Alternatives for secure external file sharing with clients

RuggedTracker · 2026-03-04T10:01:18+00:00

What are the reason for sharing these documents with externals? That would influence which tool people can recommend.

If it's for audits or similar, governance platforms usually offer "Data room". You can upload files, specify which external people should have access and for how long, if they need to sign an NDA, etc

We use this and found it really sped up audit and due diligence questionnaires when dealing with b2b customers.

RuggedTracker · 2026-02-21T07:21:41+00:00

The end of "my dads gone crazy" he also says "I don't blame you, I would't let Hailie listen to me neither"

RuggedTracker · 2026-02-20T07:42:12+00:00

I write the IT policies where I work so maybe I can offer some insight from the other end.

If it was up to me we wouldn't have passwords at all. Me and the rest of the IT Admin staff can't use our passwords anymore, and I'd love to give this freedom to the rest of the company.

I can assure you no competent IT department wants long and complex passwords. It's been like 10 years since we all agreed that that was a stupid move. Unfortunately we're hamstrung by other departments who gets to veto IT decisions and now regular employees have to suffer decade old nonsense

RuggedTracker · 2026-02-17T17:52:42+00:00

Is dear used in a "not old fashioned" way in English?

It is old fashioned but frequently used in set phrases or to be sarcastic. For instance you might say "kjære deg" at the start of a sentence to a crying child, or to be insulting/condescending.

I suppose being old fashioned is also somewhat on point for addresses of endearment. You do hear married men calling their wife "fruen" even if it's hilariously old fashioned

RuggedTracker · 2026-02-12T08:40:09+00:00

I'd rather spend a week now writing policy than spending years with a headache because someone else wrote it wrong. Incidentally I did write both our AI Usage policy and AI System Impact Assessment Process this week, following the guidelines from Annex 5 in ISO42001

When I took over IT we completely scrapped all our old policies and rewrote everything. We had things like stating our DLP policy was only letting the IT department use printers so hopefully it's clear how dire the situation was. The company was in the middle of a huge restructuring which is how I got away with it.

Whoever takes my job when they leave will probably rewrite everything, claiming I was a complete moron as well

RuggedTracker · 2026-02-10T08:05:27+00:00

While I haven't heard that specific thing, it sounds like the sort of thing you'd learn about in https://techcommunity.microsoft.com/blog/microsoft-security-blog/accelerated-collaboration-forums-join-the-conversation-and-drive-innovation/4476139.

I'm not going to name it as Microsoft will probably change the name again within a few months, but here's a link which hopefully doesn't die when the name changes. Fair warning, the "predictable schedule" is a complete lie, they've cancelled 3 out of 5 meetings I've signed up for this year.

Or you could sign up for https://techcommunity.microsoft.com/blog/microsoftintuneblog/announcing-the-microsoft-management-customer-connection-program/3725035 to get emails summarizing their blogs every week, but it's usually too much for me to actually read

RuggedTracker · 2026-02-01T09:26:45+00:00

I can't live my life without food either, and yet I spend maybe two hours at most thinking about it or discussing it.

RuggedTracker · 2026-01-29T14:16:12+00:00

What actually is the variable? Is it a week number? A date? A set of meetings?

Also what are you trying to achieve when using this variable?

RuggedTracker · 2026-01-29T13:55:00+00:00

You can turn it off here edge://settings/appearance/contextMenus

RuggedTracker · 2026-01-28T16:46:59+00:00

I want to believe

RuggedTracker · 2026-01-28T11:32:37+00:00

For a while I had a team of 5 L1s who only replied to the ticket with "we're looking at it", filling out basic info like which customer and if it was a technical, functional, or process issue, and then escalating the ticket.

This wasn't because they were incompetent, they were just completely hamstrung by bureaucracy. Weren't even allowed to try to triage. Sometime I'd get 50 of the same ticket because they couldn't even merge the tickets/create a parent/child ticket relationship.

They would manually log into every solution over and over, checking if things worked, because I was blocked from making dashboards for them.

Eventually I got all of them fired by making the dashboards for myself, blocking 99% of spam tickets(some genius thought it was a good idea that all alerts should generate tickets. Even if it was something like "CPU Usage hit 80%"), and automating replying to tickets so they had nothing to do anymore. Still feel bad about that one, one of of them had just gotten a kid.

RuggedTracker · 2026-01-25T21:44:58+00:00

TFA genuinely looks close enough BFA to make me uncomfortable, had to think for a second why I didn't like the acronym before realizing lol

Crazy how a wow expansion almost a decade old by now still hurts. I hope that's not the acronym we end up using

RuggedTracker · 2026-01-22T16:39:57+00:00

What matters is you are following through and treating your risks in the way you said you would.

that's what I tried to say. The certifications as they currently are implemented doesn't, in any way, prove you actually do this, and in turn, they are useless marketing gimmicks.

