Secure file collaboration considerations
In group communications such as project teams or in client collaboration there is a need to distribute information and files electronically. The information being processed is many times confidential, either from a business or a private data (GDPR) perspective, so protecting that information is essential.
How to take data security into account in data transfers?
How can users take full responsibility for security when it usually is such a technical and difficult problem?
A need to share and transfer information in a secure but user-friendly way
E-mail is easy to use but known to be a relatively poor tool for communication in teamwork. Especially if communication is lively and files are shared and updated frequently. How do you keep track of files? How do you know that all team members have access to and work on the latest version of a file? Also, E-mail is notoriously insecure with the information usually transported and accessible in clear text on the delivery route. It’s even so bad that it’s regarded as safe as a postcard by security professionals. In fact, it’s even far less secure than a postcard, an email can live and be searchable forever. At least a postcard can be easily discarded or permanently destroyed after being read.
There are many encrypted mail systems available but they usually require you to completely change your legacy systems, not only you but all organizations and users that you are collaborating with. And, even if you do change it all, you still have the problem with knowing that everyone has up-to-date files.
So, if we forget e-mail, nowadays the actual transfer method in most modern software solutions, regardless of the tool, is encrypted and secure. That is if they use common technologies for protecting the communication channel. You still have to trust the service and storage since the protection is just in the transfer link (hop-by-hop security). Therefore, what specifically should be taken into consideration in your data transfer process, is the security of the application and data storage provider and the ease-of-use of the tools to meet your needs.
Often, the security debate revolves around technical issues – whether they are protocols, encryption technologies, access control technologies, or processes developed to control human behavior. However, it should be remembered that just as important, although often forgotten and compromised, is that the only security worth anything is the one that actually is being used. Naturally, the technical solutions in the background must be rock solid, but if the tools are too confusing, full of unnecessary functions that users do not understand and the use of the necessary features require excessive training, then even the most technically advanced products will never be fully utilized and data security suffers.
An example of how it should be done is the secure workspace Konfident, where user experience and functionalities are intuitive and reduced to a minimum, and the strong end-to-end security is almost invisible on the surface. The user has full control over what they share and to what team through the simplified user interface.