Secure File Share Remote Access for Government

 

Secure Remote File Access

MyWorkDrive provides the necessary safeguards to help government agencies meet their security requirements for secure file share remote access without migrating files to the cloud or exposing their files using VPN.   MyWorkDrive gives your government agency secure file share remote access using your on-premise Windows File Shares & Active Directory infrastructure.   Users are able to remotely edit and share files simply and securely.  No Vendor lock-in, No syncing and prevent Ransomware without migrating files the cloud or new systems.

Compliance

Achieving HIPAA, FNRA, FIPS, FEDRAMP, GDPR, and CaCPA2018 compliance is critical for today’s cloud connected remote workforce when accessing file shares.   Governments and public sector agencies are secure using MyWorkDrive Remote File Access Mapped Drive, Web Browser, or Mobile clients anytime from anywhere.  With MyWorkDrive customers have access to enhanced security and Data Leak Prevention features without having to maintain VPNs or migrate their file shares to the cloud.

Data Leak Prevention

Using MyWorkDrive’s Data Leak Prevention feature enables secure remote file share access for Governments while remaining compliant with various data security regulations such as FIPS,  MyWorkDrive ensures sensitive files remains on location, are never synced or migrated to any device and access is only allowed through a secure tunnel in our encrypted viewer with watermarks to prevent printing and copying of screen viewing.

Easy Deployment without Migrating Files

Government agencies can deploy MyWorkDrive infrastructure on-premise as 100% private cloud to meet their security requirements or as a hybrid cloud.   In private cloud mode all files, transmissions and document edits are contained within the government agency’s infrastructure including support for a Local Office Online Server.   When deployed as a hybrid cloud, Office documents can be viewed and edited in Office 365 online in Microsoft’s FEDRAMP compliant Office 365 editors securely with a direct secure tunnel between the agency and Microsoft while keeping files saved to the government agencies private storage.

MyWorkDrive has worked hard perfecting our product offering to meet stringent government data security standards and regulations.  MyWorkDrive is pleased to offer their Public Sector customers the ability to subscribe to our MyWorkDrive Secure File Share Remote Access software to solve security concerns around VPN while providing the collaboration features employees need to be productive.

US Federal Government GSA Approved

 

For US Federal Government Agencies, As MyWorkDrive’s public sector distributor, Vertosoft provides government end users access to MyWorkDrive software through Government Purchasing vehicles such as GSA IT-70 and NASA SWEP.  Vertosoft is focused on delivering innovative technologies and services to public sector agencies in support of agency IT modernization efforts. They bring a deep knowledge and unmatched expertise supporting all phases of the government acquisition life cycle to federal, state, and local governments through the adoption of both cloud and emerging technology solutions.

 

About MyWorkDrive

MyWorkDrive provides a software-only, on-premise data center solution for secure private cloud remote file sharing access from anywhere for any device. Users gain access in minutes without Sync, VPN, RDP or migrating data. MyWorkDrive is for IT leaders looking for a cloud-like file sharing solution that has ransomware protection & DLP, facilitates data governance compliance (FIPS, HIPAA, FINRA, GDPR), enhances Office 365 real-time online collaboration, with a lower total cost of ownership.

MyWorkDrive is redefining Enterprise File Sharing and Content Collaboration for critical sectors including Healthcare, Education, Government, and Financial institutions. MyWorkDrive employs the 5 C’s of success as an alternative to standard file share cloud services: Compliance, Control, lower Cost of Ownership, Cloud Capabilities, and instant Collaboration.

 

MyWorkDrive announces partnership with Vertosoft

FOR IMMEDIATE RELEASE OCTOBER 14th, 2019 (San Francisco, CA)

MyWorkDrive, the Data Leak Prevention tool that enables secure remote file share access for Enterprise while remaining compliant with various data security regulations including FIPS, announces today our official partnership with Vertosoft.  As MyWorkDrive’s public sector distributor, Vertosoft provides government end users access to MyWorkDrive software through Government Purchasing vehicles such as GSA IT-70 and NASA SWEP.

CEO Dan Gordon says- “We are happy to announce that with our partnership with Vertosoft, we are able to provide our Software to Public Sector Agencies who have been asking for it.” In the past we were told “if only you were on the GSA Schedule, or FedRamp compliant” …Now we are!

MyWorkDrive, a San Francisco based security software company has worked hard perfecting their product offering to meet stringent data security standards and regulations. The company is very happy to offer their Public Sector customer base the ability to purchase their Secure File Share Remote Access software through Vertosoft.

MyWorkDrive ensures sensitive files remains on location, are never synced or migrated to any device and access is only allowed through a secure tunnel.  Using built-in Data Leak Prevention features all files remain secure.

Achieving HIPAA, FNRA, FIPS, GDPR, and CaCPA2018 compliance is critical for today’s cloud connected remote workforce when accessing file shares.   Governments and public sector agencies are secure using MyWorkDrive Remote File Access Mapped Drive, Web Browser, or Mobile clients anytime from anywhere.  With MyWorkDrive customers have access to enhanced security and Data Leak Prevention features without having to maintain VPNs or migrate their file shares to the cloud.

Vertosoft is focused on delivering innovative technologies and services to public sector agencies in support of agency IT modernization efforts. They bring a deep knowledge and unmatched expertise supporting all phases of the government acquisition life cycle to federal, state, and local governments through the adoption of both cloud and emerging technology solutions.

MyWorkDrive is redefining Enterprise File Sharing and Content Collaboration for critical sectors including Healthcare, Education, Government, and Financial institutions. MyWorkDrive employs the 5 C’s of success as an alternative to standard file share cloud services: Compliance, Control, lower Cost of Ownership, Cloud Capabilities, and instant Collaboration.

About MyWorkDrive

MyWorkDrive provides a software-only, on-premise data center solution for secure private cloud remote file sharing access from anywhere for any device. Users gain access in minutes without Sync, VPN, RDP or migrating data. MyWorkDrive is for IT leaders looking for a cloud-like file sharing solution that has ransomware protection & DLP, facilitates data governance compliance (FIPS, HIPAA, FINRA, GDPR), enhances Office 365 real-time online collaboration, with a lower total cost of ownership.  MyWorkDrive is privately held, based in San Francisco, California and a product and dba of Wanpath LLC.  Visit us at https://www.myworkdrive.com.

 

MyWorkDrive Version 5.4 Webinar set for October 24th

Join our resident experts on Thursday October 24th at 10 am PST for a webinar where we will preview the latest MyWorkDrive version 5.4 secure file remote access features. Save your spot now for this very popular discussion!

During this webinar we will preview the latest 5.4 features and updates:

  • Download speed improvements by 500%
  • Search integration with the Mapped Drive client
  • MSI Files for easy mapped drive deployment
  • Updated Cloud Web Connector/Reverse Proxy speed improvements
  • Default A+ rating on Qualsys SSL Labs with no manual configuration
  • UI improvements across all clients

We will also review:

  • MyWorkDrive Web File Manager Data Leak Prevention
  • Access Files from Anywhere with Mobile or Mapped Drive
  • MyWorkDrive software road map
  • How to collaborate and edit online in Office 365 and keep files stored on your own server.

