files protected with HEAP are only ever capable of being decrypted at the endpoint, inside the application, after user authentication.

Neither HighSide nor any third-party admins have access to data stored within the HighSide platform, which ensures the data is completely protected even in the unlikely event that a hacker obtains access to HighSide’s back-end servers and services. There truly is no risk of data compromise - the HighSide system is a true zero trust crypto data store.

HighSide One also provides a solution for implementing user access controls, with geo-location and time-based restrictions, which organisations can use to ensure that only authorised users, in authorised locations, on authorised devices can access protected information.

Since the HighSide desktop and mobile application handles all the encryption and decryption, all files stored on the HighSide cloud remain simply ciphertext blobs. Businesses can choose a US, EU, or UK cloud location and government customers can select a FedRAMP controlled data centre. HighSide is built to meet the stringent requirements of government departments and organisations in regulated industries that are subject to the strictest data protection regulations.

Eliminating the Risk of Phishing Threats

One of the advantages of the HighSide protocol is that it eliminates the need to use passwords or 2FA to authenticate users, which means employees are 100% protected from phishing attempts, as there are no credentials for potential hackers to steal.

Instead, each application installation becomes it's own private root of trust and has a set of cryptographically unique encryption keys generated and managed on their approved device. They can then use their pre-authorised device to handshake with the HighSide cloud and gain access to sensitive files without the need to enter a password.

Passwordless authentication drastically increases the security of files held in the cloud as you don’t have to worry about account compromise as a result of password-based attacks.

Minimise the Risks with End-to-End Encryption

Storing and sharing files online is a risky business, but you can reduce the risk of breaches considerably by implementing end-to-end encryption. HighSide One end-to-end encryption enables employees to work together without leaving the door open to unwanted third-party access.

As more attackers look to the cloud to gain access to protected information, encrypting files stored online will be critical for preventing data breaches, particularly for those organisations in highly-regulated industries.