Managed File Transfer (MFT)

Data in Motion-Moving at the speed of Business

Managed File Transfer (MFT)MFT

 

Managed file transfer (MFT), refers to a set of computer programs that provides for the “managed-secure-controlled” transferring of data.

  • Managed: in the context of this article, means transferred in a controlled way.
  • Secure: refers to the areas of auditing, authentication, and encryption.
  • Controlled: means scheduled, protected, logged, measured, automated, and clearly defined.

For modern organizations, unstructured data — in the form of documents, presentations, spreadsheets, email, text messages, notes, images, audio, video, and so on — continues to be the foundation for business-critical enterprise initiatives, including collaboration and integration.

  • COLLABORATION

Collaboration between people, throughout the extended enterprise. Enterprise collaboration refers to capabilities that make it easier for users in the extended enterprise to create, organize, find, share, communicate, and transact with one another — using productivity tools.

  • INTEGRATION

Integration of business processes and workflows, between both people and systems.

Collectively, unstructured data in all its forms can also be referred to as simply files, or content. Given the ubiquity and utility of these types of data, it comes as no surprise that virtually every organization is actively leveraging its shared files, using one or more of a variety of mechanisms.

 

MFT is a technology platform that uses administrative controls, security support protocols (i.e. HTTPS, SFTP, FTPS), and automation capabilities to securely share various types of data, including compliance-protected as well as high-volume data.

Purpose of Managed File Transfer

A MTF service helps a business accomplish multiple data-related objectives involving shared files.

  1. Security / Compliance

Concerns about security, privacy, and compliance remain, especially working with data that is valuable (e.g., intellectual property, confidential information) or regulated (e.g., personally identifiable information, personal health information, cardholder data), (GDPR), (HIPAA), (HITECH), (PCI DSS), (SOX)

  1. Platforms

Movement from tactical tools, to proactive platforms

  1. Multiple System Usage

Increasing need to choreograph file movements through multiple systems; the use of APIs

  1. GREATER COMPLEXITY

Significantly greater complexity: diversity of users, endpoints, deployment models

WHY YOU NEED MANAGED FILE TRANSFER

According to Aberdeen, most organizations are actively leveraging their shared files, using one or more of a variety of mechanisms.

  • SYSTEM-TO-HUMAN 63%

A business process or application generates and sends file(s) to one or more specific users (e.g., personalization and distribution of records and reports).

  • FILE SYNC 54%

A user transfer’s file(s) to a central repository, to be synchronized and accessed by themselves from one or more devices.

  • HUMAN-TO-HUMAN 66%

A user sends file(s) to one or more specific receivers.

  • HUMAN-TO-SYSTEM 66%

A user submits file(s) into a business process or application (e.g., as a manual step in an established workflow).

  • SYSTEM-TO-SYSTEM 70%

A business process or application programmatically initiates file transfers to be received by another process or application (e.g., as an automated step in an established workflow).

  • FILE SYNC 70%

A user transfer’s file(s) to a central repository, to be synchronized and accessed by themselves from one or more devices.

 

Protecting data in today’s highly regulated and growing data landscape requires a proactive approach. It means evaluating your business’s existing security policies and procedures, systems of data management to ensure that they meet current and future compliance regulations and mandates. It also means that you must reduce or eliminate system vulnerabilities that are often the result of complex or inadequate security practices and system inefficiencies.

MFT can be beneficial if your business:

  • Has concerns about security, privacy and compliance
  • Is redesigning traditional business processes and workflows
  • Is eliminating manual processes with automated migrations, consolidations and upgrades
  • Is experiencing significantly greater complexity, and diversity of users
  • Wants to improved operational efficiency and decision-making with visibility and analytics
  • Is communicating and engaging with standard protocols: Secure FTP, FTPS, HTTP, HTTPS, AS2, and SFTP

Organizations need the accessibility, transferability, and the secure storage of their data. The negative effects of a data breach or of an unresponsive network can cause reduction in efficiency across every line of business. When this happens, business stops while IT works to fix the problem. Leading organizations are implementing MFT solutions for a wide range of data management issues.

Data security and productivity measures are far more successful and effective when they are proactive and preemptive, which is why MFT solutions are an excellent data management tool for IT managers, especially those in heavily regulated industries such as healthcare and financial services.

Maintaining security and compliance go hand in hand. While not every compliance measure is related to a security standard, there are still many compliance mandates that work well with keeping a network secure. MFT solutions have real-time monitoring and validation of security policies and controls to answer to compliance standards for handling sensitive data. Some of these standards are mandated by GDPR, HIPAA, HITECH, SOX and PCI. They can contribute to security by following these standards:

  • Track and audit user activity and file movement (Control)
  • Monitor and alert in real-time on potential violations of security standards(Security)
  • Capture compensating controls and generate reports on compliance status (Managed)
  • Meet requirements for data wiping and sanitization (No data left behind)
  • Protect data in transit or at rest (Encryption)

 

Data is the life-blood of your business and ensuring that it moves efficiently and securely (both in and outside of your organization) is critical. Yet, for something so important, many organizations are littered with non-compliant and rogue data exchange solutions, making their network ripe for security breaches and failed data transactions. The use of unsanctioned devices and applications, known as shadow IT, causes a wide range of problems for organizations, including insecure data transmission and lack of visibility and control, putting your business data at risk.

The security capabilities of a MFT solution extend beyond the process of moving or storing data. A MFT solution supports overall network security:

  • Operational visibility helps IT managers see problems before they happen
  • Automation improves efficiency and saves time, eliminating the need for manual processes, which indirectly improves security because IT professionals can redirect their efforts
  • Compliance standards bring an additional layer of security by regulating the security policies and practices that ensures that organizations are handling sensitive data securely
  • User-friendly ad hoc capabilities ensure that shadow IT practices aren’t being used to skirt IT policies

 

Automate Data Exchange across Systems and Applications
Manual data transfer processes are vulnerable to manpower limitations and subject to human error, making them inefficient and often unreliable. Automating your data transfers can reduce or eliminate the need for manual file exchanges and free up your resources for more innovative endeavors.

5 Features that support GDPR Success

Primary features of MFT solutions:

  1. Encryption for all files on the platform; using encrypted transmission protocols like HTTPS with file integrity checks. A combination of these three processes will protect documents and files which contain personal data against unauthorized access, modification and disclosure.
  2. Strong access controls and internal user databases with strong passwords, used in combination with multi-factor authentication and single sign on. This reduces the risk of unauthorized access and insures the recipient of the personal data is indeed the intended user.
  3. Tamper-evident logging and auditing, recording each event with the MFT transfer solution where every file or document transferred is logged in a format that cannot be modified or removed without alerting the system administrator.
  4. Integrating with existing security solutions and enforcing existing security policies. For example, integrating an anti-virus scanner with anti-malware; or utilizing a DLP (Data Leakage Prevention) solution to look for instances of sensitive data being shared.
  5. Analytics used in conjunction with reporting gives a current and historical overview of all document and file transfer activities. Logging and reporting information is available in the MFT reporting console and can be exported to business intelligence tools or centralized logging solutions where further analysis and reporting can be performed.

 

MyWorkDrive Version 5.2 Released to Preview

We are pleased to announce version 5.2 of MyWorkDrive server, Mobile and Windows client is now available for preview download.  This release includes a major update that now supports logging in using ADFS/SAML from any device when connecting to server version 5.2.  With this update secure remote access using Windows and Mobile Apps from any SAML provider with two factor authentication is now possible.   An example would be Azure AD integration with MFA enabled – When enabled in MyWorkDrive and ADFS/SAML is set to required, users can access MyWorkDrive shares with Windows Mapped Drive and Mobile clients using MFA Two Factor as part of Azure AD.

Version 5.2 also includes a major overhaul to our mobile app that includes support for iOS files provider, Image previews (5.2 server required) and new offline capabilities.   With iOS file provider enhancements user’s can access, upload, download and edit files stored on MWD shares from any app.  See our updated mobile user guide here.

MyWorkDrive CEO Dan Gordon says, “We are very excited to these major enhancements for secure access from any device or authentication provider.   With these speed and functionality improvements, now more then ever, our customers can eliminate file share VPN costs and security concerns while enabling their users to work from anywhere without VPN or remote desktop login headaches.”

 

Register for the 5.2 Launch Webinar on Feb 28th

Webinar Registration Link

New Version 5.2 features

Mobile Apps

  • Login using ADFS/SAML provider
  • Prevent password saving policy support
  • iOS files provider support for accessing files in any app

Web Browser Client

  • User favorites to folder locations
  • Alternative viewer for large text files
  • Improved support for ADFS and SAML SSO providers

Windows Mapped Drive

  • Login using ADFS/SAML provider
  • New command line options for unattended setup
  • Improved login/logout performance
  • Improved handing of custom branding
  • Numerous other enhancements and fixes – Release notes are here.

Server

  • Administrative Alerts for file downloads, delete or modify
  • Simplified SAML setup for Okta and OneLogin
  • Export/Import of settings for easy backup/restore
  • Azure AD single logout support
  • Numerous other enhancements and fixes – Release notes are here.

Register for the 5.2 Launch Webinar on Feb 28th
Webinar Registration Link

 

*Upgrade note: Existing customers can upgrade for free in place.

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

California Consumer Privacy Act of 2018 (CACPA), Who, What, When, Where and Why?

CaCPA

Who Does the CaCPA Protect? Who must comply?

Any consumer, defined as a “natural person who is a California resident.” This is further defined as:

  • Any individual is in the state for any purpose that is not transitory or temporary
  • Any individual who lives in the state but currently or occasionally is outside the state for a temporary or transitory purpose

Meaning consumers traveling to or with partial residence in other states would be protected, as long as their home is California.  This also means that the law applies to “business-to-consumer” (B2C) companies and to “business-to-business” (B2B).

A covered “business” is defined as a for-profit entity that meets 1 of the 3 following conditions.

  1. Earns $25 million or more in annual revenue.
  2. Holds the personal data of at least 50,000 people, households, or devices.
  3. Obtains at least half of its revenue selling personal data. Selling, is not just trading data for cash. Merely disclosing data to a third party if it results in financial gain, is subject to the law.