How to join us: Thursday October 24th, 2019

Start Time: 10:00 AM PST, (1:00 PM EDT, 6:00 PM UTC)

Register using this link:

 https://attendee.gotowebinar.com/register/5213251222296219661

CentreStack Alternative Solution

MyWorkDrive Version 5.3.2 Released to Production

We are pleased to announce the production release of version 5.3.2 of MyWorkDrive server, Mobile and Mapped Drive Clients.  Version 5.3.2 is primarily a maintenance release, with improved security, stability and logging capabilities.  The list of updates includes:

    • Updates to our Online viewer
    • Office 365 interoperability
    • Duo 2FA improvements
    • Mobile App Support of iOS 13
    • User Session management enhancements
    • Map drive session lost/expiration handling
    • Map drive installation/launch logging

We recommend all customers upgrade to our latest 5.3.2 production server and mapped drive client. All clients are advised to update to version 5.3.2 following normal review and accommodating normal maintenance windows. Detailed upgrade instructions can be found in our Server Upgrade Guide.  See our server release notes here.

Coming Soon..

In version 5.3.3, we’ll be continuing our security and reliability enhancements with expanded options for session timeout management, file size limits, faster web downloads, more diagnostics on server events, an MSI installer for the Windows Client and improved performance, search and file operations on our various clients.

**Important note for MyWorkDrive Servers 5.2 & earlier**

We will be ending support for Server Version 5.2 and earlier on 15 Jan 2020, and your server will no longer be licensed as of this date if not upgraded to 5.3. You must upgrade to server version 5.3 or later prior to 15 Jan 2020. The licensing partner we use for 5.2 and prior versions will no longer be providing licensing or support as of 15 Jan 2020.  This only impacts Server versions 5.2 and older; map drive and mobile clients will continue to function normally

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

Private Cloud vs. Public Cloud: Secure File Sharing and Data Security

Data is moving to the cloud at an incredible pace. 

Studies suggest that 83% of all enterprise workloads will be running in the cloud by 2020. 

Perhaps the biggest reason for this explosion of the cloud is the arrival of the age of digital transformation. 63% of companies say that they’re moving to the cloud to support their digital transformation campaigns this year. 

However, another 66% of IT professionals believe that security is the most significant concern they’ll need to face when choosing the right cloud environment. 

After all, cloud-based solutions don’t just come in a single format. According to the LogicMonitor Cloud Vision study for 2020, approximately 41% of enterprise workloads will be run on public cloud platforms, thanks in part to their accessibility and affordability. 

However, a growing number of companies are also considering private cloud (20%) and even hybrid deployments (22%) to protect their data. 

Cloud-based solutions in the modern enterprise aren’t just about accessing higher bandwidth and dependability. 

The right service can also give companies an essential level of control when it comes to managing highly sensitive data. 

The level of control that you have over that information, and the opportunities available to protect it will depend on the kind of cloud you invest in. 

Read on for your full guide to private cloud vs. public cloud in the digital landscape. 

Public Cloud vs. Private Cloud: Defining the Two Options

Public cloud storage and private cloud are the two primary options available for today’s businesses. Both give companies the opportunity to access novel technologies in the digital landscape. 

In the era of digital transformation, cloud computing opens doors to things like DevOps agility, mobility, artificial intelligence, and machine learning. The cloud environment also enables machines to communicate effectively through IoT connectivity. 

The public cloud is currently the most popular form of cloud. 

It refers to environments that are available via a publicly accessible portal. Some public cloud storage solutions are possible over a web-page, while other solutions require you to install proprietary software to your machine. 

  • Any user can request access to the same infrastructure, and a variety of companies share the same infrastructure. 
  • This makes the public cloud is far more affordable and flexible for smaller companies. 
  • In the public cloud environment, the storage platform is hosted by a third-party provided – delivered and managed over the internet. 
  • There are no capital expenses to worry about, and users can handle their fees through predictable monthly payments. 
  • The storage and processor power required to run the cloud tools are not managed by your business, so there’s less need for IT expertise. 

The biggest problem with the public cloud is security and resiliency. Although public cloud environments are secure, sharing resources with others means you cannot get tailored security solutions for your own part of the cloud.

Now that 85% of enterprises are keeping sensitive data in the cloud, private solutions are becoming increasingly more appealing – particularly for companies in highly-regulated industries.

Private cloud deployments deliver computing resources that are uniquely tied to a specific user. 

All of your critical information is stored within a network of privately dedicated resources. 

Many people see this option as a chance to extend their pre-existing data center, with additional storage capacity and processing power. 

Although there’s more demand on your resources to specify and maintain your new cloud infrastructure, there’s also a lot more control available through a private cloud. 

A private cloud can also be a problem for many companies, as the infrastructure and deployments are managed on your end. This means that you need to ensure that your security systems are always up-to-date – the vendor won’t do it for you. 

Private clouds are also more flexible than the public cloud, with customization options available for specific regulations and demands.

The Main Differences Between Private and Public Cloud

Before we cover the unique benefits associated with both private and public cloud, let’s examine how the two options differ from each other in closer detail. 

Importantly, both cloud computing solutions are growing increasingly popular. 

According to IDC, cloud computing spending is expected to see a growth rate that’s 6 times higher than standard IT spending through 2020. 

Whichever option you choose, you’ll be part of a growing revolution on the cloud. 

Critical Characteristics of Public Cloud:

  • Billed according to usage: You can access pay-as-you-go public cloud offerings that bill you based on the number of minutes you use within individual pieces of computing equipment.
  • Hosted at the vendor’s facility: You won’t need to purchase, manage, deploy, or maintain your computing infrastructure at a physical building.
  • Shared hardware: You will be using the same shared physical server and storage appliances as many other companies working with the same vendor.
  • Fast scaling and provisioning: it’s easy to establish a new server and additional bandwidth in the public cloud whenever you need more space. 

Critical Characteristics of Private cloud:

  • Hosted on-premise: Most private cloud solutions from a traditional vendor require businesses to purchase, manage, and maintain their own hardware.
  • Higher capital expenses: There may be numerous up-front costs associated with deploying the required infrastructure for a private cloud environment.
  • Limited scalability: For many users, a private cloud won’t offer a great deal of scalability, as you’ll need to buy additional infrastructure to extend your services. However, it is more flexible than a public cloud.
  • Dedicated hardware: You get the benefit of knowing that you’re the only company with access to the cloud resources that you’re using. 

Some companies are also beginning to offer hosted private cloud solutions, which are much more beneficial than the traditional on-premise private cloud. 

These share many of the characteristics of a public cloud, including high scalability and the ability to host your environment at a vendor’s facility. Additionally, like with public cloud investments, there are variable billing options available that allow you to spend money as and when you choose. 

Hosted private cloud solutions can be far easier to access and use. Although you still get dedicated software and hardware that means that your information can be kept secure – you’re not deploying and using that hardware on-premise yourself. 

Hosted private cloud options are a good combination of both public scalability and private resilience. 

The Benefits of Public Cloud Computing 

Public cloud environments are available to anyone, which means that they can be an excellent solution for smaller brands and companies in need of budget-friendly storage solutions.

Cloud computing packages are operated by vendors with massive data centers. These data centers can distribute computing and storage resources across a variety of customers from different locations. 

Perhaps one of the biggest benefits of public cloud computing is how easy it is to access. Because maintaining and securing infrastructure is the responsibility of the vendor – not the business, even smaller companies can streamline their IT operations this way. 

