Securing Data in SharePoint and Other Cloud Applications with MFT

Organizations adopting cloud-based storage platforms as their go-to for the mountains of data they want retain and work with do so for a number of reasons, including flexibility, scalability, and potential cost savings.  However, security and control over sensitive data may be sacrificed if key security gaps aren’t closed.

Even popular, user-friendly platforms such as SharePoint, Dropbox, and Google Drive can experience data leakage, unknowingly accept content containing threats, and face an increased risk of bad actors gaining access to data (including hidden meta data). Trading partners may also not follow an organization’s security precautions when using these platforms, leaving organizations with even less control when collaborating or sharing business-critical data.

How Secure is Your Cloud Data?

There’s no question about the cloud’s appeal, but the security of the information stored there should be questioned and appropriately protected with multi-layered data security measures.

According to Fortra’s Tripwire research, many organizations aren’t quite sure about their cloud security position, as the results showed:

• A mere one in five organizations assess their cloud security posture in real-time.
• Weekly evaluations are conducted by that same ratio.
• A worrisome 58% evaluate their security posture monthly or less frequently.

This lack of security around cloud storage platforms should raise a few red flags for IT teams and management. There are legal and compliance requirements that need to be met around how data is handled and stored from the organization’s end, no matter if it’s on-prem or in the cloud. So, looking at file sharing solutions, such as Managed File Transfer (MFT), which offers security measures aimed at better securing integrated cloud applications, is time well spent.

Cloud Application Risk Mitigation Essential

Ensuring data is secure on any of the big players in cloud platforms, such as Microsoft, Amazon, and Google, as well as any lesser-known cloud platforms being used starts with a few risk mitigation controls, such as multi-factor authentication, establishing restricted policies around employees bringing their own devices, requiring VPNs, and using a secure file transfer method.

While implementing these measures is a great start, it’s difficult to know what type of controls third parties have put into place when uploading files into the cloud platforms used to exchange data and collaborate. Using a convenient cloud service does not mean that the service is responsible for an organization’s data. Businesses ultimately need to be proactive in protecting data within their cloud environments.

Cloud Application Integrations Can Bridge Platform Security Gap

To add a layer of security when using a cloud platform, we recommend taking advantage of web and cloud application integrations that can connect an MFT solution, which wraps a layer of security around data at rest and while in transit to the cloud.

MFT solutions offer encryption, automation, monitoring, alerting, and auditing, plus SSH and PGP keys, SSL certificates, including alerts all can be managed with the MFT tool.  A robust MFT solution can help reduce human error through automation and standardization, as well as help improve regulatory compliance through auditing and through the security controls built into the software. Some MFT software, such as Fortra’s GoAnywhere MFT, also have built-in cloud integrations to connect with external cloud applications.

GoAnywhere supports many cloud platforms with cloud connectors for popular applications designed to store files such as Dropbox, OneDrive, Google Drive, and SharePoint.

In addition, widely used process and business enablement tools, such as Salesforce and Microsoft Dynamics 365 are also easily integrated with GoAnywhere cloud integrations.

Cloud integration is virtually limitless, as GoAnywhere MFT seamlessly connects workflows and projects so processes can be automated between multiple web and cloud services simultaneously. And if an organization needs to integrate with a web service API that is not already prebuilt, custom cloud integrations are also possible.

With cloud integration built-in to workflows and projects organizations can:

• Automate data, processes, and other tasks, reducing the risk of human error from manual file transfer processes
• String multiple web services together for end-to-end integration. For example, an integration between Dropbox and Salesforce could build a workflow to automatically download a Dropbox file, read the contents, then upload data to Salesforce.

Encryption is Not Enough to Protect Cloud Files

Even if MFT is employed to encrypt data as it moves from the organization to the cloud and back again, there is still the looming threat of viruses, malware, and advanced persistent threats. It’s imperative organizations know what is being transmitted and by whom. For example, a healthcare organization may want to allow some HIPAA information to be transmitted by select individuals but not by all. It may also want to limit the type of files or content entering the network.

MFT’s ability to audit all file activity adds one more layer of security around data. Another layer to pile on top of cloud-hosted data is content inspection of data coming into the organization.

Inspect Content Coming in From Cloud Applications

Without knowing how “clean” data entering an organization through a web application may be, a Secure ICAP Gateway (ICAP) is recommended. With ICAP acting in tandem with secure MFT, information entering an organization’s existing web proxy is inspected for hidden threats, such as viruses, malware, scripts, certain media types, or even keywords within images or documents that could threaten sensitive data.

GoAnywhere’s Gateway module allows clients to log into the system without having to open inbound firewall access and keeps data and credentials out of the DMZ (demilitarized zone).

The deep content inspection capabilities of ICAP can then:

• Scan all inbound and outbound files through communications channels, such as MFT
• Sanitize content according to an organization’s threat protection or data loss prevention policies
• Allow “safe” content to flow through
• Restrict threatening content, so business can continue, uninterrupted.
• Block content that cannot be sanitized from being transferred

The redaction engine can strip out sensitive information, such as the complete digits on a credit card number, with the rest redacted. In addition, optical character recognition can scan text inside of images for threats, and anti-steganography can scan for messages concealed inside of images.

Cloud Platform Use: More Secure with Layered Security

With MFT as the baseline security measure for cloud platforms, organizations can add security layers such as content inspection to further protect data in use on cloud platforms to remove some of the risks of not knowing what partners may be doing security-wise.

With the layered approach, the risks of using cloud platforms can be mitigated with connections secured, files intercepted before leaving or entering the network, workflows put on pause for scanning, and results returned for decision-making, whether that’s deleting, quarantining, or alerting. All work together to keep business flowing, and data secure.