CaCPA states that that they must also meet the following 4 conditions.

  1. Be a legal business entity that is organized and operated for profit.
  2. Collects consumers’ personal information, or has someone collect it on its behalf.
  3. Determines the purposes and means of the processing of consumers’ personal information.
  4. Does business in California

Any “for profit business” passing this test will be subject to the law, regardless of its geographic location. According to iapp it is estimated the law will apply to more than 500,000 U.S. companies, most of which are small- to medium-sized. It will also impact businesses outside the U.S., as long as they do any of their business in California.

What Is the Penalty for Noncompliance?

For intentional violations not addressed within 30 days, the fine is from $2,500 to $7,500 per violation (e.g., per record in the database). Unintentional violations not addressed within 30 days, Consumers are able to recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.

Twenty percent of the penalties collected by the State will be allocated to a new “Consumer Privacy Fund”. Any funds in excess of Court and collection costs may be placed in the CA State General Fund.

Where Did This Law Come From?

The CaCPA was rushed through Legislation in just 7 days’ time and was signed just hours before the closing of the 2017-18 California legislative session. Speedy for a Law with such widespread ramifications.

This rush was in response to a much stricter ballot initiative proposed by San Francisco real estate developer Alistair Mactaggart.  Mactaggart spent $3.5 million of his own money to fund initiative measure No. 17-0039 which received more than 629,000 signatures, more than enough needed to put the issue on the November 2018 ballot.

How Does the CaCPA Define “Personal Information?”

CaCPA’s definition of personal information is much more extensive than the definition of PII, it does align more closely with the broader list in the GDPR. It’s defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In addition to the information typically included under PII, it also includes:

  • Geolocation data
  • Education information
  • Audio, electronic, visual, thermal, or similar information
  • Professional and employment information
  • IP addresses
  • Internet activity (i.e., browsing and search history, web tracking data)
  • Aliases
  • Characteristics of protected classifications under California or federal law
  • Commercial information (i.e., personal property records, purchasing history)
  • Inferences drawn from any of the information contained in the definition

Why CaCPA

Just days before Mactaggart could certify the signatures, California Democrats agreed to push a compromise bill in exchange for dropping the initiative. The tech industry lobbyists believe that they will have a much better chance of controlling the narrative and the ultimate impact of the CaCPA. Industry Lobbyists agreed not to oppose the bill since the much less favorable ballot initiative had a good shot of passing later in the year.

What did they get for their compliance?

  • 18 months’ time to lobby on how to rewrite the details of the bill.
  • CA legislature can modify the CaCPA with a simple majority instead of a 70% super majority required by the CA Consumer Privacy Act of 2018.
  • CaCPA makes it more difficult for consumers to sue noncompliant businesses, giving most of the enforcement control to the CA state Attorney General.
  • CaCPA affects more companies, as it lowered the threshold by half to businesses with only $25 million annual revenue.

 

“Data regulation policy are complex and impacts every sector of the economy, including the internet industry,” the Internet Association lobbying group said. “That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning. It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike.”

The winners and losers of this bit of legislation (10,660 words), have yet to be determined, due to the massive rewriting of the details going on right now. It is very likely that the new and improved CaCPA will apply mainly to the Small to Medium Business, the ones that can’t afford the high priced Lobbyists and their massive expenses. This bill hastily written and barely reviewed by anyone other than its writers with its many typo’s and poorly written text was approved by Governor Brown on June 28th 2018. On Aug. 24th just 57 days later the first 45 amendments came. These amendments were primarily to adjust technical errors. Get prepared.

Sources: Assembly Bill No. 375, iapp The Privacy Advisor, New York Times, FairWarning

 

GDPR Fines: Blood in the water. Who’s first?

The (CNIL), France’s data protection authority (DPA), has levied a €50 million ($57 million) fine against Google for violating the GDPR’s transparency, information, and consent requirements in deploying targeted advertisements. The largest fine by GDPR to date and the first involving a U.S. technology company was issued on January 21, 2019.GDPR Compliance

The CNIL’s investigation was triggered by complaints from two advocacy groups, None of Your Business and La Quadrature du Net, filed immediately on the GDPR’s May 25, 2018 effective date. The complaints alleged “forced consent,” by which users of Android-powered mobile devices, had to agree to Google’s entire privacy policy and terms of service before using the Android device. Google lacks a legal basis to process users’ personal data as it relates to ad personalization.

Why so much?

The CNIL relied on four factors in issuing its €50 million fine.

  1. Nature of the infringements relating to lawfulness (Art. 6) and transparency (Arts. 12 and 13), both of which are core principles of the GDPR and listed as triggering the highest fining threshold (of 4% of International Revenue) in the GDPR (Art. 83.5).
  2. Because the infringements were continuous and ongoing after the GDPR’s effective date.
  3. The processing purposes, their scope, and the number of individuals concerned.
    1. CNIL’s investigation focused on users who created a Google account while setting up their Android device, they noted that this is very large number of individuals.
    2. They contend that due to Android’s dominant market share in the French smartphone market and the number of smartphone users in France the processing is vast.
    3. Also given the number of Google services involved (more than twenty).
      1.  The variety and type of data involved
      2.  The multiple technological processes that enable Google to combine and analyze data from various services, applications, or external sources.
      3. These processes undeniably have a “multiplying effect” on the knowledge the company has about its users.
      4. The company has means for potentially unlimited combinations enabling a massive and intrusive use of consumer’s data.
  1. When viewing the infringements from the perspective of Googles economic model,
        1. The processing of user data for advertising purposes via Android.
        2. Advantages Google obtains from that processing,
        3. CNIL found that Google must be extra cautious about its responsibilities under the GDPR.

 

CNIL does not say how it got to the amount of €50 million. CNIL indicates these infringements would be subject to the GDPR’s 4% maximum fine. Fine was based on Google’s 2017 global revenue of €96 billion. It’s clear that the CNIL did not impose the maximum fine. However, other than saying the fine of €50 million was “justified”. CNIL provides no reasoning for this starting amount or how the factors referred to above influenced the amount.

This case represents the CNIL’s first published enforcement action, explicitly under the GDPR and the largest fine it has ever imposed. It also highlights the CNIL’s scrutiny of notice and consent in online advertising, which had been building up in the past months, as evidenced by other recent CNIL decisions.

This fine comes 1 month after Italy’s DPA fined Facebook €10m for misleading its own users over data practices. The watchdog said Facebook wrongly emphasized the free nature of the service without informing users of the fact that their data would be used to generate a profit for the company.

 

 

Google was not the first GDPR fine just the largest to date.

The first fine was issued in Austria in October 2018, and although it is not strictly related to personal data processing. A betting shop received a €4,800 fine for a security camera that was recording part of the pavement outside, since large scale monitoring of public spaces is not permitted under the GDPR.

At the end of October the Comissão Nacional de Protecção de Dados (National Data Protection Commission) in Portugal imposed three fines on the Hospital do Barreiro: These are the first fines related to the processing and storage of personal data.  Two €150,000 sanctions and another of €100,000. For a total cost of €400,000 for the hospital. The first two fines of €150,000 were for violation of the principle of data integrity and confidentiality, and violation of the principle of data minimization, which in theory prevents indiscriminate access to data. 985 physicians had active accounts on the system giving them access to clinical files, while the hospital had only 296 active doctors on the date of the inspection.  

The third fine was related to the inability of the Hospital as data controller to ensure the confidentiality and integrity of the data of its clients and patients.

In Germany in the middle of November a German social network, Knuddels.de, received a €20,000 fine after a hack that caused 808,000 email addresses to be leaked, along with over 1.8 million usernames and passwords. This information was then published online with no encryption.

The social network reacted by saying that once the leak had been discovered, it immediately improved its security measures. After the incident, it was discovered that the website had no kind of protection on its sensitive information.

According to LfDI Baden-Württemberg, the German data protection agency handling this case, one of the reasons that the website received a “relatively low” fine was that it acted with transparency, and quickly implemented security improvements.

2019 is bringing much higher fines.

The economic sanctions so far are clearly conservative compared to the maximum possible penalties allowed, but with the recent spate of high profile data leaks from Marriott, British Airways, and Quora it won’t be long before larger, harsher fines start to appear.

What can you do to avoid a fine of millions of Euros or Dollars? The most important thing to bear in mind is that prevention is better than a cure. By having appropriate data leak protection in place for the personal data your company manages, you can avoid sanctions and fines.

    • Start by determining if online storage or on prim is the right solution for your needs
    • Controlling who has access to it
    • Realize that if you use Sync and Share instead of a private cloud file sharing solution you have just doubled the amount of data you have, and also doubled the # of locations that you need to defend. Plus one of these locations you have no control over.
    • Complexity reduces security. The more complex a solution is the less it will be used.

 

 

The Security Risks of Remote Work

The Security Risks of Remote WorkCloud Security Risks

According to industry analyst Strategy Analytics: The global mobile workforce is set to increase from 1.52 billion in 2017, accounting for 39.3% of the global workforce, to 1.88 billion in 2023, accounting for 43.3% of the global workforce. Globalization will continue to drive the growth of mobile office workers in all regions. The latest mobile devices and technologies are now able to meet most of the demands of mobile workers of all types. While the more significant growth opportunities ahead will depend on the mobile internet, as it contributes to developments in the wider digital ecosystem. Mobile internet users are the addressable market for e-commerce, Fintech (Financial technology) and a range of digitally delivered shared files, services and content.

At the same time, mobile security threats are on the rise: according to the McAfee Mobile Threat Report Q1 2018, 16 million users were hit with mobile malware in the third quarter of 2017. Q3 2018 had more than 62,000,000 new malware files reported, with over 820,000,000 total malware files listed. The biggest change was the increase in size of the ransom payment. Past versions required US $1,000, now costs are US $2,400 for the decryption key up 140%.

iPass Mobile Security Report 2018 surveyed 500 CIOs and senior IT decision makers from the U.S., U.K., Germany and France, to examine how organizations view today’s mobile security threats and how employees’ use free public Wi-Fi.

The use of free public Wi-Fi continues to pose the biggest mobile security threat for hotspots globally. With all the varying security credentials, how can enterprises ensure the connections that their mobile workers use are secure? At a time when data protection is paramount, enterprises need to strike a balance between keeping their data and systems secure, while not hampering the productivity of their mobile workforce.