Additionally, if your business is growing dynamically, you’ll have no problem scaling your cloud resources up and down according to your requirements. 36% of companies say that reducing the burden on IT staff is a crucial component of cloud computing. Public clouds can help with this goal. 

Public cloud computing delivers:

  • Agility: Often, when most enterprises are asked to provide a reason for choosing public cloud over provide connectivity, they put dexterity first. 

Public clouds ensure that companies can provision and deploy new resources in real-time. This means that it’s much easier to achieve rapid time-to-market and keep costs low. 

  • Availability: Although there can be outages with any kind of cloud computing, the public cloud is still a lot more reliable than keeping your data and information on-premise. 

Public cloud offers a great deal more uptime than most traditional data centers. Enterprises can even choose to access their services from a company that provides a guarantee for uptime

  • Scalability: As the need for an application or system grows, it’s straightforward for your business to add additional computing resources to suit demand. Most public cloud services will include some automated scaling so that businesses don’t have to worry about adding other computing resources at specific times in their growth cycle.
  • Performance: In cases where organizations need access to high-performing computing resources for their workloads, the public cloud makes it much easier to access these capabilities. 

You’ll only pay for what you use, which means that you can manage your expenses on a pay-as-you-go basis. You may even be able to access the latest technology in a public cloud data center without having to pay extra for new innovations. 

  • Location independence: It’s possible to access public cloud services wherever you are, using any internet-connected device. 

This ensures that you’ll be able to deliver greater mobility to your workforce and expand your business overseas if you want to. 

  • Low costs: Because the costs of running a vast data center are spread across multiple people in a public cloud environment, the prices are often quite small. 

This means that you don’t need to have to pay as much on your cloud infrastructure, and you can reduce costs in other ways too. For instance, many public cloud users can eliminate the need for specialist IT staff required to provision and manage servers and bandwidth on the back-end. 

The public cloud also converts some capital expenses associated with one-time purchases of hardware and software into simpler operational costs.

The Problems with Public Cloud Computing 

As compelling as public cloud computing can be in the right circumstances, it’s not always the right solutions for today’s businesses. The biggest disadvantage of the public cloud generally relates to concerns about security and control

With public cloud computing, you rely on the vendor to keep you safe. This means giving up control over the physical hardware that stores your data and the solutions that keep your applications running. It’s also more challenging to know for sure whether your information is being appropriately protected on the back-end or not. 

Because the public cloud environment is so vast and spread across multiple organizations, this also makes them a frequent target for hackers. 

The chances are you’ve seen countless news stories about groups that have been able to break through into public cloud environments. 

Some enterprises will also be concerned about the shared space that they can access on a public cloud. With the public cloud, workloads from numerous organizations are running within the same physical server. 

This means that it could be easier for people to create holes in the system to access potentially private data. 

The other big problem with public cloud environments is the fact that they’re often not compliant with specific laws and regulations that are critical for certain industries. In the US, healthcare providers and financial service providers need to meet with very specific requirements when it comes to how they store and manage customer information. 

HIPAA FINRA GDPR Compliance

Not all cloud providers will fit the requirements in these areas. Additionally, in Europe, sensitive information gathering and processing is much stricter since they adopted GDPR, and no matter whether you are based, you need to be compliant with this regulation if you wish to obtain and process data from EU subjects. 

Not all public cloud environments meet these requirements. 

Even the cost benefits of the public cloud can be problematic at times. Although the pay-per-use option will appeal to some companies, if your usage in a particular application suddenly skyrockets, there’s a risk that you could be left with a huge bill.

On-Premise Private Cloud Computing Benefits

The public cloud has its advantages for smaller companies and those who have fewer concerns to think about when it comes to addressing compliance.

There are some environments where a public cloud doesn’t make sense. 

That’s why private cloud solutions were designed to support those with a need for higher security, resilience, and control. 

As mentioned above, the private cloud is a computing environment that’s built and reserved for one specific enterprise to use. In a private cloud, every appliance and service is only available to one organization. 

The benefits and issues with the private cloud depend on how you choose to access it. There are two distinct versions of the private cloud:

  • Self-managed: You build your cloud environment with hardware and data centers that are managed by your own team.
  • Hosted: Some vendors provide hosted private clouds, where someone else hosts and manages your cloud computing resources – similar to the experience you get with the public cloud. However, the servers are not shared among customers.

The benefits of a self-managed private cloud are:

  • Greater security and control: This is the most prominent reason that companies generally choose a private cloud over a public option. With an in-house cloud environment, organizations are able to retain control over their infrastructure, which means that they can deploy security measures that have been chosen by their team. It’s possible to create a best-in-class environment that’s specifically suited to the needs of your business and industry.
  • Improved compliance: With in-house private cloud environments, organizations also get the option to make sure that all of their data storage solutions comply with the regulations that are relevant to their industry. There’s complete control over all security measures here, and it’s easy to make sure that data remains within a specific geographic area too.
  • Customization: An in-house private cloud will also provide enterprises with the ability to choose which hardware they’re going to use to store their data and run their applications. Like with a private cloud, it’s possible to access this environment from any location, using any internet-connected device.
  • Agility and scalability: There are plenty of options for growth with a private cloud environment. You’ll be able to build out and extend your cloud however you see fit.
  • Predictable costs: While the private cloud can be more expensive than the public cloud, the prices are far more predictable and more comfortable to account for. You’ll know exactly how much you’re going to be spending from one month to the next. 

The Problems with On-Premise Private Cloud Computing 

While private cloud computing is more secure and easier to control than public cloud solutions, there are some downsides to this option too. 

In the case of on-premise private cloud computing, for instance, because organizations are required to manage and purchase their infrastructure, private cloud solutions are often costly. 

You’ll need to pay for professionals to manage your cloud infrastructure on the back-end too. 

Additionally, with a private cloud, companies need to handle all of the standard in-house services that would be managed by a public cloud vendor on the other side of the coin. 

This means that deploying, provisioning, and monitoring hardware is much more difficult. 

If you do decide to scale your cloud solutions in a private cloud infrastructure that’s on-premise, that also means investing extra time and resources into the process. 

Acquiring additional resources and adding them to your cloud can be a very expensive and exhausting process. 

In some instances, you may find that it’s difficult to access the latest cloud solutions on a private cloud environment too. 

After all, you won’t be able to simply tap into the tools that your cloud vendor invests in. You’ll be required to purchase your own additional systems and innovations if and when you need them. 

The Benefits of a Hosted Private Cloud Environment 

Hosted cloud provider solutions were designed to overcome many of the issues that are common with on-premise private deployments. 

These solutions are intended to give businesses access to the security and control benefits that they can get from the private cloud. Most of them will offer scalability and accessibility that’s common with public cloud environments too. 

Like a public cloud, the hosted private cloud comes with the option to store your databases and required infrastructure on the vendor’s site, so that you don’t need to invest in or manage your infrastructure yourself. 

Hosted private cloud offers a combination of what you get from the public and the private cloud. 

Because only one company has access to the physical hardware and applications on the hosted private cloud, this eliminates many of the security and control concerns associated with the public cloud. 

The only downside security-wise is that you still won’t have physical control over your servers – however, this might not be a problem if you know that your private provider is compliant with your industry’s needs. 

Additionally, giving up control of your hardware means that you also get a more simplified management solution for your private cloud. 

