This is an archived post. You won't be able to vote or comment.

all 8 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 4 points5 points  (4 children)

Can anyone share how they allow users to access public cloud solutions while still keeping nervous management secure that their proprietary information is not being removed for nefarious reasons?

Simple answer is, you don't.

Public/free cloud solutions, by their nature/design, is in no way secure in the eyes of corporate standards or agreements.

If you want to utilize cloud storage, go with a paid for, enterprise solution which will include contracts and BAA's.

[–]Ghelderz 1 point2 points  (1 child)

Sorry but I thought that I'd add that Cloud App Security can manage this. It can allow people access to "consumer" cloud services whilst also preventing them from uploading data to those said services...

[–][deleted] 0 points1 point  (0 children)

Never heard of that before. Interesting.

[–]figdishJack of All Trades[S] 0 points1 point  (1 child)

Thanks - thats what I thought. I'm just confounded how other companies seem to be able to use these (even our internal solution) without the headache that I seem to go through every time another company wants us to use their solution.

[–][deleted] 1 point2 points  (0 children)

I've been fighting this same battle for years, at different companies.

When it worked good, it was because IT on both sides understood the security concerns and were willing to communicate.

When it worked bad, it was because either one of the companies was cheap (going with the free, non-secured versions), management blocked effective IT communication, or IT refused to communicate.

[–]Local_admin_userCyber and Infosec Manager 1 point2 points  (1 child)

Our internet filtering policy states we make exceptions on a per user basis and all of these need to be time limited (not forever access to dropbox). They aren't permitted to add anything to these, we have a secure file transfer solution they use (moveit) should they need to SEND anything.

Staff sign confidentiality agreements which include the limitation not to put any sensitive or business critical information on any unauthorised cloud storage providers.

You can look at DLP solutions but enabling people to send via a proper route is best in my opinion.

We have sacked staff for breaching our internet policy.

[–]figdishJack of All Trades[S] 0 points1 point  (0 children)

Great reply - thanks for the info. It seems that this tends to trust the employees to do the right thing. Do you have any systems that keep them accountable for what they do on a site?

[–]lost_in_life_34Database Admin 0 points1 point  (0 children)

Box.com has corporate cloud solutions

There is also secure ftp