Hacking Risks

The majority (57%) of CIOs suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months.

Wi-Fi Security

Overall, 81% of respondents said they had seen Wi-Fi related security incidents in the last 12 months, with cafés, airports and hotels being cited as the most vulnerable locations. 62% of Wi-Fi related security incidents occurred in cafés and coffee shops. This is perhaps not surprising, as all these locations see a high turnover of visitors each year and the level of security at each hotspot varies. There were also significant geographic differences when it came to Wi-Fi related security issues at airports: more than two thirds (68%) of U.S. respondents said they had seen incidents at airports, in contrast to only 39% in the U.K.

Personal Devices

CIOs believe mobile security risks have increased due to the rise of employees using their own devices (BYOD). Banning employee use of free Wi-Fi hotspots is still the preferred security measure for most organizations but their mobile workers are using them all the time.

BYOD: Bring Your Own Danger?

The concept of bring your own device (BYOD) is now commonplace: despite the large number of people working remotely, Gartner says fewer than (23%) have been supplied with a mobile device by their employer. This can leave companies open to security risks, if they do not have control over the security settings or capabilities of devices that are being used. Enterprises are in a Catch-22 situation when it comes BYOD. Many enterprises realize it can improve not only employee productivity, but also wider job satisfaction. However, there is a trade-off with potential security risks. Survey respondents recognize that the risk has been increased by BYOD, with 94% reporting that they think BYOD has increased mobile security risks.

 

Is Mobile VPN a solution?

Virtual Private Networks (VPNs) can be a way to secure remote connections to data and central systems, providing an alternative to a blanket ban on free Wi-Fi hotspots with an extra layer of security. This solution has to be deployed by the end user each time they wish to connect. VPN usage is increasing: in 2016, just 26% of enterprises were fully confident mobile workers were using a VPN every time they went online, but that figure has jumped to 46% in 2018. That does however leave more than half (54%) of respondents reporting that they still aren’t fully confident that their mobile workers use a VPN every time they go online. This figure leaps in the U.K. and France, where 62% and 59% of respondents, respectively, said they weren’t fully confident that their mobile workers are using a VPN when they go online. There are several barriers preventing mobile workers from connecting to VPNs, including the fact that mobile workers might not want personal data to run over the corporate network and that connecting to VPNs can take extra time. The challenge lies in training employee on the importance of using VPNs every time they go online, and how to connect to one in a quick and efficient manner.

 

Mobile security challenges remain a huge concern

Based on the earlier statistics, it’s not surprising that enterprises remain concerned about the security risk posed by the growing number of mobile workers. Overall, 92% of organizations said they were very concerned or somewhat concerned their growing mobile workforce presents an increasing number of mobile security challenges. There’s a perfect storm brewing: a rapidly growing mobile workforce, the proliferation of smart devices, the explosion of free public Wi-Fi coupled with ever more sophisticated hackers.

 

Conclusion

Companies are increasingly aware of the fact that the huge growth in mobile working presents new security issues to worry about. IT teams are no longer fully in control, as connectivity and access to corporate systems now extends beyond the corporate firewall. The huge, global growth in free Wi-Fi hotspots continues to skyrocket, so organizations outright banning employees from using them is a somewhat ineffective. The fact is, mobile workers will always seek out connectivity, regardless of the security risks involved, if it enables them to get their work done. In todays connected and increasingly ‘Wi-Fi’ first world, companies need a modern mobile working strategy that empowers employees, as opposed to trying to stop them in their tracks. In today’s risk environment the public Wi-Fi is the greatest threat and the ability to use it safely is the primary business goal of Remote Workers.

 

What is remote work?

What is Remote Work?

It seems simple enough. Remote work would appear to signify work done outside of an office. But there are so many different terms floating around regarding work flexibility that it’s important to know what each means. There are many names given remote workers: teleworker, iPro, telecommuter, distance worker, homeworker, freelancer, and outworker.  There are also many forms of remote work: Full time, Part time, Job sharing, Gig work, Contract work, Consulting, Road Warrior.  What all this means is that “Work” is changing due to Technology, Education, Mobility, Security, and the age of the work force.  Ultimately, what your company’s definition of remote work is will be depends largely on your own practices and policies.  While Corporations are struggling to keep up with this change, early adopters of this phenomena are reaping phenomenal rewards:

WeWork

WeWork is an American company that provides shared workspaces for technology startup subculture communities, and services for entrepreneurs, freelancers, startups, small businesses and large enterprises. Founded in 2010, it is headquartered in New York City. As of July 2017, WeWork had a valuation of roughly US $20 billion and managed 10,000,000 square feet (930,000 m2) of office space.

Slack

Slack is a cloud-based set of proprietary team collaboration tools and services, founded by Stewart Butterfield. Slack began as an internal tool used by his company Tiny Speck. The current valuation estimate for Slack stands at around $8.3 billion based on the 2018 forecasts and estimates for the company.

Dropbox

Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, that offers cloud storage, file synchronization, personal cloud and client software. Dropbox was founded in 2007 by MIT students Drew Houston and Arash Ferdowsi as a startup company.  Dropbox revealed in its SEC filing that it had around 540 million shares outstanding at the end of 2017. Using the $10 billion estimate for Dropbox’s value, this implies a price per share of about $18.50 as of now.

Box
Box, the business software company led by Aaron Levie, reported its fiscal first quarter earnings on May 30, 2018, posting revenues of $140.5 million—a record—and cash flow from operations of $18 million. Its quarterly revenue was up 20% year over year.

Toptal

Toptal accepted a $1.4 million seed round of financing from Andreessen Horowitz and angel investors including Quora founder Adam D’Angelo. In 2015 and 2016, their annual revenue was $80 million and $100 million respectively.  “There’s a network effect,” says Du Val he turned his office-less company into a $100 million-revenue business that connects high-level developers, designers, and finance pros with some 2,000 companies, including Airbnb, Pfizer, and the Cleveland Cavaliers.  Not only are new Start-Up’s enjoying the benefits but also these Fortune 100 companies.

For example, the Global Workplace Analytics statistics show that the average real estate savings with full-time telework is $10,000 per employee per year.

Specifically, these organizations found that such options allowed:

IBM to cut real estate costs by $50 million
Sun Microsystems saved $68 million a year in such costs.
Nortel estimates that they save $100,000 per employee they don’t have to relocate.
Recent Global Workplace Analytics studies show that offering workers flex options can boost productivity.
AT&T found its telecommuters worked more hours at home than its office workers.
JD Edwards teleworkers were shown to be 20-25 percent more productive than their office colleagues. American Express employees who home worked were 43 percent more productive than office workers.

Advantages of Agile Work Strategies for all Companies:

• Improves employee satisfaction
• Reduces attrition
• Reduces unscheduled absences
• Increases productivity
• Saves employers money
• Increases collaboration
• Expands the talent pool

The Obstacles to Work At Home and Telecommuting Programs
• Management mistrust
• It’s not for everyone
• Career fears from ‘out of sight, out of mind’ mentality
• Security issues
• IT infrastructure changes may be necessary

The office is rapidly expanding beyond the cubicle.  The number of telecommuting workers has increased 115% in a decade, according to a new report from Global Workplace Analytics and FlexJobs. That translates to 3.9 million workers, or almost 3% of the total U.S. workforce, working from home at least half the time in 2015, an increase from 1.8 million in 2005.
In the EU a study released 29 May 2018 by Zug, Switzerland-based serviced office provider IWG found that 70 percent of professionals work remotely at least one day a week, while 53 percent work remotely for at least half of the week.  The ability to work from home and the emergence of digital office rental services has led to changing attitudes around where people should work and whether they should stick to the traditional nine-to-five working hours.

Workplace Analytics and IWG both said their studies related to full-time employees rather than the self-employed or contractors. Chief Executive Mark Dixon said that technology was the primary driver of changing perceptions around locations and working hours. “The biggest driver is digital, changing every industry in the world,” Dixon told CNBC in a phone interview. “On the one hand, it’s changing how real estate needs to be offered, but it’s also companies wanting something different in the digital world.” Dixon said that firms are less inclined to invest in real estate and were looking to digital services instead to hire out office spaces. He added that the idea of remote working allows employees to be more flexible.

Who’s working outside the office?
Telecommuters tend to be a little bit older than the average employee: half are 45 or older. They’re also more educated and earn more than non-telecommuters. The average yearly income for most telecommuters is $4,000 more than non-telecommuters, according to the report. Remote work is gender neutral with 52% of work-at-home employees being female. Telecommuting is most common among management positions. Professional, scientific and technical services industries have the highest percentage of telecommuters relative to their share of the workforce.
Employees are expecting more flexible work arrangements, customers are demanding more responsiveness from companies, and the challenge is now for CEO’s to embrace the change required within their organizations to address these needs.

Due to the rapid growth of the workplace, remote-working policies will rival the popularity of fixed office locations by 2025, rendering the future workplace unrecognizable.

MyWorkDrive fits nicely into remote working strategies enabling workers to collaborate on files remotely while keeping them stored on company storage with the added security of two factor authentication (to prevent sharing of passwords) and data leak protection to prevent downloads and casual sharing of confidential documents.

The Art of SAML/SSO and MFA

SAML SSO Integration

Security Assertion Markup Language or SAML is well known by its function and not necessarily by its name or moniker. IT Managers use it on any given day possibly multiple times. With SAML multi device management becomes easier and less stressful and tedious. Simply put, you are able to sign on to one computer and access and perform security functions on other computers. In this current climate of data integrity worries and data leak prevention, being able to authenticate and authorize credentials is critical. SAML makes network security easier to manage.

SSO or Single Sign On is what any executive or front-line staff wants and needs for easy collaboration, streamlined workflow, and smooth operations as more staff work remotely. For example, if your core inventory management database is cloud based and your retail POS has a local server but they have an API that makes them talk to each other along with a dashboard that talks to an on premise file server with financials and you have a single sign on credential for all logins then you are not constantly having to remember passwords or create usernames and secure logins for every point of contact in your enterprise where operations and performance metrics live.