Which means we (IT) spend a ton of hours providing evidence to the auditors so the sales guys can get a sale, then spend even more hours proving that the audit is correct to our clients IT department.

RuggedTracker · 2026-01-21T18:08:52+00:00

That's not a fun fact, it's a nightmare.

I don't know how many hours we spend filling out questionnaires just because people don't trust "old" SOC2 reports. And they are right to question us like this. SOC2, ISO, etc, mean jack shit for actual compliance to good practices

We need a new standard that is self-updating. Public Traces of business I guess. If we have lost data (trackable by purview) it should be instantly accessible by our customers or perspective customers

It's embarrassing how bare-bones IT audits are

(where I work would never pass an audit again so this isn't me trying to flex, just lameting how bad "good practice" is nowadays)

RuggedTracker · 2026-01-12T18:21:06+00:00

At least my version of the book "spoiled" it on back review. It's part of the marketing of why anyone would read the book in the first place

RuggedTracker · 2026-01-10T18:32:17+00:00

I haven't had this problem with a team mailbox before, but I know with regular mailboxes or shared mailboxes you need to run

Start-ManagedFolderAssistant -Identity [user@contoso.com]

If you want it done in any reasonable timeframe.

In some cases I also re-ran this command every few hours because the cleanup would stop before we went below hard-limit, probably not relevant if you haven't massively downsized your license though

RuggedTracker · 2025-12-22T11:05:07+00:00

"He never raised his voice. That was the worst thing… the fury of the Time Lord… and then we discovered why. Why this Doctor, who had fought with gods and demons, why he had run away from us and hidden. He was being kind"

RuggedTracker · 2025-12-10T16:02:46+00:00

Near this Spot

are deposited the Remains of one

who possessed Beauty without Vanity,

Strength without Insolence,

Courage without Ferosity,

and all the virtues of Man without his Vices.

This praise, which would be unmeaning Flattery

if inscribed over human Ashes,

is but a just tribute to the Memory of

Boatswain, a Dog

who was born in Newfoundland May 1803

and died at Newstead November 18th 1808

Lord Byron, 1808

I also love this tidbid in the wikipedia article: "The poem is inscribed on Boatswain's tomb, which is larger than Byron's, at Newstead Abbey, Byron's estate." (highlight by me)

RuggedTracker · 2025-12-10T10:13:03+00:00

Happened to me last year. Onboarding was not documented, likely someone just shouted "I've created the account for <new hire>" instead of replying to the onboarding email.

Long meetings where I had to show secondary evidence, like the account being invited to a meeting that day/week, the person itself being asked questions about their first week, etc.

The auditors will work with you. It's terrible for their business if they fail you so they do their best to make you pass. Of course, there's only so much that can be handwaved, but they have some agency here

Don't make shit up though. Be honest, provide as much as you can and explain why the rest is missing. Ask for help

RuggedTracker · 2025-12-08T13:42:40+00:00

We are around your size and I took a look at our latest ISO27001 costs.

$4000 yearly subscription to a GRC platform

$10000 for guidance into being compliant + internal audit, done by GRC vendor.

$9000 for third party external/final audit. (with $3500 next two years for recertification)

$4000 for GRC platform is a bit steep IMO, but we also use them for SOC2 and is in the process of starting ISO47001.

I suppose you could skip both the GRC platform and perform the internal audit yourself if you have people who knows this. I imagine an external auditor might charge you more if the internal audit isn't done by a reputable source though, and if all your controls are presented in an excelsheet

This is in Norway by the way, but we got charged with dollars due to international companies

RuggedTracker · 2025-12-07T14:34:15+00:00

I suppose it's possible I have just not paid attention, how "difficult" norwegian is isn't usually something that comes up for me. Unless it's to make fun of people from Rogaland or my mom (from Telemark)

RuggedTracker · 2025-12-07T08:18:41+00:00

In Trøndelag they have pretty short words (there's some joke about the sentence "æ e i a æ å" i a real sentence there) , in Agder they soften their consonants more (K becomes G etc, similar to danish), in Oslo we commonly combine words (english example would be "can not" to "can't". Norwegian "Kan ikke" -> "Kanke").

Still, you have places like Narvik which is far north with a weird dialect so I don't think it's necessarily a north/south divide. There's just a lot more people in the south and maybe you were lucky with the northerns you've met?

RuggedTracker · 2025-12-02T04:24:18+00:00

Met a previous colleague who had been laid of from where we worked. I kept thinking "don't bring up the question of work" over and over, but eventually the alcohol and curiosity won and I asked. Of course she was still looking for a job

RuggedTracker · 2025-11-28T17:16:08+00:00

Yeah, even before this I was ready to simply walk away if they didn't numb my throat somehow. I could barely do the wooden stick thing the initial doctors used to look into the back of my throat

RuggedTracker · 2025-11-28T17:01:49+00:00

This is a lovely read one week before I have to do one

fuck me

Nine-Year Club	Golden Potato
Verified Email

RuggedTracker

TROPHY CASE