If you can find a hosted provider that you’re comfortable with, you won’t need to pay for a new IT team to manage and provision your physical hardware. Just like in the public cloud, your vendor will handle this side of the work for you, reducing the need for monitoring and maintaining complex tools. 

Even though you don’t have complete control over the hardware, some vendors will also give you the option to customize your operations by specifying what kind of equipment is used to power your private cloud. 

Another point to note with the private cloud is that the costs of this investment often remain highly predictable. Hosted private cloud models can vary. In general, you’ll be asked to sign a contract that specifies the amount of bandwidth you can use. This makes costs much easier to manage and a lot more predictable than with many public cloud offerings. 

Although, some hosted private cloud providers will still increase costs if your usage starts to rise. 

Like with the public and private on-premise cloud, hosted private clouds also come with additional agility, scalability, and availability compared to the conventional data center and computing strategies.

You’ll be able to build on your infrastructure quickly and efficiently as your business continues to evolve, ensuring that you always have access to the tools that you need. 

What is Hybrid Cloud Computing?

Up until this point, we’ve discussed two of the most common cloud computing models: public and private environments

As the technology landscape has continued to expand and evolve, we’ve also seen the arrival of another solution for growing enterprises: hybrid cloud

74% of enterprises have said that they’re beginning to explore multi-cloud and hybrid cloud environments so far, hoping to gain some of the positives of both the public and private cloud environment. 

Hybrid clouds combine multiple public and private cloud solutions, that are managed as part of a complete single entity. 

This unique arrangement allows businesses to overcome some of the drawbacks of both private and public clouds and create their own unique environments instead. 

For instance, companies with specific compliance requirements to consider could store more sensitive data in a secure private cloud

They could still access data from an application that’s running in a low-cost public cloud too. 

Companies could also choose to run most of their eCommerce and sales operations from the private cloud to ensure that the customer data stays secure. They’d also be able to scale up to public cloud environments at times when they need extra functionality. 

Benefits of the hybrid cloud environment include:

  • Enhanced flexibility: A hybrid cloud allows organizations to use the private setting for workloads and requirements that would be best served by a situation that they can completely control. 

At the same time, the company can also use public clouds in times when it makes the most sense. There’s no need to choose between two options, users can instead access the cloud that simply makes the most sense. 

  • Security and compliance: Hybrid clouds can provide multiple forms of data security solutions when provided by the right vendor. 

You can store customer credit card numbers and payments data in the private cloud – to ensure that there’s less access to outside sources. 

At the same time, you can store public-facing web content in a slightly less-secure public cloud. This makes meeting compliance requirements a lot easier and more affordable. 

  • Improved scalability, agility, and availability: Because hybrid environments connect both public and private clouds, they offer the same kind of accessibility, agility, and scalability you would get with a public cloud, in an environment that’s as secure as you need it to be. 

Additionally, as with any cloud, you can still access your applications and data from any environment or device that you choose. 

Problems with the Hybrid Cloud

According to data presented at the AWS Summit, 65% of companies have a hybrid cloud strategy today. 

Although the hybrid cloud was intended to overcome all the issues associated with both the public and the private cloud – it still has its negative points. 

  • The biggest downside is how complicated it can be to manage. Organizations often need to invest in special automation and other tool solutions if they’re going to manage different kinds of cloud in one environment.
  • Enterprises will also need to invest in making sure that their staff has the right training required to manage, integrate, and monitor a secure hybrid cloud environment. 

It’s a significant challenge to do this in many situations – and a problem that might be difficult to overcome for smaller businesses. 

One point to note is that because the hybrid cloud also uses some public services, organizations face the risk of having to deal with surprisingly high bills resulting from periods of excessive usage. 

Some companies believe that the unpredictability of the costs is often outweighed by the financial benefits of using the public cloud for certain operations. 

The key to success with hybrid cloud environments, as with most cloud solutions, is making sure that you research your options carefully. Choosing the perfect cloud solution means looking at all of the solutions on the market and finding the one that’s best suited to your needs. 

How Secure is Cloud Storage in General? 

Before you decide whether cloud storage is the right solution for you, either in a public, private, or hybrid environment, it’s important to make sure you can see the benefits of this solution. 

All files stored on a secure cloud server can benefit from an enhanced and more reliable level of security than you would be able to access a basic on-premise storage environment. 

When choosing your provider, look for the following: 

  • Advanced firewalls: These firewalls inspect traveling data packets: Simple options will only examine the source and destination data, while advanced options verify the integrity of content packets. These programs also map packet contents to security threats.
  • Intrusion detection: Cloud online storage can identify when someone is attempting to break into your systems, sending real-time notifications to business leaders to help you avoid problematic attacks.
  • Event logging: Most cloud storage solutions also come with access to event logs that help security analysts to better understand the threats you face on a regular basis. These logs record network actions and help you to predict and prevent attacks in the future.
  • Internal firewalls: All accounts shouldn’t always have access to all the data you have in the cloud. Limiting cloud access through internal firewalls can boost your security levels significantly.
  • Encryption: Cloud security solutions come with the option to encrypt data both at rest and in-transit. This keeps your information safe from unauthorized users. If an attacker steals a file, they still won’t be able to read your data without an encryption key.
  • Enhanced physical security: Many cloud data centers are very secure. Certified data centers come with 24-hour monitoring facilities and even armed guards. These places are far more secure than most traditional on-site data centers. 

Choosing your Cloud Solution 

The key to a successful cloud solution is making sure you recognize the specific needs of your business

Consider your privacy concerns and the regulations that you need to comply with in your industry. If your organization handles things like medical records and credit card information, there’s a chance that even the most robust public cloud won’t be suitable for you. 

The more research you do into your available cloud environments, the easier it will be for you to take advantage of all the benefits the cloud has to offer while avoiding unnecessary risks. 

 

Windows File Server

MyWorkDrive Version 5.3 Released to Production

We are pleased to announce the production release of version 5.3 of MyWorkDrive server, Mobile and Mapped Drive Clients.

New Features

Version 5.3 includes many new features requested by our customers including:

Server

  • Support for multiple mapped drive letters
  • Admin panel updates to support shared public user
  • New licensing process to ease support for upgrades and migrations
  • Security updates to cookies and headers
  • Added preconfigured shibboleth SAML integration
  • Customized password expired and lockout messages
  • Support for locked down environments and outbound proxy

Numerous other enhancements and fixes.  Server release notes here.

Mobile Apps

  • Open files in local app
  • Download multiple files
  • Upload multiple photos
  • New file display by date/name
  • Display company custom logo

Web Browser Client

Windows Mapped Drive

Numerous other enhancements and fixes – Release notes are here.

 

Version 5.3 also includes support for additional SAML providers including a built in integration for Shibeloth.  During the webinar we provided an in-depth demonstration of our multiple mapped drive letters and shared public user features.

We recommend all customers upgrade to our latest 5.3 production server and mapped drive client.   See our server release notes here. 

Webinar Recording Link

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

What is Remote Work?

There’s a steady rise in remote work positions. Why do people and businesses choose to work remotely, and how do they do it?

Remote employees work either from home or outside of the traditional working environment, such as at an office or on a specific job site. It increases morale and encourages successful completion of tasks and goals in a much more efficient, timely, and cost-effective manner.