Some security experts’ shudder at the thought of a CEO keeping a post-it note in a drawer with passwords but before you snicker just remember that a lot of Network Security professionals don’t always use a password protector or authenticator either and are prone to losing cell phones at trade shows. You have one key to your front door and this lets you in every time. Don’t make things complicated.

Picture yourself at an airport sitting with your laptop with time to kill before boarding your business flight. On your laptop you have an icon you click open that you enter your single sign on credentials and bingo you are instantly in your home drive at the office and on the server at the colo. You are working at the speed at light and not missing a beat regarding the latest report just updated and saved on the server in the folder marked sales reports. Having a web dav client and being able to instantly, securely, and remotely access your files is a game changer. You can stay agile, productive, and efficient with your time. No need to text the IT desktop support back at HQ to find out who changed passwords all of the sudden or why you are locked out right now.

There is duo authentication which most gmail users are familiar with via entering a phone number to get a text with a code that you enter so you can add another layer of protection to signing in to your email account. MFA or Multi Factor Authentication adds yet more layers and added protections especially if the data you are sharing is critical, classified, and/or for certain eyes only. Many contractors in the government sector as well as in healthcare and research and development are well aware of MFA just like in banking where you have a safety security box locked in a vault behind the closed doors of a bank who also has an armed security guard at the door. Banks and financial institutions use MFA all the time.

You can live dangerously and have all your logins saved to your browser but what if you lose your laptop or you click open a link in an email that renders your machine kaput and has to be taken off the network immediately…what then? You should make a habit of clearing your cache, removing cookies, updating logins and securely storing them somewhere in your own vault of some kind whether that be a platform like LassPass or while also having your enterprise network architecture and data security protocol include SSO. You don’t want staff members being the master of your universe. Don’t make your IT Department lose sleep every night by making them chase down each and every staff member to get updated login credentials. That should be managed from top down. They can have their own passwords, but every platform and software used should have a master admin account that can access everything and that SAML and SSO should live with IT and Executive Management. Terming out an employee should not be a fire drill in getting your network back or worrying who still has access to what.  Active Director integrated with Windows File Server Shares should be managed concurrently, and onboarding or terming staff should have the same consistent protocol each time. You need to be able to pull the plug so to speak on all logins at all touch points to the system based on what level or what clearance the employee had. If you have it related to SSL or NTFS permissions, then it’s not a nightmare to manage. Adding another layer of MFA that you are able to control from internally is also an essential safeguard.

On one side you have ease of use for the employee and on the other side you have ease of control on the management side. Your user base will be very happy being able to log on to all aspects of operations with one sign on credential even if it means they have to enter a code that is generated to their cell phone with a text alert when logging in. Again, this level of security depends on what is being accessed and what permission has been granted to staff member.

What constitutes a work stoppage? Someone can’t get their email? That’s inconvenient but not a reason to fold your arms in your lap and plan on catching the early train home. With SAML and/or SSO all you need is a browser and you are back in business accessing the information you need. It’s always good protocol and policy to have some kind of Multi Factor Authentication on your phone and mobile devices like tablets, etc. Think of it much like an Apple ID account. You have that added layer of having to use your thumbprint when downloading an app and then to purchase and set up an account you still need to enter your Apple ID. You want layers between you and someone else trying to steal your identity, hack your network, or corrupt your files. You also want it to be easy and fast to access your files. Use MyWorkDrive with any compliant SAML solution with streamlined setup of Azure AD, Okta and Onelogin.  Add MFA or DUO as you need to and start working away from anywhere!

MyWorkDrive Version 5.1 Released to Production

We are pleased to announce version 5.1 of MyWorkDrive server and Windows client is now available for download.  We are excited to include streamlined Azure AD/Office 365 Single Sign On (SSO) setup options, local document editing from the browser and a major update to our Windows Mapped Drive Client that greatly improves transfer speeds and login time.

MyWorkDrive CEO Dan Gordon says, “We are very excited to see these major improvements in speed and functionality with version 5.1 of MyWorkDrive Server and Windows Client. With these speed and functionality improvements, now more than ever, our customers can eliminate file share VPN costs and security concerns while enabling their users to work from anywhere.”

 

New Version 5.1 features

Web Browser Client

  • Edit Documents from the browser using Local Office
  • Local Document editing using ADFS/SAML SSO
  • Improved support for ADFS and SAML SSO providers

Mapped Drive

  • Dramatic speed improvement of 500% or more
  • Multi-threaded downloads and customization
  • New command line scripting options
  • Pull company logo on first login and during scripted installs

Server

Numerous enhancements and fixes – Release notes are here.

Watch the Webinar

 

*Upgrade note: Existing customers can upgrade for free in place.

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

 

Top 5 Reasons Your Company Should Use MyWorkDrive

Top 5 Reasons Your Company Should Use MyWorkDrive

There are 5 big advantages to using MyWorkDrive over just about any other remote access file share methodology that comes to mind including Egnyte and WeTransfer:

1. MyWorkDrive is Easy to Setup and Install

Your user community can be up and running quickly. By enabling and using already existing NTFS permissions, multiple and mobile device management is easy. You won’t be opening any ports in your firewall that you wouldn’t open for any other website with Port 80 and/or Port 443.  You can do a simple setup and have a share active with a group of users able to access it via the web in 15 minutes.  MyWorkDrive lets you share files securely inside and outside your company without wasting time on slow and complicated VPN setups.

2. MyWorkDrive is Easy to Use

No steep learning curve for adopters. You’re not talking people through installing VPN clients or trying to remote into users’ BYOD equipment or sharing permissions that have to be constantly monitored. The allowed user goes to a website and logs in with their domain credentials.  Whether on a mobile device, tablet, a networked desktop computer or laptop, all their files are there ready to work on and easily accessible. Also, with Office Online Edit, editing documents is instant and there is absolutely no syncing required. Instant editing is available whether they have Office installed locally or not.

3. MyWorkDrive Provides Security and Data Leak Prevention

With MyWorkDrive you’re not exposing malware prone ports to your data subsystems.  Your files aren’t being sync’d or shared.  Your files are made available using the same user access rights that the user would have in the office (or even less, as you can adjust in our admin panel – but never more).  You can also configure MyWorkDrive for data leak prevention to limit external access, add watermarks and prevent printing or clipboard access.  When using VPN, think about all the things you would have to do to harden those ports – IP Restrictions, firewall rules, MAC address locking, and more. Access and user management becomes cumbersome and complicated. When you are about to open SMB ports to remote locations there is always the worry about someone innocently plugging into an ethernet jack or connecting to WiFi and bringing a virus/malware onto the entire network. A solution like MyWorkDrive means none of those ports needs to be open/mapped to a remote site.  If a remote site gets compromised, that remote site won’t transfer anything back to the home network.  Yes, it will damage the remote site – but there’s no risk to the home office or other sites because the access simply isn’t there.

     4. Secure SMB File Share Access vs MyWorkDrive’s Web Client

SMB Is slow.  MyWorkDrive’s web client is simpler to use than any SMB or VPN share. SMB Requires port 445 to be open, which is prone to malware including the likes of infamous offenders like Wannacry, Sasser, Nimda, Petya/NotPetya, and more. It’s a constant worry and reoccurring nightmare to think about having ports 137-139 and/or port 445 open to the internet which is why they are always blocked.  MyWorkDrive runs on port 443 – https for easy access from any network in comparison. SMB Is hard to train “open explorer and type \\…” or “open the run command and type.. ” vs “go to Share.MySite.com and login with your computer username and password”

5.    MyWorkDrive is a VPN Alternative for Secure Remote Access

MyWorkDrive is a fast, secure VPN Alternative. In today’s global workforce and constantly connected user, there is a critical need for secure remote access especially for file editing, sharing, and collaboration. A remote desktop configuration is what is usually needed including vendors like GoToMyPC or LogMeIn that rely on network firewalls and VPN protocols to allow users remote access. Accessing remote desktops or servers this way is clunky, not seamless, and not totally secure. “Cloud VPN” screams public cloud, which means multi-tenant.  By being in a public cloud, you’ve got security and performance risks and neither of which is wanted when you’re dealing with your employees trying to work or your intellectual property and critical digital assets, the company’s crown jewels so to speak. Many companies look at cloud VPN over MyWorkDrive when considering MyWorkDrive, but decision makers need to ask themselves- are the risks justified or cost savings real?  With MyWorkDrive, you’re in a “private cloud.” It’s your physical server which is behind your locked door and your firewall sharing your files to your users.

A cloud VPN typically has some sort of user sync in order to authenticate.  How much do you know and trust the partner you’re handing your credential data too?  With MyWorkDrive there is no separate authentication database. The server authenticates users as they login directly with Active Directory.  Credentials are never sync’d or copied to a location you do not directly control. Connecting that to a public cloud is like taking that server and setting it outside your business on a high traffic street in a storage box you don’t control. You’re giving up a lot of security and trusting the provider to say they’ve built a strong enough door and used a big enough lock. Sure, you may not be a large enough company or in an industry who is regularly targeted by your competitors for industrial espionage but look at all the companies that have been hit by Ransomware.  Malware actors would like nothing more than to compromise your cloud provider’s security and lock you out of your own files.  By joining their public cloud, you’ve made yourself a more appealing target.

With MyWorkDrive, you are not dependent on anyone’s security protocol, procedure, or system but your own.  Furthermore, if you DO have a problem, the software is running on your server.  Stop the service, stop the website, shut off the box.  You’re in control.  You don’t need to login to some cloud service, which is probably going to make killing your account and removing your data hard because they’re incentive is to keep it live (and keep you paying for it).  If you do get your files migrated back to you, then you need to hope that the cloud vendor destroys their copy of your credential library and it will be up to you to reconstruct your file share folders or metadata.

Bottom line – there is nothing like MyWorkDrive on the market and it’s not accurate to compare it to a public cloud service of any kind or a VPN or Sync and Share or other Collaboration provider. MyWorkDrive is superior in performance, reliability and security at a lower overall total cost of ownership.

