SaaS-based file sharing and storage have become extremely popular in a very short period of time and the advantages are obvious. External users can be granted quick and easy access to documents, which can be shared instantly, thereby eliminating process inefficiencies and document duplication. This also empowers users to take full control of document management, including document revision history. The previously popular practice of sharing sensitive information by email, whilst surprisingly still common, does not offer such a feature-rich experience.
Over recent years there has been a proliferation of consumer-grade file sharing products, which are now being adopted by enterprises globally. According to industry research, File Synchronization & Sharing (FSS) tools will represent a total available market of $106 billion by 2017. These tools are often offered free of charge, or for a relatively low fee, which has strongly contributed to their widespread adoption. It is, however, clear that many of them were originally designed for the everyday consumer — and have not evolved sufficiently to meet the more sophisticated requirements of the enterprises that have now begun to adopt them.
There are undoubtedly inherent security risks when using such tools, which can have a hugely damaging impact not only on a business’s operational efficiency, but also on its reputation. So what are these key security risks?
The most obvious risk is that your data could be stolen or compromised when the systems are hacked. It is imperative that measures are taken to protect your data, whether that be in-situ (hard disk encryption), in-transit (using SSL) or even by deploying document-level encryption. Regular network and application “penetration tests” should also be performed to test the system’s protection against any security threats.
However, there is another inherent security risk that is often overlooked — namely the way that authorised users themselves interact with and handle the hosted data. Many consumer-based FSS tools feature very limited change control, if any; users can delete data at will, which impacts every single other user (including the owner of the data), as everything is synchronised. Users can even share data externally with others as they wish, without the owner’s permission. It is impossible for the data owner to control how their data is being handled or distributed.
Data owners are not even protected against making mistakes themselves, for example, if they were to prematurely share a document or accidentally share it with the wrong person. Furthermore, none of these actions are recorded against a compliance feed, so absolutely nothing is tracked.
According to the Ponemon Institute, the average data breach costs US organisations an estimated $5.4 million total per breach. These breaches are equally likely to be from employee or contractor negligence as from external attacks of a criminal nature.
In certain scenarios, security becomes of paramount importance, for example during due diligence processes for M&A, private equity investments, loan syndications, or even pharmaceutical trials. In these cases, enhanced levels of security are required.
Virtual Data Rooms (VDRs) offer this “next-level” functionality and offer increased control over both your data and the users accessing it. For example, data owners are protected from making mistakes, since all data is first uploaded to the system in a “construction mode”, not yet published to the users, allowing for Quality Control (QC) before external publication. Not only that, but sophisticated controls are available on a user- and file level.
By choosing to go down the VDR route, there is always a trade-off between security and the end-user experience, since extra security features will require additional user actions. That said, well-designed tools will seek to provide a user-friendly, intuitive experience, without compromising security — limiting the impact of this trade-off.
For now, the adoption of these highly secure tools is mostly limited to the use cases referenced above. However, the need for enhanced security is becoming equally important in other business situations — such as corporate repositories, board-level communications, oil field farm-outs or the sale of Real Estate assets to name but a few.
It is, therefore, expected that enterprises will acknowledge these risks and move away from traditional FSS tools, instead choosing to deploy more secure solutions — and tools that promise security and reliability, whilst optimising the end-user experience, will no doubt prove popular in this new arena. As a result, the Virtual Data Room industry revenue is expected to reach nearly $1.7 billion in 2019, representing 13.5% annualized growth from 2014.
All organisations should, therefore, consider deploying enterprise-grade solutions that will mitigate the inherent security risks posed by the most commonly used FSS tools.
For more information, please contact Imprima, the pioneer and the most secure Virtual Data Room in the industry, today.