Cloud-based file sharing supports seamless collaboration and the free flow of information across enterprises. However, improperly secured file shares can expose the enterprise to significant cloud security threats in the face of malicious attacks or human error. How can you secure your cloud file sharing solutions?
In this blog we examine potential cloud security risks related to file shares and how those risks can be mitigated. We’ll also look at how NetApp’s Cloud Volumes ONTAP adds important file share protection capabilities.
Secure File Sharing: A Top Security Priority
It is critical to remember at all times that in the cloud IaaS and PaaS service models, the onus of both data loss protection and data loss prevention lies completely with the customer. Even in the SaaS service model, the end-user is responsible for determining which individuals or which roles have access to data.
The cloud service providers offer an array of cloud-native security features and managed services to support cloud data protection efforts and secure file shares. For example, cloud storage providers can typically encrypt data at-rest, often offering encryption key management services as well. The cloud providers also offer the option of encrypting data in-transit as it moves in and out of the cloud’s network. They also offer cloud activity monitoring services, such as Amazon CloudWatch and Azure Monitor, that can alert users about anomalous events.
However, no tool or service can secure file shares if the organization lacks the cloud security expertise to avoid the following poor practices:
- Undefined or unenforced corporate policies for sharing information, such as inadequate classification of data according to sensitivity levels and security control requirements.
- Granting overly permissive access to file shares by users or applications.
- Failure to implement automated policy-based constraints such as reasonable timeframes for revoking access or content expiry.
- Implementing person-to-person sharing directly on IaaS storage.
- Unobfuscated—i.e., openly readable—file share URL links.
Tools That Mitigate Cloud File Share Risks
Through the cloud service partner networks, cloud users also have access to tightly integrated third-party vendor tools that provide visibility into and robust corporate control of file shares across multiple applications and complex multicloud and hybrid infrastructures.
Cloud Access Security Brokers (CASB)
CASBs are typically deployed as gatekeepers interposed between internal and external end-users and the organization’s cloud infrastructure. CASBs provide central IT with full visibility into cloud service usage and automatically identify high-risk users, apps, and activities. Most CASBs provide access controls that prevent unsanctioned access to data as well as trigger risk mitigation workflows. Next-generation CASBs often use machine learning, artificial intelligence and behavior analytics to predict and preempt security threats.
Data Loss Protection and Prevention (DLP) Software
DLP tools ensure that sensitive and business-critical data is protected against loss or exfiltration due to accidental or malicious unauthorized access. Although DLP engines are often included in CASB platforms, they are also available as standalone solutions. DLP tools monitor networks, storage and end-points to identify and block activities that could lead to data exposure, loss, corruption or leakage.
Digital Rights Management (DRM) Services
DRM is a set of tools and practices that protect copyrighted and/or confidential digital media—including file shares—from unauthorized copying and redistribution. DRM tools support secure file shares by tracking and auditing which users are accessing files through which devices. Enterprise-grade DRM tools typically offer highly-secure encryption, protection at the file level, and analytics for control and visibility into how digital assets are being consumed.
How Cloud Volumes ONTAP Supports Secure File Sharing
NetApp’s Cloud Volumes ONTAP is an enterprise-grade software-defined storage (SDS) solution and management platform that runs on both AWS and Microsoft Azure. The OnCommand® Cloud Manager provides unified single-pane configuration and management of file shares across hybrid and multicloud deployments, including automated workflows. With support for all major NAS file share protocols, including SMB/ CIFS and NFS (as well as block-level SAN/ iSCSI storage protocols), the Cloud Volumes ONTAP features most directly relevant to secure file sharing are:
- Data Protection with Snapshot-based point-in-time incremental backups and DR.
- Cloud WORM to prevent accidental or intentional changes to or deletion of shared files.
- Data encryption.
- Tight integration with all the leading access control protocols such as Microsoft AD, LDAP, VPC, Amazon IAM, as well as built-in user and multi-tenancy management.
- Dedicated network connections so that file shares do not transit the Internet.
Cloud-based file shares have become an important business enabler, allowing information to flow freely among employees, customers, and partners. However, it is incumbent on each organization to ensure that leveraging the benefits of cloud file sharing does not expose data to increased risks of loss, corruption or exfiltration. The IT and security teams tasked with establishing and enforcing data security best practices can build a robust data security technology stack using cloud-native as well as third-party services and tools.
Read more about secure file sharing and the security features Cloud Volumes ONTAP uses to keep enterprises and their data safe.
To learn more about Cloud Volumes ONTAP file services, and best practices for how to maximize your scalability and security for enterprise level file shares, download our complete Guide to File Services in the Cloud. Read all of our cloud file sharing articles online, including articles on Cloud Volumes ONTAP security features, how to perform cross-platform access, other file share challenges and more.
We also invite you to kick the tires yourself with a free Cloud Volumes ONTAP 30-day trial on AWS or Azure.