###

MyWorkDrive featured in Tech Republic

MyWorkDrive featured in Tech Republic

 

MyWorkDrive’s Chief Marketing Officer, Jackie Rednour-Bruckman was recently asked by Tech Republic- What Are the Best Data Center Upgrades? You can buy a bunch of hardware and software but first and foremost you must decide on your data protection and data leak prevention strategy. Adding MyWorkDrive’s solution to your infrastructure is fast and easy and should be strongly considered if your enterprise is worried about data protection and secure remote access.

https://www.techrepublic.com/article/best-data-center-upgrades-for-2019/

ShareFile Alternative | Secure Private Cloud File Access | MyWorkDrive

sharefileTo VPN or not to VPN

What does life after Citrix ShareFile or XenApp 7.0 look like?

You may be waiting for Gartner or Forrester to point you in the right direction on what to do about your enterprise remote access and mobile device management during this turbulent time that has been dubbed the digital transformation for over a decade now, but we have some answers for you to think about regarding the Internet of Things. Are you a ShareFile user? Are you using Citrix VPN? Both? Neither? Well, whether you are using a remote access VPN or a site to site VPN for secure file share access, many companies are facing what to do next regarding VPN options, upgrades, and alternatives to VPN altogether. End of Life and support for XenApp 7.0 expired in June of 2018. XenApp 6.5 support was sunsetted in 2016 so if you are still on it then by this time you are indeed playing Russian roulette with your data security and data leak prevention. Because of Citrix VPN, Citrix ShareFile, and XenApp many CIOs are facing a dilemma: migrate to another cloud storage file sync provider or embark on a completely new trajectory for all enterprise file share remote access and content collaboration requiring complex file migrations. But what cloud platform? There are many providers billing themselves as a VPN alternative but they are still a public cloud storage and/or content collaboration platform requiring complex file migrations. You could have one of your requirements be that you want complete control over your workflow management and email client portal and yet you would still be relying on someone else’s server or proprietary database to store your company files.

Many enterprises haven’t even gotten that far yet and are still at the stage where they are looking for an FTP alternative. Due to the nature of their business (especially if it involves sending big files or providing a virtual data room for remote key stakeholders and decision makers), many enterprises have stuck with their legacy FTP server environment. The time has arrived when deciding between private cloud, hybrid cloud, or public cloud must be made to continue to stay agile, secure and productive.  Executives will have to decide what files get migrated and what crown jewels of data must stay on premise. Of course you could decide to migrate all of your critical file share assets but keep in mind that a cloud platform provider is going to own and control your data and lock you in to a contract where some data could get left behind. You could have a Hotel California situation on your hands – you can check your data into a provider any time you like but it can never leave.

Citrix Sharefile as many know is a file sharing and managed file transfer (MFT) service that relies on the cloud. Or rather Citrix users rely on cloud computing technology. One of the pitfalls of Sharefile is that encrypted email is unavailable for lower tier subscribers and you can’t restrict ‘view only’ mode. For certain industries this become problematic especially government, financial, and healthcare sectors. Many firms also rely on Citrix remote desktop services but again, you have to maintain not only your VPN and firewall but a farm of virtual desktops as well which must all be secured and patched creating a huge support burden and expense on the IT budget line each year. You can also enable two-factor authentication with Citrix Sharefile or RDS for an added layer of security but still there remains an open pipe to your data that bad actors can exploit and compromise. You can also combine more layers with Cisco VPN but again, another point of failure for hackers hell bent on going after your network. The daily news is full of stories in the last few years of massive failures including the Sony Pictures hack, the Equifax hack and worse yet, the U.S. Department of Defense coming under attack from cyber criminals. But what to do?

MyWorkDrive allows secure file remote access without VPN, syncing, or migrating to the cloud or new systems. Your files, your data, and your data center become your own private cloud instantly allowing users to remotely edit and share files simply and securely side by side with your existing mapped drive users without migrating files or storing them in the cloud.  With MyWorkDrive version 5.1 you can do it faster and even more securely with encrypted view, data leak prevention, duo authentication, and more. With MyWorkDrive support costs are dramatically lower than Citrix products. Support costs per user/year alone make the business case. Sharefile users in organizations using Citrix specifically to access files remotely should strongly check out MyWorkDrive as a viable alternative. MyWorkDrive is known as a VPN alternative where you can cloudify the existing file shares located in your data center, grant users remote access permissions and manage multiple devices easily utilizing existing NTFS permissions and an enterprise’s current IT infrastructure and windows active directory. As previously mentioned, Sharefile announced EOL of their current version this past June and the new version requires Server upgrades from 2008 to 2012 R2 or higher. Anything remaining on old platforms will not be supported at the end of this year. Additionally, Citrix is requiring purchase of a NetScaler Load Balancer and ‘tuning up’ current licensing. This upgrade (which is really a migration) is very costly, and quite an endeavor and very complex. The actual ‘How To Manual’ is a 1000 page PDF!

IT Consultants are very happy to assist in the migration with a labor cost from $10k and up for even the smallest organizations and much higher for larger enterprises. You will also need to factor in costs for hardware and software upgrades to run it all on. MyWorkDrive can provide a better, more secure remote file access set up across your Network Shares at a fraction of the cost per user without costly migrations or new hardware. You also don’t have to allocate precious resources, time, and money towards migration projects. What are the costs? For even the smallest installations consider some of these line items:

Licenses & Support:

Citrix UPG XENAPP Ent from ADV 1U conc conn easy licenses   $122

Citrix NetScaler gateway ENT VXP License & Maintenance   $921/user

XENAPP Ent 1 conn user easy license $315

CSS Select XENAPP Ent X1 concur US support 1yr $82/yr/user
Citrix NetScaler Gateway ENT VXP License & Maintenance $921 one time
CSS Select NetScaler Gateway ENT VPX Maintenance 1yr $212/yr
LIC/SA OLP Windows Server Standard 2016 2-core $165
LIC/SA OLP Windows RDS CAL 2016 NL User $198

Hardware:
Intel® Xeon™ Processor at 3.4GHz/2MB Cache, 800MH $8,630

Labor:
6 Build W2012 R2 Server for Install and Config of Citrix $155 $930
6 Install Storefront/Delivery Controller & XenApp Adv Server $155 $930
10 Install and Configure New NetScaler Gateway Ent $155 $1,550
4 Install all Applications and Programs $155 $4,165

Have your eyes glazed over yet? What really is the dilemma with using Citrix for remote desktops and secure file remote access?

Bottom line – it’s expensive and it’s complicated. There’s a lot of overhead and it requires an army of engineers to support. It can be a huge bandwidth hog. There are other factors as well that contribute to making MyWorkDrive your easy file share remote access alternative. Some additional factors to consider and flush out before choosing what path to take when enabling secure file remote access and secure file sharing include:

  • Licensing: Citrix XenApp and XenDesktop run on Microsoft RDS, making it necessary for companies to buy and maintain licenses for both. Plus, all Citrix environments need some up-front investment in hardware.
    Complexity: Citrix technology is not cloud-native, and its components are siloed, meaning that multiple consoles are necessary to manage the environment.
    Overhead: Not only do administrators have to manage and update the underlying infrastructure, they have to update every endpoint through the locally-installed Citrix Receiver client. RDP comes installed on every PC enabling automatic updates.
    Expertise: Citrix admins aren’t cheap, and you need a significant squad to make the technology work.
    Performance: While we acknowledge the high quality of Citrix’ HDX media suite, it isn’t necessary for most desktop use cases today.
    End-user Training: Very expensive, time consuming and complex.
    Bandwidth Hog: The more users the slower everyone works.

 

According to the Parallels.com blog dating as far back as 2008- “This means customers will not receive any patches or support after the EOM and EOL period, respectively. As the flagship product of Citrix, Citrix Virtual Apps (formerly Citrix XenApp) enjoys a larger customer base than other Citrix products. Because the majority of corporate environments are still working on Windows Server 2008 R2, the customer’s only option is to upgrade both the underlying Microsoft operation systems and the Citrix product to the newer version. Alternatively, customers can continue with the unsupported 2008 R2 environment, which is far from ideal. Citrix Virtual Apps (formerly Citrix XenApp) is a customer-facing product that delivers services outside the network to a range of devices and users including home users, mobile users, and other computing devices. Without proper maintenance, a virtual environment cannot remain robust and reliable. Customers require full maintenance and support when it comes to delivery of their critical line-of-business applications.”

Now that was from 2008. It’s ten years later now in 2018 and how many users are still on EOL products? It’s a scary answer to admit to. Decisions have to be made and if you want to set up a hybrid cloud type of environment or a complete private cloud environment then MyWorkDrive becomes the clear winner hands down. MyWorkDrive is easy to install, easy learning curve for users to adapt to, and fast to get up and running. Don’t migrate, start to collaborate and instantly share files and allow editing online easily again without VPN, syncing, or complex Citrix migrations.

 

By Jackie Bruckman

###

 

How to Prevent Data Leaks in a Collaborative World – MyWorkDrive Version 5 Review

MyWorkDrive is honored to have been reviewed by StorageSwiss for our new data leak file share security options now available in version 5.  The team has worked very hard to bring these new features to the market and we are excited to solve the secure file share remote access problem for enterprises.  Read the review..

Disaster Recovery Planning with Microsoft Azure and MyWorkDrive

Data Leak Prevention and Disaster Recovery Planning

Combine MyWorkDrive with Azure File Share for a File Share Disaster Recovery Solution

Disaster Recovery Planning isn’t just about data leak prevention. Along with ransomware, malware, viruses, phishing, and other cyberattacks, a serious Digital Protection Officer must plan for natural disasters as well. There’s a lot about Digital Transformation and the Internet of Things but essentially it all boils down to being constantly connected and every device that’s added and every computer networked is another entry point of disaster. Recently while attending the Gartner CIO Symposium in Orlando, Florida I had a long conversation with the CIO for a small island country that experiences strong hurricanes. The country had been hit hard by several recent hurricanes and their emergency plan included physically moving hard drive back-ups of their data center from low lying areas where government offices were located. Many San Francisco based companies have colocations dispersed throughout the country or state because of earthquakes. Solar farms exist to just power servers since the lack of electricity could render Blockchain completely useless.