All remote work can be summed up into two distinct categories:  

  • A fully remote job allows an employee, whether they be part-time, full-time, or on a freelance basis, to work 100% from home without needing to commute to an office location.
  • A partial remote job offers employees some remote work capabilities but does not allow the employee to engage in their work without visiting the office or job site at least some of the time.

So how does a company decide whether they should go the fully or just the partial remote job route? This largely depends on the type of job, but the tree deciding factors usually are:

  • Travel is a necessary part of the job.
  • Staff meetings and face time is required.
  • Certain aspects of a particular job can not be done from home or outside of the office.

Whether full-time or part-time, one thing is for sure, remote work is no longer considered a trend but is now a fully viable option, as is confirmed by numerous studies and statistics, which we will address right now. Read more

Migrate On-Premise Files Shares to Azure Cloud File Storage

cloud file storageLooking to migrate Windows File Shares to cloud file storage? You’re not alone!

Businesses of all sizes have been searching for the right mix of technologies that will allow them to migrate their on-premise file shares to cloud file storage.

For small businesses and startups, services like Dropbox, Box, Egnyte and SharePoint are a good alternative. 

For larger businesses, governments, higher education and compliance restricted firms, migrating away from private cloud file storage under their own control requires significant planning. 

Larger companies are concerned about the loss of file ownership, data sovereignty, compliance, ongoing costs and navigating costly and complex migrations.

These businesses are considering migrating their file shares to cloud file storage so that they can outsource the management of servers and infrastructure while still desiring to maintain control of their company files and sidestepping the software vendor lock-in associated with EFSS.

Until now they could meet some of these requirements with costly Enterprise File Sync and Share (EFSS) systems on-premise however they were still stuck managing complex migrations, having new databases to manage and license and re-inventing long term backup and data retention plans.

These businesses have been searching for a simple alternative cloud file storage sharing option that provides the same benefits of traditional mapped drives, fast local speeds and secure file remote access. 

The technologies to enable cloud-based file server file shares are now converging with all the components needed to make this dream a reality! Read more

MyWorkDrive Version 5.3 Preview Now Live

We are pleased to announce the preview release of version 5.3 of MyWorkDrive server, Mobile and Mapped Drive Clients.

New Features

Version 5.3 includes many new features requested by our customers including:

Server

  • Support for multiple mapped drive letters
  • Admin panel updates to support shared public user
  • New licensing process to ease support for upgrades and migrations
  • Security updates to cookies and headers
  • Added preconfigured shibboleth SAML integration
  • Customized password expired and lockout messages

Numerous other enhancements and fixes.  Server release notes here.

Mobile Apps

  • Open files in local app
  • Download multiple files
  • Upload multiple photos
  • New file display by date/name
  • Display company custom logo

Web Browser Client

Windows Mapped Drive

Numerous other enhancements and fixes – Release notes are here.

Mac Mappped Drive 5.2.1

  • Display company branded logo
  • Improved Office file locking support
  • Remind user to install Fuse during setup and launch
  • Bug fixes and enhancements – Release notes are here.

 

Version 5.3 also includes support for additional SAML providers including a built in integration for Shibeloth.  During the webinar we provided an in-depth demonstration of our multiple mapped drive letters and shared public user features.

In addition to 5.3 preview we have updated Version 5.2 production with important updates to file locking to support extended refresh of file locks in Office Online and our mapped drive and numerous other fixes.    We recommend all customers upgrade to our latest 5.2 production server build 5.2.18 and mapped drive client 5.2.2.   See our server release notes here. 

Webinar Recording Link

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

MyWorkDrive Version 5.3 Preview Webinar Recording Now Live

We are pleased to announce version 5.3 of MyWorkDrive server, Mobile and Mapped Drive Clients has been previewed during our Webinar held on May 9th, 2019.

Features

Version 5.3 includes many new features requested by our customers including:

  • Multiple Mapped Drive Letters for each Share
  • Shared Public User Access
  • File Filtering and Alerts
  • Open/Save Multiple Files in Mobile Client
  • Zip and Share files from the Web Client
  • Server Admin Panel Enhancements

Version 5.3 also includes support for additional SAML providers including a built in integration for Shibeloth.  During the webinar we will an in depth demonstration of our mobile app that now includes support for iOS files provider, Image previews and new offline capabilities.   With iOS file provider enhancements user’s can access, upload, download and edit files stored on MWD shares from any app.  See our updated mobile user guide here.

MyWorkDrive CEO Dan Gordon says, “We are very excited to these major enhancements for secure file remote access from any device or authentication provider.   With these speed and functionality improvements, now more then ever, our customers can eliminate file share VPN security risks while enabling their users to work from anywhere without VPN or remote desktop login headaches.”

Webinar Recording Link

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

MyWorkDrive Version 5.2 Released to Production

We are pleased to announce version 5.2 of MyWorkDrive server, Mobile and Windows client is now available for full production download.  This release includes a major update that now supports logging in using ADFS/SAML from any device when connecting to server version 5.2.  With this update secure remote access using Windows and Mobile Apps from any SAML provider with two factor authentication is now possible.   An example would be Azure AD integration with MFA enabled – When enabled in MyWorkDrive and ADFS/SAML is set to required, users can access MyWorkDrive shares with our  Mapped Drive and Mobile clients using SSO and MFA Two Factor as part of Azure AD.

Version 5.2 also includes a major overhaul to our mobile app that includes support for iOS files provider, Image previews (5.2 server required) and new offline capabilities.   With iOS file provider enhancements user’s can access, upload, download and edit files stored on MWD shares from any app.  See our updated mobile user guide here.

MyWorkDrive CEO Dan Gordon says, “We are very excited to these major enhancements for secure access from any device or authentication provider.   With these speed and functionality improvements, now more then ever, our customers can eliminate file share VPN costs and security concerns while enabling their users to work from anywhere without VPN or remote desktop login headaches.”

 

New Version 5.2 features

Mobile Apps

  • Login using ADFS/SAML provider
  • Prevent password saving policy support
  • iOS files provider support for accessing files in any app

Web Browser Client

  • User favorites to folder locations
  • Alternative viewer for large text files
  • Improved support for ADFS and SAML SSO providers

Windows Mapped Drive

  • Login using ADFS/SAML provider
  • New command line options for unattended setup
  • Improved login/logout performance
  • Improved handing of custom branding
  • Numerous other enhancements and fixes – Release notes are here.

Mac Mapped Drive

  • Speed and performance improvements
  • Login using ADFS/SAML provider
  • Support for server password policies
  • Bug fixes and enhancements – Release notes are here.

Server

  • Administrative Alerts for file downloads, delete or modify
  • Simplified SAML setup for Okta and OneLogin
  • Export/Import of settings for easy backup/restore
  • Azure AD single logout support
  • Numerous other enhancements and fixes – Release notes are here.

*Upgrade note: Existing customers can upgrade for free in place.

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

Cloud storage: Is it for you?

Cloud storage is a model of computer data storage where files are stored in logical pools.  With Cloud Storage, the actual physical storage typically spans multiple servers (which can also be in located in multiple physical locations).   While the storage is typically owned and managed by a hosting company many organization have their own private cloud storage.   Cloud storage can fit the demand for convenience, mobility and cost-efficiency for data storage. With all of the advantages cloud storage provides, do not forget security.

The sophistication of the security options available for cloud storage are growing but there is no single set of solutions yet available. Just as there are layers of security required for on premise storage, even more are required for securely transporting, storing and accessing data in the cloud. Your data will be in the hands of a third-party. Security measures must be examined prior to selecting a vendor. Do not let cost be the determining factor in your vendor selection.

