Tech Insights

rss

Contributor Columns on Information Technology and Security

Which is More Secure: Cloud Hosting or SSL VPN?

File sharing services are an increasingly common tool for the mobile workforce, an employment trend that has proven to be highly beneficial to both corporations and employees. The ability to access and share important documents, while working collaboratively with others in multiple locations and on different devices, empowers employees to enjoy better work-life balance and flexible workflow. Simultaneously, senior management experiences business growth derived from an increase in the productivity of employees. 

File sharing services are an increasingly common tool for the mobile workforce, an employment trend that has proven to be highly beneficial to both corporations and employees. The ability to access and share important documents, while working collaboratively with others in multiple locations and on different devices, empowers employees to enjoy better work-life balance and flexible workflow. Simultaneously, senior management experiences business growth derived from an increase in the productivity of employees. Alongside these benefits, the use of file sharing services also opens a proverbial Pandora’s Box for an organization’s IT administrators. When considering various file sharing services, the risks of exposure of personal files, malware and virus attacks, and identity theft are some of the security threats that must be addressed. In order to optimize the benefits of file sharing for the mobile workforce, companies must strike a balance between the convenience of accessing and sharing corporate resources remotely and the potential risks that may ensue.

This line of thinking was visible at the RSA 2014 conference in San Francisco where a panel of IT security experts engaged in the ongoing debate over the safety of cloud file sharing. Proponents of the cloud claimed that perceived security concerns are overblown and fears shouldn’t prevent IT professional from migrating data to the cloud when it could be an asset to company goals. They said it was primarily a matter of comprehensively vetting the security protocols of cloud providers. On the other hand, other IT security experts emphasized that security concerns are still limiting the willingness of companies to make the jump to the cloud.

SSL VPN – A More Secure Option

As the security debates rages on, IT administrators face the daily challenge of keeping corporate resources safe and ensuring business continuity and must decide which solutions are the best fit for their business. While the jury is still out on the safety of cloud file sharing for enterprise use, IT administrators who want to be absolutely sure corporate resources are kept safe, have at their disposal a more effective, convenient and reliable option – an SSL VPN. This highly scalable communications mechanism for secure data transmission provides remote users with access to web applications, file systems and the enterprise network from a standard web browser. It does not require the installation of client software on the end user's computer and can be used to access centrally stored files from anywhere and with almost any device.

While scalability is a priority for IT administrators, the increased level of control enabled by SSL VPN is also a key selling point. Using this type of remote access, IT administrators can exercise granular control over the network through the ability to grant and withdraw access rights to everyone from specific users to data within a certain directory or folder on a file server. An SSL VPN creates a convenient and secure system for users to access the corporate resources required to get their job done, while also increasing worker satisfaction and productivity.

On the other hand, while also touted as a convenient way to access, store and share files, cloud providers such as Dropbox, Box and Google Drive bring on an array of security risks that are not a concern when using an SSL VPN. These include:

Using Consumer-grade Products to Access Enterprise Data

The most prevalent security threat associated with cloud storage services is the tendency for users to share enterprise files with consumer-grade products. As the name implies, consumer-grade products are designed for personal use, not for transferring or accessing sensitive corporate documents. Consumer-grade products typically provide a lower level of encryption and a simple SSL. Employees who are unaware of the security risks or are unknowingly violating company policy by transferring corporate data using consumer-grade products put their organizations at a greater risk of being hacked.

To address this security risk, many companies require employees to use more secure enterprise-grade cloud solutions, such as Box or MS Sharepoint, to enable file sharing amongst employees, customers and partners. However, as more and more companies opt for enterprise-grade file sharing, cloud storage facilities have become a goldmine for hackers. Instead of targeting individual companies or users, hackers looking to steal enterprise data can concentrate their time and effort on hacking into the cloud storage facility and obtain far more data in one fell swoop. Thus, even enterprise-grade products are not entirely safe.

Reliance on a Third Party Data Host

Another security issue associated with cloud storage is that data hosting is outsourced to a third party. Reliance on a hosting company puts an enterprise at a disadvantage by exposing sensitive corporate data and rendering the company vulnerable to attacks. Many companies rely on an outside vendor to ensure business continuity and disaster recovery, but this practice has major pitfalls.

To begin, a bevy of disasters may affect the data center. For example, if the servers of the cloud storage provider fall victim to a power outage, due to a natural or manmade disaster, the services will inevitably be disrupted. Additionally, there is the possibility that the third party service provider will go out of business altogether, causing major business disruption for users. Depending on a third party to host data could result in the loss of intellectual property, reduce employee productivity, damage company reputation and negatively impact revenue.

Lack of Awareness of Security Protocols

Another security risk inherent to cloud storage services is an organization’s compulsory reliance on third party employees and security protocols. While cloud storage service providers have their own security standards, these are often not visible to their users. Without the implementation of a fully transparent network, an in-house IT security team cannot validate the stringency or the efficacy of these security measures. Finally, outsourcing file sharing requires a great deal of trust between the company and the cloud service provider. Internal staff at any cloud service provider has the opportunity to exploit the data being hosted for personal gain.

Conclusion:

For IT administrators that highly prioritize data security, the various risks to corporate resources associated with cloud sharing services are simply too great. In this case, an SSL VPN solution is a more simple, safe and effective way to facilitate IT teams’ ability to enforce security policies and minimize risks, while enabling access to enterprise data.

As an SSL VPN does not require outsourcing sensitive practices to a third party, the associated risks are eliminated. Instead, corporate resources remain stored in a secure corporate data center with strictly controlled access. This grants IT teams visibility and authority over who is permitted on a network, which increases their ability to detect and expose security threats.

2014 promises to be a pivotal year for information security. Escalating and emerging attacks will continue to occur. IT teams need to be on the constant lookout for solutions that will keep data safe. But on the bright side, threat intelligence is more widespread and more than ever there are the tools and information needed to secure systems. As many companies anticipate an increase in IT budgets in 2014, IT teams are wise to sidestep the file sharing security debate and implement an SSL VPN, a cost-effective and fail proof solution that provides secure access and peace of mind.

Siegfried Plommer is the Vice President International Sales at HOB, a market leader in pure software-based remote access solutions, where he manages and oversees international customer/partner relationships. With over twenty years of experience in the IT industry, Plommer has held several positions in sales, business development and general management. 

Showing 0 Comment
Your comment will be shown after administrator's approval







b i u quote

Save Comment
The Number One Menace to All Organizations
 

Learn more about how to protect your organization against this growing menace
https://info.knowbe4.com/ransomware-simulator-tool-its