What happens to Enterprises who lose their data or has their data breached? They can lose customer trust, clients, investors, and find themselves scrambling to gain back market share or worse yet never recover due to the damage or perceived damage done. Unfortunately, major cyber-attacks have become all too common as bad actors have become more efficient, pervasive, and emboldened. We have all heard the headlines from various sectors including credit cards, credit ratings, political institutions, personal information like medical history, personal emails being publicly leaked, and other nefarious acts. Data leaks and breaches can mean big money for hackers who sell credit card information to the highest bidder especially around major holiday shopping seasons.

What about data centers and cloud platform providers that house other sectors that when data is breached it can mean a national security disaster or a major economic meltdown.

Major sectors including government, healthcare, financial, and educational institutions must depend on stringent security procedures and major disaster planning and contingencies. It’s not just companies like Apple or Amazon who worry about losing data integrity. 2014 gave us the Sony Pictures, JP Morgan Chase, eBay, Home Depot, and Anthem debacles. The Sony Pictures hack got a lot of infamous notoriety because of the North Korea connection. 2016 gave us the Russian attack on the American electoral process. The American power grid is vulnerable. Airlines and airports have been hacked. Now in 2018 it’s common to hear about issues almost on a monthly basis and so much so that there were 40,000 attendees at the RSA Conference in San Francisco this year.

Enterprises and institutions can’t be too big to fail. Disaster recovery is all about planning for the worst and then having a back up plan to that plan. Failovers must be ready to go and be deployed instantly. If a network has been compromised then much like a cancerous tumor, the virus must be excised and extracted quickly before spreading. Shutting the network down may cure the symptom but the malignancy may exist on a cloud platform that you have absolutely no control or ownership over and what then?

Having a hybrid cloud type or private cloud set up where a backup of your most critical files can exist on a non-networked server and either be deployed or retracted and contained as a silo as needed to shore up vulnerabilities is key. In turn you can stay agile as you revert back to the on-premise uncompromised file servers with secure file share remote access provided by MyWorkDrive’s patented technology.  Think of a castle with high stone walls and a moat and retractable bridge. When under attack, the bridge goes up, the moat water level rises and the innermost sanctum behind the fortified walls carries on business as usual.

Before you have a major outage and disruption and chaos ensues, you need to have done some homework first. Important preparation includes being very aware of what risks your enterprise will face including how much downtime is manageable, a full inventory of critical digital assets, and identifying all aspects and steps of the back-up process. You will need a redundancy structure and rollback/failover process and identify what applications must stay up and running or be brought back up first and triage as necessary. What is your escalation process and what key stakeholders must be looped in and when do they get notified? The team must establish rules of engagement and then go through drills and concurrently have the best data center provider possible. You should have a full audit and include a full diagram of your network and identify weak points and create redundancies and contingencies accordingly.

What if we told you that you could restore end user access to files within minutes of an outage, a system failure, or a power outage? No more need to hit the panic button! Also- what if you didn’t need an expensive DR site to make it work?  This isn’t an IT pipe dream. It’s cloud disaster recovery with Azure File Share Sync services!  Let us show you how:

In the event of a critical emergency users can instantly connect to a MyWorkDrive server in Azure connected to Azure File Shares to access files and edit documents online from any web browser or mobile device.  Once the emergency has passed any changes made are automatically synced back to on-premise storage.

How it works

Azure File Share Sync enables enterprises with on-premise file shares to sync them to Azure File Shares stored in Microsoft Data Centers or to remote locations.  Microsoft has recently announced general availability of Azure File Share Sync and it’s now fully supported.   MyWorkDrive has partnered with Microsoft since its initial preview last year – https://www.myworkdrive.com/azure-file-share-sync/.

To get started customers simply sync their file shares to Azure using Microsoft Azure File Share Sync Agents – https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning, setup two virtual servers in Azure – a backup domain controller for emergency user authentication and a MyWorkDrive Server for users to access files pointed to Azure File Shares synced from on-premise.

Azure File Sync can be implemented with minimal overhead by installing an agent on company file servers.  In addition to supporting offsite syncing, Azure File Shares can be connected to Azure Backup. Azure Backup offers Azure backup as a service. It is cloud native and uses file share snapshot technology to capture the point-in-time state of the cloud file share. Since the snapshots are incremental, the storage consumption for backups are minimal.

In an emergency user are instantly able to connect to their company file shares via any Web Browser, Desktop PC or Mobile device!  When the emergency is over any changes made are synced back to on-premise storage.

Users can be up and running in minutes and continue productivity, agility, and efficiency with added layers of security after what would have normally brought a company to its knees and a grinding halt.

Utilizing Azure with MyWorkDrive now can be a standard operating procedure in Disaster Recovery Planning for major companies and enterprise size institutions.

 

 

MyWorkDrive Version 5 Released to Production

We are pleased to announce version 5 of MyWorkDrive is now available for full production download.  We have dubbed this our “Security Update” and released it as version 5 as it’s the most robust security release in the history of the company.  MyWorkDrive CEO Dan Gordon says, “We are proud of Version 5 and happy to offer major security updates including a new critical feature that allows encrypted views of locked down documents and sixty other file types in MyWorkDrive’s web browser client. Version 5 also prevents a user from downloading, printing or copying with watermarking text overlays and extensive logging. Our clients asked for critical security enhancements and we are happy to deliver them.”

Watch the Webinar

 

 

New Version 5 features

Web Browser Client

  • View 60+ file types in the browser without downloading
  • Data Leak Prevention Features: Access files while preventing downloads, clipboard copy or printing
  • Watermarking of all files to prevent printing and screen photos

Mapped Drive

Server

Mobile

  • Mobile Browser Client Improvements
  • Open documents for viewing without needing Office in Mobile Apps

Numerous enhancements and fixes – Release notes are here.

 

To Download Login to our portal here.

*Upgrade note: Existing customers can upgrade for free in place.

Questions? Need a trial extension? Email us at sales@myworkdrive.com or Phone: 877-705-4997

Why MyWorkDrive?

Version 5 continues our strident efforts on providing data leak prevention best practices and governance compliance with many security enhancements especially tailored to the Government, Healthcare, Financial, and Educational sectors.  MyWorkDrive connects to your Windows Active Directory and enables instant secure online collaboration and editing with O365 using active directory and optional Duo.com two factor authentication.  You own your data, no third-party cloud migration needed with a secure web client, desktop mapped drive, or iOS and android app enabled editing.  MyWorkDrive is easy to install and manage for multiple stakeholders in various remote locations.  Major regulatory compliance standards including HIPAA, GDPR, FINRA, and FIPS are easily attained while using MyWorkDrive to securely access and share files for Enterprise agility, efficiency, and lower cost of ownership.

The mobile workplace is a reality that every CTO knows that involves multiple stakeholders across various time zones and locations who need to collaborate often in real time. As we have heard in the headlines, one simple click on a wrong link in a phishing type email could compromise an entire network’s security, an enterprise’s brand reputation, eradicate customer loyalty, or render an institution’s governance compliance null and void. Conventional remote access via VPNs do not guarantee privacy and are expensive to maintain. MyWorkDrive’s Version 5 solves critical data protection problems.

 

HIPAA Compliant Secure File Sharing Access

The Healthcare industry is a valued target for cyber criminals because of the information gleaned which includes social security numbers, medical histories, insurance information, email address, and more.  HIPAA and HITECH compliance standards ensure the privacy of personally identifiable information (PII).File Share HIPAA Compliance

Valuable targets include health insurers, healthcare providers, various entities who are service providers and insured individuals because on the black-market prices are higher for health records rather than just credit card numbers. Healthcare industry cyberattacks result in identity theft from files shares where more data can be stolen, your insurance information can be held hostage and major brute force attacks and phishing attacks are easy to carry out because with more information the attacks can seem more legitimate and easier to execute.

Similarly, when it comes to medical data correspondence it’s easy to get unsuspecting people to open the correspondence or respond to a malicious solicitation unknowingly.

The Healthcare industry is focused on total digital transformation more than ever.  Cybersecurity and data theft prevention of PII stored in file sharing systems must be at the forefront of an operational enterprise’s business priorities and they must plan accordingly like any big business and not carry out initiatives like a minor service provider.

For most enterprises who provide medical benefits to employees, most of the interaction is with the actual broker and insurance provider or aggregator including major HMOs who have their own apps for health information file sharing which can be easily compromised.

Data Theft Prevention to comply with HIPAA and HITECH needs to start with deciding what files will be preserved and migrated to critical file servers.  As with any digital transformation endeavor, the first stage is deciding what files to keep, how to categorize that information and finally to prioritize it all.

Consider this typical patient scenario:  Unless you are able to visit your family doctor who has treated you since you were a child, you know you are only as relevant as the latest medical information uploaded and entered into your ‘file’ and even then there are always corrections needed.  Your last doctor visit may have included checking in to the appropriate department and building by swiping your medical card which then brought up a plethora of information to the admin person running the front desk.  Any balance still owed to the provider and any co-pay payment was promptly taken care of before waiting to see the doctor.  At this point you are then inserting or swiping a credit or debit card in a payment terminal and entering a PIN number if necessary and approving the transaction. You are then shuttled to the appropriate exam room and then wait again for another person to enter, confirm your information on a portable wall mounted computer and then proceed to take your vitals and enter them into the digital chart open in front of them. Any medications are confirmed and re-ordered as necessary to be filled at the pharmacy of your choice and then you wait again for the actual doctor to follow through on the exam you made the appointment for.

Your chart and medical history and personal information is confirmed yet again and more info is entered about you including an email address where you can be corresponded with and contacted.  If you have a medical provider HMO like Kaiser then you visit the pharmacy in the same building and swipe all your personal information yet again.

Additionally, you have made several points of contact and given them everything but a pint of blood or your first born. But wait! What if you did have a child at this hospital? They do have your first child’s info and probably your blood type and then lab results on any of your blood taken. Maybe you had a certain genetic test ordered as well for cancer prevention.  At this point, literally your entire life, your chromosomes, your blood, your prescriptions, everything that makes up YOU is stored in a computer or computers and your only protection or guarantee that all of this will remain private is how well this particular healthcare enterprise has put some kind of firewall between your critical information and any cybercriminal with a keyboard who makes their living on the black market of ransomware, brute force attacks, phishing, and exploiting any weakness possible. A stolen credit card number spending spree has nothing on a healthcare provider falling victim to a calculated file share cyberattack targeting Personally Identifiable Information (PII).