Cloud Storage Security

The cloud provider chooses authentication, authorization, and access control mechanisms that meet their needs to host multiple tenants in their cloud. Choosing the cloud provider that best meets your business and security needs are the primary selection criteria for choosing a cloud vendor. The vendor is responsible for securing your data on their servers. They will select the firewalls and chose the security polices they will enforce. Make sure those polices meet your needs. Insuring your data is safe and accessible to only you, this is what you are paying for. Limit security risks by encrypting the files before transferring them to the cloud storage location. Use a vendor that allows you to maintain your own encryption keys, instead of the cloud storage provider retaining them.

The portions of security the end users are responsible for need to be easy to use, flexible to manage and secure. The more complex the security the more effort the user will expend to get around them or ignore them. For a security solution to be effective, it must be used as designed and deployed. Citrix remote desktop is not only very expensive it is difficult to use and support. VPN’s are often not used because of the complexity of this technology. Your access solutions needs to be easy to use and not require a lot of training for the end user or the support staff.

With so many mobile devices accessing your data from different locations around the world, the tools you use to access your data must have excellent security. Security that not only prevents remote devices from being used by the wrong person (DUO, SSO), uses encryption in transit to and from the server behind the firewall. Insure no data is left behind on the remote device after the transaction has been completed.

Ease of Use

Usability is one of the biggest changes that cloud storage brings. Most solutions address both Mac and PCs. They use the ‘drag and drop’ option, moving any file easily to your cloud storage device. Backup and Disaster Recovery systems are a lot more user-friendly. Once set up, backups can be done quickly and automatically. Simpler interfaces are easier to use and manage; reducing the burden of extensive training.

Accessing Files in the Cloud

As long as you have an Internet connection, you have access to your files in the cloud. The cloud storage server is device agnostic, you can access your files with any Smartphone, notebook, tablet, laptop, desktop or thin client workstation using iOS, Windows, Unix or Android OS’s.

With the massive growth in remote work. With employees increasingly working from home for at least two days a week, and the growing use of the gig economy labor model, remote access to shared files is essential for worker efficiency and productivity.

Risk Factors

Cloud storage needs to be backed up just like your on-premise file shares. Control your backups; it is your data and your future. If the vendor says they do a full back up of the data, ask how often, where the backup is physically, if they test the backup and if you can restore and run your business quickly from that backup. Good backups are the best defense against disaster.

Data format and migration is another consideration since files migrated to proprietary hosted cloud storage will be converted away from NTFS native file storage with built-in security permissions to the vendors format making portability and future migration away from the vendor difficult. If possible choose a cloud storage vendor that natively integrates with Active Directory NTFS permissions and groups to maintain future portability.

Most cloud service providers are reliable; however, they are only as reliable as your Internet connection. Having a poor Internet connection can keep your businesses from being able to access your data. Determine your bandwidth needs prior to selecting an ISP or cloud storage vendor.

Ask if you will share a common namespace with other clients of the cloud provider, if you use a single-sign-on authentication option it can make it easier to access your data and increase your risks.

Find out if when you upload your company data to a public cloud provider, if you still own it. Read the fine print in the contract of the cloud providers; find out if that cloud provider, not you, owns the data you save in their cloud service. Read the fine print, details are critical in the cloud vendor contracts.

In many cases issues around compliance or data sovereignty may eliminate some vendors or require the use of files stored in a private cloud.

Rising costs can also be a risk if you do not plan efficiently. Extensive research must be done prior to selecting a vendor to ensure scalability and that costs will remain reasonable over time.

Customization

One of the best benefits in cloud services is the ability to customize the services you need for your business. Even the least expensive cloud service providers can provide levels of customization greater than traditional on premise storage and networking systems. Because these systems are software driven they require very little investment in hardware (if any), so you may be able to afford new and additional services.

Although entry-level systems offer customization, if you have specific needs, care is needed in selecting a provider that best addresses your business needs. Do not sacrifice performance for price.

Conclusion

Cloud storage can be an excellent way to save on capital expense (CAPX) and reduce the internal IT support workload. But buyer beware, thoroughly research the vendor you choose and ensure that they are the best fit to help your company succeed and maintain control of your data in the future if you need an exit plan. MyWorkDrive provides the ability to maintain control of files using your own private cloud storage or interfacing with Azure File Share Sync or Netapp OnTap storage providers.

Data Loss Prevention Strategies

Data is the lifeblood of your business. How do you protect it?

Data Loss Prevention

What is Data Loss Prevention (DLP)?

With information security theft on the rise, enterprises must find effective ways to protect their data, and many such enterprises are turning to data loss prevention (DLP) implementations to secure their networks. Data loss is a serious issue for any business of any size. Losing files means losing time and money to restore or recover information that is essential to your business. Data loss occurs when data is accidentally deleted, stolen, or corrupted. Viruses, physical damage to memory devices or formatting errors can render data unreadable by either humans or software. Losing files and documents often have a lasting impact on your company’s financial health.

Some data is recoverable, but this process can require the assistance of IT professionals and will cost time and resources the business could apply elsewhere. In some instances, lost files and information cannot be recovered, making data loss prevention even more essential. You can minimize your business’s potential for data loss by understanding what leads to data loss.

DLP is also a policy issue.

Identify where the existing data resides and how this data is classified. Examine controls and data stores currently in place. Focus on first protecting the most sensitive category of data. In a large enterprise, it is advisable to start with a small segment of the network, rather than tackle the network as a whole. Only when the most sensitive category of data has been protected throughout the enterprise is it safe to move to the next tier.

The focus of DLP is to prevent confidential information from leaving the organization and from being accessed by unapproved recipients. At the very least, DLP should be able to detect when such an event occurs. This is assuming that the organization has boundaries; with the implementation of a document classification matrix and with strong policies in effect, confidential data is likely to be segmented into secure data stores (rather than being copied to the cloud), thereby implementing boundaries.

Effects of Data Loss on Businesses

Data loss is a major inconvenience that disrupts the day-to-day function of any business. When important files and documents are lost, your business must spend time and resources recreating or recovering these files to fill the gaps left by loss. While you may be able to locate hard copies of information, these may not be as up-to-date as the digital copies that were lost. Data loss caused by corruption or viruses poses particular problems as the extent of data loss caused can sometimes be difficult to determine. It can be costly for your business to weed out and repair damaged files.

Data Loss Prevention Strategies

With information security theft on the rise, enterprises must find effective ways to protect their data, and many such enterprises are turning to DLP implementations to secure their networks. Data Loss Prevention strategies have been evolving for several years. Successful implementation of DLP requires that it be approached as part of an overall program, rather than as a technology solution. DLP protection is limited to documents within the perimeter of the enterprise, or those documents stored on enterprise-managed hardware.

Since data is everywhere in the Enterprise there is no one tool by itself that can fully protect your data. To implement an effective Data Loss Prevention solution multiple layers of policy, procedures, and toolsets are required. Many of these seem like common sense, and most are basic to normal operations of a functioning Enterprise. The trick is to make sure that they all overlap with no holes for data to leak thru. Since data can only be fully protected and controlled by maintaining the location of your data; behind your firewall with all of the multiple layers of data protection that you can provide.

