6-Point Plan for Secure Data in the Cloud.

  • Data transfer facing same issues as e-mail 20 years ago
  • Efforts to avoid making the same mistake twice

Neckarsulm/Friedrichshafen, 4.2.15 – IT history seems to be repeating itself. Twenty years ago, employees used personal e-mail accounts from free providers like Hotmail to send company news and data. IT departments blocked personal accounts in an attempt to contain the damage—a cumbersome solution in light of the proliferation of free e-mail providers. Only by introducing corporate e-mail accounts were they finally able to get the problem under control. Companies in today’s day and age face a similar challenge, this time posed by data transferred via cloud services. However, modern companies risk significantly higher damages due to the increased aggressiveness of corporate espionage.


A lack of centrally provided services often creates an uncontrollable situation. Professional file sync-and-share services are generally complex and expensive, leading users to prefer transferring business documents through free service providers like Google Drive, OneDrive, Box and Dropbox. The solution is a user-friendly business platform with the same features and functionality as popular consumer offerings—available to all office users.


Unintentional Security Gaps.

Free cloud solutions are often inadequately secured against external threats, turning them into a major headache for corporate IT departments. For example, apps sometimes require access to contact information, files and wireless network information—opening the door to confidential business data. What’s more, these services often fail to encrypt synchronised files on their way to or even in the cloud. In general, users don’t know where the data centres hosting their files are located, nor what laws the file sync-and-share service provider must abide by. “While it’s true that the wide-reaching public debate following the Edward Snowden affair has raised awareness, many companies still lack a consistent approach to dealing with free providers. We strongly recommend that they be avoided for professional use,” advises Sven Stiefvater, Senior Sales Consultant and Cloud Specialist at Bechtle AG.


Learning from Experience.

Twenty years ago, it was easier, faster and more convenient to send documents through personal e-mails than by fax. Companies initially baulked at the investment required to set up enterprise e-mail accounts for the entire workforce. Finally, however, central mail servers equipped with distinct business features ended the uncontrollable chaos. Uniform signatures and corporate domain names made it easy for e-mail recipients to identify the sending company and its employees. Today’s challenges seems to be déjà vu, only 20 years later. Sven Stiefvater advises companies to implement a central business cloud solution to reduce the load on IT departments and ensure full employee participation. In addition to attractive prices, business features and high security standards, he lists six further criteria that an enterprise file sync-and-share (EFSS) platform should meet.

1. Incorporation of mobile devices
Employees often use several devices at work, including smartphones, tablets or phablets. The IT department must be able to record, secure and network all of them, ideally without any complex VPN connections. “Unless there are specific rules in place to detail which user is authorised to edit which data, improperly accessing, transferring or storing files can often lead to security gaps,” warns Mr Stiefvater. The advantage of a dedicated user role-based design is that data doesn’t end up stored via inadequately secured services.

2. Multi-level rights management
Multi-level rights management for users and data rooms requires an intelligent user-role approach that reflects each hierarchical level and its various access rights. This allows user rights to be assigned to individual data rooms. The IT department assumes the central role of data space administrator, with full control over the entire system at all times. One step down from that is the role of data room administrator, which allows other departments such as marketing, sales or accounting to manage themselves. They are then able to define their own rights according to department-specific requirements.

3. Secure private rooms
Another useful feature are secure private rooms, which serve as closed-off data rooms accessible only to authorised users or groups. Unless authorised, even administrators are barred access to these rooms, despite their higher hierarchical rank. This is more secure than Windows file servers, where unauthorised users can gain access to data through a domain administrator account.

4. Audit-proof logs
System logs help uncover unauthorised activity by showing who did what at what time and in which order. All log entries must be valid and comply with data protection requirements. They must also be managed and stored according to stringent security standards. As a result, data exchange within the company is transparently available for review at any time.

5. Zero-knowledge technology
Anyone exchanging documents with external business partners through an EFSS solution should send encrypted files only. This applies whether you use a notebook, wired network PC or mobile device, and it doesn’t matter if you’re exchanging data within or beyond national borders. Files should be encrypted during transfer (channel encryption), in the cloud (server-side encryption) and on user devices (local encryption). Triple-crypt technology fully protects sensitive data without reducing transfer speeds. An especially important feature is “zero-knowledge technology,” which applies to client-side encryption. Offered by only a few cloud storage providers, it denies unauthorised users access to files. In addition to data encryption, it is essential to consider the location at which data is stored. Recommended are data centres in Germany, particularly if ISO/IEC 27001-certified.

6. Image control through branding
Similar to corporate e-mail addresses, professional data transfer services should make it easy to identify business accounts as such. It is also a good idea to apply your corporate brand to the URL, web interface and apps, thus integrating them into your corporate design and ensuring a consistent professional image.


About Bechtle Secure Cloudshare.

Bechtle Secure Cloudshare (BSC) is a secure online data transfer platform available as a central company or group solution or as a cloud solution. It lets businesses securely store, share and receive data online, even if it’s sensitive. As a user-friendly office solution, BSC integrates perfectly into existing business processes and can be used for all file sharing needs.

Bechtle’s data centres in Neckarsulm and Friedrichshafen have been ISO 9001 and ISO 14001-certified for years. ISO/IEC 27001:2013 certification was obtained in 2014. As a leading international certification for information security management systems (ISMS), it confirms that both data centres operate in accordance with top IT security standards.