Besides deciding on what data must be migrated and preserved then the issue becomes one of monitoring and controlling and being constantly vigilant.  Data theft prevention and Disaster Recovery planning becomes a full-time job whether it’s employing staff and/or engaging resources and providers to be at the ready for solutions to mitigate any known or unforeseen pending threat.  Healthcare professionals, insurers, doctors, nurses, and medical staff are trained to be the epitome of trust however what happens to an institution or healthcare brand hit with a major attack like what happened to credit score companies like Experian? They will lose customers.   In the United States, patients are customers and customers have choices of providers.

For affordable health care exchanges, a simple hack of the enrollment web site would render some State governments into a complete state of chaos and an already burdened system is not too big to fail and if enrollment drops off then costs soar. Emergency rooms become the main source of medical care and even then, there is no guarantee of adequate care.  In other words, the Healthcare industry in this country is ripe for a major attack and it’s not a matter of if, it’s a matter of when.

So, what to do? First off, don’t panic and then you need to engage trusted partners to help you navigate the quagmire of data loss prevention, data theft, and data protection. There are laws already governing medical privacy including the well-known HIPAA that is the gold standard for all things concerning patient’s privacy. HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. Also known as the HIPAA Act for short. It’s a US privacy law put in place to protect medical information including patients’ records and allow for confidential communication between patients and medical professionals. The HIPAA Act has many components including portability of medical coverage in case of job status change and to prevent fraud and abuse and mandate a set of universal standards that the Department of Health and Human Services has jurisdiction over. The main component that is most well known in the data security business and enterprise employment rules and regulations is the right of patients’ medical history and information –  No matter what.

Being HIPAA compliant is understandably the number one goal and that compliance is regulated so it must be controlled and monitored constantly and checks and balances must be put in place and regularly used. There’s no such thing as being mostly HIPAA or HITECH compliant. On the heels of regulation additional service providers have stepped up to fill the void of data security where the need of most healthcare institutions is treating patients – not data privacy file share protection. The healthcare industry is already rife with critical obstacles and now is exploding as everyone is trying to streamline and become totally digital and have information shared easily across multiple platforms or those multiple platforms being coalesced into a single storage provider. Healthcare related Start Ups are popping up everywhere and are ubiquitous and plentiful wherever Venture Capital investors and interested parties are gathering because of the urgent need for major disruption in the industry behemoth.  Apps and online accounts are replacing advise nurses and mailed post card appointment reminders. Several app Start Ups in the Healthcare sector are seeking to be the go to woven fabric or data aggregator that joins the ecosystem of a patients’ medical history and ongoing care across several providers and platforms.

But who stores these company files and keeps this data from getting into the wrong hands? Several cloud storage providers have made their services known by targeting this industry with very expensive advertising campaigns. Cloud storage and cloud-based file share servers are more popular than ever but just because technology has streamlined, organized, and centralized, does that mean that several industries must follow suit and hand over their critical digital assets for outside ownership and storage just because it’s easier now?

Take a step back and picture the doctor’s office of days of not so old. Rows and rows and rows of manila folders full of paper and test results and meticulous notes stacked from floor to ceiling and categorized by year and alphabetized by patients’ last names. Imagine if a truck pulled up and took all those files and then drove thousands of miles away and loaded them all into a warehouse and then told you not to worry, that they have industrial locks on the doors and a climate-controlled environment and that there are guards on duty 24/7. The only way you can access the files are by opening a computer screen and typing some words or numbers into a search box and hope the right search result comes up with the best information. Now imagine that the power goes out, the warehouse has a disastrous fire, or armed thieves break in and run off with all the manila folders and sell them to the highest bidder who can never be traced, then what?

Healthcare service providers and insurers and medical institutions are in the business of providing the best care possible to customers who qualify based on cost and services provided. They are in the business of making people well and preventing disease and curing the sick and conducting research to combat the latest real-world viruses. They are not in the business of constantly upkeeping and transferring and sharing files across the country in the most secure way possible and having to worry about computer viruses – Until now. There is no excuse for any modern PPO, HMO, EPO, POS, or private practice specialist to not have a HIPAA & HITECH compliant file share theft prevention and disaster recovery system in place.  That includes State and Federal governments who monitor and administer exchanges under the Affordable Care Act.

Major enterprises including HMOs and Government entities that administer healthcare exchanges are in desperate need of consolidating systems and having a data security tool that allows on premise users to access and share data remotely as needed with guaranteed secure access and mandated HIPAA and HITECH privacy precautions in place. If disaster strikes and a cloud storage provider is hacked, or data is breached somehow these users should be redirected to an on-premise server and/or standby server that has been backing up and storing data. With an encrypted secure tool, users could instantly access that data by using a secure web login, a local active directory mapped drive or a mobile app and instantly be still in business and have a patients’ info at the ready while maintaining security.  MyWorkDrive.com provides this extra layer of protection, privacy, and recovery.  An army of IT staff does not have to be employed ongoing and deployed at every instance or issue of downtime or data loss.  MyWorkDrive has recently been certified as a DUO Authentication partner, Skyhigh Cloud Trust Enterprise Cloud Ready and the US Federal Government FIPS encryption standards and now offers encrypted view and watermarking of all files preventing users from downloading, copying or printing files as an added layer of data theft prevention   No files are ever stored, migrated or processed by MyWorkDrive – All files remain stored on the customers own secure file shares.

There are many choices for cloud storage and file sharing including huge providers like AWS and Google Drive and smaller players as well including Egnyte and Sharecloud.  None of these providers can guarantee absolute total compliance and by their very nature of being cloud based and depending on shared cloud storage and mobile user management to secure files. If you are in the Healthcare provider business or a government institution mandating and monitoring the healthcare industry you need a data security tool that will do what no one else is able to do including OneDrive, Dropbox and Azure cloud.  You need total control over data storage, access, ownership, privacy, management, and recovery.  MyWorkDrive allows flexibility, lower cost of ownership, agility, more productivity, and guaranteed privacy so you can focus on the core competence of your practice. There is no need to compromise and go with a cloud-based file storage solution with MyWorkDrive.  If you are going to go with a cloud-based solution then you need to take a long hard look at the best plan of action for disaster recovery, file security, ownership and control.  Again, it’s not a matter of if PII information is leaked, it’s a matter of when.   In healthcare, prevention is the mantra as it should be.  Your patients’ medical information and data privacy should be no exception.

 

 

 

 

Private Cloud vs Public Cloud: Secure File Sharing and Data Security in 2018

Private Cloud

Private Cloud and Public Cloud – what’s the difference and why should you care?   Your photos are in iCloud, your music is in iTunes, your documents are on Google Drive, your work email is in Outlook, your Excel spread sheets are in One Drive via your office network, you have web hosting solutions with Amazon Web Services, your books are on Audible, your car payment, electric bill, mortgage if you own a house are on automatic pay via your service providers’ access to your online checking account, your favorite movies are on demand or streaming, and your house is run by Alexa.  Basically, your entire personal and professional life is in the Public Cloud. The Cloud is everywhere. But at the end of the day, the Cloud is just someone else’s server.  What happens when VPNs leak data or ransomware runs amok? Geeky insular terms like ‘botnets’, ‘DDoS’, and ‘Malware’ have become the new science fiction buzz words in popular culture and have replaced the old generic term ‘spam’ which doesn’t sound as fierce as the term ‘hacking.’  People have come to expect random messages from friends or family members stating their Facebook account was hacked and to not accept a recent invite or ‘my gmail was hacked’ so don’t respond to an email from me.  The alarm bells have already gone off regarding the energy grid being attacked in a cyber war and there are popular TV series and movies based on post-apocalyptic society fighting over resources.

Most of our devices have been made elsewhere including factories in countries where intellectual property and patents are not as protected and regulated like they are here in the United States. Cell phones may be personal and always kept in your private possession but when you are carrying a mini computer in your pocket and using wifi all the time you are not private and you are not secure.  Short of carrying an old-fashioned flip phone, having your own exchange server behind your own firewall or paying all your bills using the US postal service, what can you do?

Keep data in your own Private Cloud. What is a private Cloud? According to Gartner, Private Cloud Computing is a form of cloud computing that is used by only one organization, or in other words- a private cloud ensures that an organization’s critical digital assets are completely isolated from others.  Learn more

Try to minimize how much you rely on public cloud services by keeping data in your own private cloud.  Lock down your passwords and do not click on any link or email you are not sure about.  Keep all your critical digital data assets on premise and secure your on premise data servers with back up virtual machines housed at a Tier 3 or Tier 4 collocation hosting facility.  Get MyWorkDrive to sit on your windows active directory and use it with an app and secure browser login to have secure remote access to your files without having to use VPNs or migrate your business files to the cloud.

You may have some initial start up costs but the lower monthly re-occurring costs will be well worth it as you watch everyone else around you get hacked, have data lost or stolen, or having to employ a disaster recovery service to stay competitive and relevant.

Content collaboration platforms have replaced enterprise file sync and share services, different name, same methodology. You create a document, you sync it and send it to a cloud to live. Your co-worker accesses the file, edits it and uploads new edited version back to the cloud.  Staying productive and efficient is any CEO’s dream but their number one goal is cost of ownership savings.  So why migrate when you ultimately just want to collaborate? This is a business question that must be answered clearly and succinctly.  VPNs cost a lot to maintain and upgrade and 3 year licenses may save some money in the long run but we have done a deep dive on the actual annual spend to support VPNs for an Enterprise with 1000 or more users.   You are looking at potentially spending $260,800/year!   That doesn’t even factor in the cost of mobile device management and constant vigilance by the IT department as well as the costs of seats and admin permissions for various portals you are using on any given day.

Cyber security professionals have predicted that within the next 5 years we will experience some kind of frightening attack that will disrupt life as we know it and render your cloud files absolutely useless.

Data security needs has led to data regulation compliance where simply relying on another company’s servers may not be good enough anymore. What happens when cloud providers go down or a hostile enemy holds data for ransom? Months or years’ worth of work and critical digital assets get lost or stolen.