Operational Integrity

  • Monthly Computer Hygiene: Defrag HD, Delete duplicate/unnecessary files, run anti-virus/anti-malware
  • Patch Management
  • Software Upgrades
  • Endpoint protection: Anti-Virus/Anti-Malware-keep them updated
  • Monthly Server Maintenance
  • Server/workstation Backup: 3 backups-2 different mediums-1 offsite (all encrypted) monthly back-up testing

Layered Cybersecurity

Antivirus Software

Cybersecurity technology starts with antivirus software. Antivirus is designed to detect, block, and remove viruses and malware. Use products that are also designed to detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial of service (DDoS) attacks.

Firewalls

Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules—separating your secure internal network from the Internet. Minimizing the number of open ports Firewalls are deployed as an appliance on the network and may offer additional functionality, of virtual private network (VPN) for remote workers.

Patch Management

Criminals design their attacks around vulnerabilities in software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them. Using outdated versions of software products will expose your business to security risks.

Password Management

Weak passwords are at the heart of the rise in cyber theft, causing 76% of data breaches. Adopt strong passwords, 8 + alphanumeric characters.

Data Protection Technologies

These data loss prevention measures protect against a wide array of cyber-attacks. However, because threats like ransomware are always evolving, security solutions are just one part of an effective defense strategy. You also need solutions in place that enable you to return to operations quickly if you do suffer a cyber-attack. Data protection technologies are an essential second layer of defense against cybercrime.

Controlled Access to Data

Ensure that only the authorized user has access to data on your Network. Use Multi-factor Authentication (MFA) and Single-Sign On (SSO) tools in conjunction with Data Leak Prevention to limit external access, add watermarks and prevent printing or clipboard access.

When accessing corporate data remotely ensure data is encrypted when in motion and at rest. There are multiple technologies that will achieve these results, the key is to choose the one that is the securest, easiest to implement and maintain, and the most economical for your needs.

Occam’s razor essentially states that simpler solutions are more likely to be correct than complex ones. Applying this theory to Cybersecurity, it would state, “The easiest technology to use will be the one most used and thus the most effective”.

VPNs are complex and expensive to maintain and are frequently ignored when the user is stressed and pressed for time (ever been in an airport?). The next level in expense and complexity for remote file access is the virtual desktop technology.  Deploying virtual desktops is a costly and difficult solution requiring extensive hardware and software investment. Supporting this technology requires dedicated engineering support and significant training for your end-users and support staff.   Research, research, research; measure twice buy once.   To avoid complex VPN’s and remote desktop support companies are employing web based file management software to enable secure file access with DLP features built-in avoiding the complexity and expense of VPN software.

Sources: Exabeam, Digital Guardian, NSS Labs

MyWorkDrive Version 5.2 Released to Preview

We are pleased to announce version 5.2 of MyWorkDrive server, Mobile and Windows client is now available for preview download.  This release includes a major update that now supports logging in using ADFS/SAML from any device when connecting to server version 5.2.  With this update secure remote access using Windows and Mobile Apps from any SAML provider with two factor authentication is now possible.   An example would be Azure AD integration with MFA enabled – When enabled in MyWorkDrive and ADFS/SAML is set to required, users can access MyWorkDrive shares with Windows Mapped Drive and Mobile clients using MFA Two Factor as part of Azure AD.

Version 5.2 also includes a major overhaul to our mobile app that includes support for iOS files provider, Image previews (5.2 server required) and new offline capabilities.   With iOS file provider enhancements user’s can access, upload, download and edit files stored on MWD shares from any app.  See our updated mobile user guide here.

MyWorkDrive CEO Dan Gordon says, “We are very excited to these major enhancements for secure access from any device or authentication provider.   With these speed and functionality improvements, now more then ever, our customers can eliminate file share VPN costs and security concerns while enabling their users to work from anywhere without VPN or remote desktop login headaches.”

 

Register for the 5.2 Launch Webinar on Feb 28th

Webinar Registration Link

New Version 5.2 features

Mobile Apps

  • Login using ADFS/SAML provider
  • Prevent password saving policy support
  • iOS files provider support for accessing files in any app

Web Browser Client

  • User favorites to folder locations
  • Alternative viewer for large text files
  • Improved support for ADFS and SAML SSO providers

Windows Mapped Drive

  • Login using ADFS/SAML provider
  • New command line options for unattended setup
  • Improved login/logout performance
  • Improved handing of custom branding
  • Numerous other enhancements and fixes – Release notes are here.

Server

  • Administrative Alerts for file downloads, delete or modify
  • Simplified SAML setup for Okta and OneLogin
  • Export/Import of settings for easy backup/restore
  • Azure AD single logout support
  • Numerous other enhancements and fixes – Release notes are here.

Register for the 5.2 Launch Webinar on Feb 28th
Webinar Registration Link

 

*Upgrade note: Existing customers can upgrade for free in place.

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

California Consumer Privacy Act of 2018 (CACPA), Who, What, When, Where and Why?

CaCPA

Who Does the CaCPA Protect? Who must comply?

Any consumer, defined as a “natural person who is a California resident.” This is further defined as:

  • Any individual is in the state for any purpose that is not transitory or temporary
  • Any individual who lives in the state but currently or occasionally is outside the state for a temporary or transitory purpose

Meaning consumers traveling to or with partial residence in other states would be protected, as long as their home is California.  This also means that the law applies to “business-to-consumer” (B2C) companies and to “business-to-business” (B2B).

A covered “business” is defined as a for-profit entity that meets 1 of the 3 following conditions.

  1. Earns $25 million or more in annual revenue.
  2. Holds the personal data of at least 50,000 people, households, or devices.
  3. Obtains at least half of its revenue selling personal data. Selling, is not just trading data for cash. Merely disclosing data to a third party if it results in financial gain, is subject to the law.

CaCPA states that that they must also meet the following 4 conditions.

  1. Be a legal business entity that is organized and operated for profit.
  2. Collects consumers’ personal information, or has someone collect it on its behalf.
  3. Determines the purposes and means of the processing of consumers’ personal information.
  4. Does business in California

Any “for profit business” passing this test will be subject to the law, regardless of its geographic location. According to iapp it is estimated the law will apply to more than 500,000 U.S. companies, most of which are small- to medium-sized. It will also impact businesses outside the U.S., as long as they do any of their business in California.

What Is the Penalty for Noncompliance?

For intentional violations not addressed within 30 days, the fine is from $2,500 to $7,500 per violation (e.g., per record in the database). Unintentional violations not addressed within 30 days, Consumers are able to recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.

Twenty percent of the penalties collected by the State will be allocated to a new “Consumer Privacy Fund”. Any funds in excess of Court and collection costs may be placed in the CA State General Fund.

Where Did This Law Come From?

The CaCPA was rushed through Legislation in just 7 days’ time and was signed just hours before the closing of the 2017-18 California legislative session. Speedy for a Law with such widespread ramifications.

This rush was in response to a much stricter ballot initiative proposed by San Francisco real estate developer Alistair Mactaggart.  Mactaggart spent $3.5 million of his own money to fund initiative measure No. 17-0039 which received more than 629,000 signatures, more than enough needed to put the issue on the November 2018 ballot.

How Does the CaCPA Define “Personal Information?”

