News/Trends, Product

Encryption Doesn’t Mean Privacy

Enterprise file sharing systems keep your data encrypted. But don’t assume that means the data is private.

Encryption is a must for any enterprise that wants to share and synchronize files – and is there any that does not? However your business syncs and shares data, that data should be encrypted on the device, in transit, and at rest. Encryption protects your data from sniffing, hacking, and downright physical copying.

Even if you gift-wrapped the encrypted data and gave it to your biggest enemy, it would take them a gazillion years of computing on the fastest supercomputers on the planet to de-crypt. That sounds pretty secure.

But there is a catch.

Encryption does not guarantee privacy. That’s so particularly when you have opted for a cloud solution.

Most cloud enterprise file sharing and sync solution providers keep the master secret key with themselves. They have good reasons to do so. For instance, it improves the way they manage their storage; they can deduplicate across a larger data set; they can add more unique-to-them features; and they can check for DRM violations.

However, the service provider having a key also allows them to unlock your data, theoretically at any time. Most providers have good practices in place, and I’m sure they won’t access any company’s data without good reason.

But the providers could do so, if (for example) a subpoena forces them to access your company data or if they are hacked. This is a great unseen risk of file sharing. You are sharing your intellectual property, sensitive documents, trade secrets, everything.

Ask yourself whether you are comfortable with trusting to good faith and uncontrollable factors. If not then, you should explore other ways to share and synchronize data. Among them:

  • Taking up an on-premise deployment gives you complete control. The storage is yours, and you can enforce high-grade security however you want.
  • If you don’t want to miss out on the benefits of cloud computing, today’s cloud architectures allow an even better solution. You can own the key, or part of the key, to ensure that your data cannot be unlocked or accessed without your explicit approval. That may not save you from a court order, but at least you know the data won’t be accessed without your knowledge and deliberate compliance.

For more: Read about Druva’s two-factor encryption model and its other security features.

Think that’s scary? There are four additional unforeseen risks that you should consider. Read our white paper, 5 Unseen Risks in Enterprise File Sharing, to learn more.