If you run a design company your file share needs may vary. But what if you are running a research lab or a government defense project? Data security is relevant and always critical.  Every eCommerce operator knows that you must comply with data encryption for credit card numbers and customers’ data.  Other rules apply depending on the enterprises’ needs. The Healthcare industry must comply with HIPAA regulations.  Companies doing business with the EU have strict rules dictating general data protection regulation known as ‘GDPR.’  FNRA for the financial sector and on and on so that no one should assume that just because you use cloud storage for files that your cloud provider is also compliant with all data security regulations.

Top 10 reasons to keep data and secure file sharing under your control

  1. File sharing and content collaboration is key to company growth, productivity and staying agile.
  2. Current Cloud based file share solutions rely on Enterprises migrating all crucial assets to the Cloud.  These endeavors take months to plan and sometimes years to execute as budgets are revised and personnel and priorities can change.
  3. Clouds get hacked and ownership and control of data is lost.
  4. Mobile Device Management is time consuming and costly
  5. Data regulation compliance is a huge endeavor and costly
  6. Productivity is lost when files have to be synced before being shared
  7. Compliance- HIPAA, FNRA, GDPR, FERPA and more depending on sector and industry
  8. Agility- staying productive is key for staying competitive & relevant
  9. Collaboration- how to instantly edit and share online w/o syncing
  10. Productivity – critical time is consumed by migration projects. Who decides what gets saved to the Cloud?

 

Jackie R. Bruckman, CMO

MyWorkDrive

jbruckman@MyWorkDrive.com

Top 5 File Sharing Content Collaboration Risks

Organizations of all sizes are reviewing the impact of moving files to the cloud for content collaboration.   We put together these 5 risks of cloud based content collaboration.

Content Collaboraton

  1. Security– The number one risk facing any Enterprise that decides to put most, if not all their critical digital assets on a third-party cloud provider’s platform is security. ‘The Cloud’ after all is just some other company’s server.  Depending on the line of business or sector you are in, your Enterprise may use a mixture of several platforms for content collaboration among Enterprise users.  You may employ a mixture of private, public, and hybrid cloud services for day to day operations.  If you run an eCommerce business maybe you rely solely on AWS while managing your own Exchange server.  If you are a healthcare conglomerate you may use a mix of cloud providers that are HIPAA compliant as well as critical data hosted on-premise but managed by third party vendors.  Some financial firms and legal firms still use Google docs for content collaboration on cases and logging client attorney privileged information. Governments and Educational institutions are still relying on some mixture of on premise main frames with various communications living on cloud-based services and hybrids of networks having to be supported, updated, and maintained for running operations.  What happens when cloud providers are hacked?  Whether it’s malware, ransomware, data breaches, or outright data theft, the news is rife with scary headlines about data integrity loss and massive breaches whether it’s voting machines, financial records, personal information like social security numbers and credit cards, or private conversations that have severe repercussions.  The DNC, Sony Pictures, Equifax, and the Pentagon are just some of the victims of security breaches and data theft.  Worrying about security with cloud computing is not just worrying about identity theft, it’s also a matter of national security.
  2. Secure Access– most often you log in to content collaboration platforms with a username and password. These identifying factors are stored in the cloud computing service you are using and paying for on a monthly or annual basis.  Some providers give you the option of two factor authentication and it’s highly recommended to employ it for an added layer of security.  Setting up a text to your phone with a code to add when logging on is a great way to protect your login information.  But what happens when these third-party cloud providers get hacked?  Suddenly your user data and passwords are not controlled by you anymore and depending on the time it takes for disaster recovery or prevention and data loss mitigation, you are no longer compliant and you no longer have access to your most critical personal information.  Not being able to see your bank balance is one thing but also not being able to see your medical test results or purchase history is at best totally annoying and at worst, completely debilitating.  We have grown accustomed to even the most trusted partners sending an ominous message requesting you change your password immediately and we have learned the hard way to not trust that initial message as it may have come from a nefarious source.  As we have seen repeatedly, password change requests are often phishing from bad actors.  Mobile Device Management (MDM) and Bring Your Own Device (BYOD) are added layers of what any IT Department must consider and factor in when maintaining and mitigating security risks.  The CEO wants to access files from their phones from any remote location and the CRM wants to be able to update customer accounts on the fly so there is no such thing as just a single point of failure across a network anymore.
  3. Data Ownership and Control– once you upload your data to the cloud, you are essentially giving up control and ownership of your data and critical files. For any kind of real content collaboration you are reliant on your files always be there and always being accessible.  You usually have to sync your files before you can share.  Enterprise File Sync and Share platforms are made to house your company assets whether you are a graphic design firm having to share images with clients or a company that relies on google drive as some of kind of data room to house passwords, share reporting across multiple stakeholders and locations or edit and collaborate with several different types of files whether it be Profit and Loss files, Excel spreadsheets or project management assets.  All these files may be yours or a mixture of yours and your various clients but at the end of the day you are not in control of these files and assets.  They are housed elsewhere and relying on VPN or remote access logins and licenses that are complicated in scope and cumbersome in any kind of recovery.
  4. Migration– data migration to the cloud is a huge project for most Enterprises. First, decisions have to be made around what will be migrated and synced and shared to the cloud. Folders and files have to be cleaned up, backed up, and servers that need to be decommissioned because they are too full, too old, or too vulnerable for whatever reason need to have their housed data live somewhere before they are sent to the hardware graveyard.  An entire Enterprise has to be restructured, analyzed, and strategized around best practices moving forward. How will be files be organized and what departments have access to what data ongoing are only part of what needs to be folded in as CTOs and CISOs draw up migration steps.   FNRA, HIPAA, and GDPR are only some of the regulations and compliance rules that dictate how data must be treated and shared in this modern digital age.  There may be a public server being utilized in any size Enterprise that allows departments and offices across geo locations and time zones to be able to access files and update them and share information but who decides what stays and what goes and how public that public server will remain.  Most companies need to stay agile to maintain growth and productivity and efficiencies can be lost during migration periods as files go missing or access is denied or remote VPNs no longer are happening the same way.  If a user base is not totally tech savvy then learning curves and new ways of conducting business have to be factored in as data migration projects kick off.
  5. Cost of Ownership– Step 4 reminds us that migrating to the cloud can be just as costly and cumbersome as relying on the cloud for normal operations. Most cloud service providers for content collaboration average about $20/license per month and that’s an average.  There are also added costs of support sometimes and premium services charged depending on the sector and needs of the business ongoing.  VPN maintenance ongoing for most Enterprises comprised of 500 to 1000 users cost on average around $288,000 per year.  Enterprises need to keep costs down as competition and innovation rule the game and company growth is paramount.  If you have to add yet another expense line item that includes IT budgets then productivity is compromised as any Enterprise may rely on several cloud providers for normal operations depending on where accounting, reporting, customer service, critical files, and more are housed. Access to all and communication between them is silo-ed and mutually exclusive depending on the nature of your business and how fast you have been growing.

MyWorkDrive is the answer to all these risks.  Security, secure remote access, migration, cost of ownership, and data control and ownership are all mitigated and risks diminished whether you maintain a private, public, or hybrid solution to content collaboration and cloud computing.  You don’t have to migrate, you pay less for each license, you are guaranteed secure access with tried and true NTFS permissions and no one single point of failure.  Your users can access data rooms from a mobile phone and edit instantly online.  No more having to sync in order to share. MyWorkDrive also offers Duo authentication and has been certified as a trusted partner with various vendors including Azure and Office365.  Stay agile and stay secure and keep your cost centers down as you seek to make your Enterprise stay competitive, relevant, and productive in this digital transformation age.  If your organization is a government regulated Enterprise or involved in Healthcare administration or a financial institution then all the more reason to check out MyWorkDrive.  No more VPN headaches and ongoing maintenance and renewals.  No more complicated remote logins or confusing approved access.  MyWorkDrive is easy to install, easy to login, and easy to start working immediately.  No more headaches around what to do with what file and what stays and what gets erased.  MyWorkDrive is a secure way to remote access your most important files and edit and collaborate online instantly with whoever you give permission to.  Using a secure browser login, a mapped drive from a network desktop, or a mobile login on an iPhone or Android keeps you connected, collaborating, and productive without massive costs, security risks, or migration worries as all data stays on your own servers under your control.

 

 

RSA Conference 2018 Takeaway: Cloud Computing Is Not Secure

Data security and privacy compliance regulation was top priority at RSAC2018 because of the EU’s GDPR deadline looming next month on May 25th. Last week San Francisco’s Moscone’s Center was host to the security show of all shows, RSA2018 with over 500 vendors and 40,000 attendees from all over the world.  One thing became very clear from all the exhibitors, keynotes, speakers, special programs, and podcasts – if you rely on the cloud then protecting your data and securing it is critical for file sharing.

As the only file sharing/file remote access software solution vendor at the RSAC show, MyWorkDrive had amazing feedback and an overwhelmingly positive response exhibiting and providing demos at our booth of our latest version release.   RSAC Broadcast Alley was host to MyWorkDrive’s CMO, Jackie R. Bruckman and MyWorkDrive’s CEO, Dan Gordon recorded live discussing all the ways MyWorkDrive can help Enterprise in all sectors stay secure and compliant.

MyWorkDrive met with decision makers and security professionals from all over the world and has been busy on-boarding new clients this week immediately following the show.   MyWorkDrive had an overwhelmingly positive response demonstrating our secure file share remote access solution at RSAC2018 for enterprises .   The overwhelming take away was that many Enterprises need MyWorkDrive to simplify their data security compliance for safe file sharing while making users more productive and reducing costs of support or migrations to new Enterprise File Sync and Share (EFSS) systems.

The Cloud is only someone else’s server after all and it’s time for many sectors to think outside the cloud.   Windows file sharing with NTFS security is tried and true and may not be as glamorous but we are empowering Enterprises across the globe to make the right decision about their most critical data while making users more productive and eliminating the security risks of cloud storage.

Windows File Server GDPR Best Practices

Windows File Server GDPR Best Practices On May 25th, 2018 all business that handle EU personal data must be GDPR Compliant.   From the perspective of a Windows File Server, personal data is of the greatest concern for GDPR compliance.    Companies outside the EU assume that GDPR does not apply to them however every interaction with […]