CaCPA’s definition of personal information is much more extensive than the definition of PII, it does align more closely with the broader list in the GDPR. It’s defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In addition to the information typically included under PII, it also includes:

  • Geolocation data
  • Education information
  • Audio, electronic, visual, thermal, or similar information
  • Professional and employment information
  • IP addresses
  • Internet activity (i.e., browsing and search history, web tracking data)
  • Aliases
  • Characteristics of protected classifications under California or federal law
  • Commercial information (i.e., personal property records, purchasing history)
  • Inferences drawn from any of the information contained in the definition

Why CaCPA

Just days before Mactaggart could certify the signatures, California Democrats agreed to push a compromise bill in exchange for dropping the initiative. The tech industry lobbyists believe that they will have a much better chance of controlling the narrative and the ultimate impact of the CaCPA. Industry Lobbyists agreed not to oppose the bill since the much less favorable ballot initiative had a good shot of passing later in the year.

What did they get for their compliance?

  • 18 months’ time to lobby on how to rewrite the details of the bill.
  • CA legislature can modify the CaCPA with a simple majority instead of a 70% super majority required by the CA Consumer Privacy Act of 2018.
  • CaCPA makes it more difficult for consumers to sue noncompliant businesses, giving most of the enforcement control to the CA state Attorney General.
  • CaCPA affects more companies, as it lowered the threshold by half to businesses with only $25 million annual revenue.

 

“Data regulation policy are complex and impacts every sector of the economy, including the internet industry,” the Internet Association lobbying group said. “That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning. It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike.”

The winners and losers of this bit of legislation (10,660 words), have yet to be determined, due to the massive rewriting of the details going on right now. It is very likely that the new and improved CaCPA will apply mainly to the Small to Medium Business, the ones that can’t afford the high priced Lobbyists and their massive expenses. This bill hastily written and barely reviewed by anyone other than its writers with its many typo’s and poorly written text was approved by Governor Brown on June 28th 2018. On Aug. 24th just 57 days later the first 45 amendments came. These amendments were primarily to adjust technical errors. Get prepared.

Sources: Assembly Bill No. 375, iapp The Privacy Advisor, New York Times, FairWarning

 

NextCloud Alternative

GDPR Fines: Blood in the water. Who’s first?

GDPR Fines Against Google

The (CNIL), France’s data protection authority (DPA), has levied a €50 million ($57 million) fine against Google for violating the GDPR’s transparency, information, and consent requirements in deploying targeted advertisements. The largest fine by GDPR to date and the first involving a U.S. technology company was issued on January 21, 2019.GDPR Compliance

The CNIL’s investigation was triggered by complaints from two advocacy groups, None of Your Business and La Quadrature du Net, filed immediately on the GDPR’s May 25, 2018 effective date. The complaints alleged “forced consent,” by which users of Android-powered mobile devices, had to agree to Google’s entire privacy policy and terms of service before using the Android device. Google lacks a legal basis to process users’ personal data as it relates to ad personalization.

Why a €50 Million Fine?

The CNIL relied on four factors in issuing its €50 million fine.

  1. Nature of the infringements relating to lawfulness (Art. 6) and transparency (Arts. 12 and 13), both of which are core principles of the GDPR and listed as triggering the highest fining threshold (of 4% of International Revenue) in the GDPR (Art. 83.5).
  2. Because the infringements were continuous and ongoing after the GDPR’s effective date.
  3. The processing purposes, their scope, and the number of individuals concerned.
    • CNIL’s investigation focused on users who created a Google account while setting up their Android device and noted that this is a very large number of individuals.
    • They contend that due to Android’s dominant market share in the French smartphone market and the number of smartphone users in France, the processing is vast.
    • Also given the number of Google services involved (more than twenty).
      •  The variety and type of data involved
      •  The multiple technological processes that enable Google to combine and analyze data from various services, applications, or external sources.
      • These processes undeniably have a “multiplying effect” on the knowledge the company has about its users.
      • The company has the means for potentially unlimited combinations enabling a massive and intrusive use of consumer’s data.
  4. When viewing the infringements from the perspective of Google’s economic model,
    • The processing of user data for advertising purposes via Android.
    • Advantages Google obtains from that processing,
    • CNIL found that Google must be extra cautious about its responsibilities under the GDPR.

CNIL does not say how it got to the amount of €50 million, but indicates these infringements would be subject to the GDPR’s 4% maximum fine. Fine was based on Google’s 2017 global revenue of €96 billion. It’s clear that the CNIL did not impose the maximum fine. However, other than saying the fine of €50 million was “justified”. CNIL provides no reasoning for this starting amount or how the factors referred to above influenced the amount.

2018 Decisions & Fines

This case against Google represents the CNIL’s first published enforcement action, explicitly under the GDPR and the largest fine it has ever imposed. It also highlights the CNIL’s scrutiny of notice and consent in online advertising, which had been building up in the past months, as evidenced by other recent CNIL decisions.

This fine comes 1 month after Italy’s DPA fined Facebook €10m for misleading its own users over data practices. The watchdog said Facebook wrongly emphasized the free nature of the service without informing users of the fact that their data would be used to generate a profit for the company.

Google was not the first GDPR fine just the largest to date.

The first fine was issued in Austria in October 2018, although it is not strictly related to personal data processing. A betting shop received a €4,800 fine for a security camera that was recording part of the pavement outside since large scale monitoring of public spaces is not permitted under the GDPR.

At the end of October, the Comissão Nacional de Protecção de Dados (National Data Protection Commission) in Portugal imposed three fines on the Hospital do Barreiro: These are the first fines related to the processing and storage of personal data.  Two €150,000 sanctions and another of €100,000. For a total cost of €400,000 for the hospital. The first two fines of €150,000 were for violation of the principle of data integrity and confidentiality, and violation of the principle of data minimization, which in theory prevents indiscriminate access to data. 985 physicians had active accounts on the system giving them access to clinical files, while the hospital had only 296 active doctors on the date of the inspection.  

The third fine was related to the inability of the Hospital as data controller to ensure the confidentiality and integrity of the data of its clients and patients.

In the middle of November, a social network in Germany, Knuddels.de, received a €20,000 fine after a hack that caused 808,000 email addresses to be leaked, along with over 1.8 million usernames and passwords. This information was then published online with no encryption. The social network reacted by saying that once the leak had been discovered, it immediately improved its security measures.

After the incident, it was discovered that the website had no kind of protection on its sensitive information. According to LfDI Baden-Württemberg, the German data protection agency handling this case, one of the reasons that the website received a “relatively low” fine was that it acted with transparency, and quickly implemented security improvements.

Higher Fines Expected in 2019

The economic sanctions so far are clearly conservative compared to the maximum possible penalties allowed, but with the recent spate of high profile data leaks from Marriott, British Airways, and Quora it won’t be long before larger, harsher fines start to appear.

How Can You Avoid GDPR Fines?

What can you do to avoid a fine of millions of Euros or Dollars? The most important thing to bear in mind is that prevention is better than a cure. By having appropriate data leak protection in place for the personal data your company manages, you can avoid sanctions and fines.

  • Start by determining if online storage or on prim is the right solution for your needs
  • Controlling who has access to it
  • Realize that if you use Sync and Share instead of a private cloud file sharing solution, you have just doubled the amount of data you have, and you have also doubled the # of locations that you need to defend. Plus one of these locations you have no control over.
  • Complexity reduces security. The more complex a solution is the less it will be used.