Are Collaboration Apps Really Protecting Your Data?

min read

Keep your friends close and your enemies closer.

It's a phrase we've all heard before, and with so many software applications designed around communication and collaboration, it's one that's taken on an entirely new meaning. We now live continuously connected through our mobile devices and our round-the-clock work schedules, never more than an arm's reach and a screen touch from all our files, data, and information.

But with such tight quarters, is it possible we've become so closely connected to our friends that our enemies have been drawn even closer?

First, bear in mind that in the cyberuniverse, enemies are usually not people you actually know. Rather, they are total and ill-intentioned strangers. Next, consider how freely and easily you share, send, edit, and communicate about sensitive business information using a laptop, tablet, or smartphone. If those applications are so easy for you and your friends to use, guess who else might be having an easy time using them.

It all begs the question: Have collaboration applications become so easy and effective that their ability to communicate information has actually compromised our capacity to protect it?

We'll attempt to answer that question as part of week four of National Cyber Security Awareness Month. Take a few minutes to perform a self-audit to measure your "apptitude," or how safely (or not) you use software applications to collaborate. Tally up your points as you go and see where you stand.

How Are Your Files Transferred?

If you answered with either TLS (Transport Layer Security) or SSL (Secure Sockets Layer), give yourself a gold star. TLS is the successor to SSL, and each remains the file transfer protocol of choice, thanks to symmetric cryptography, authenticated user identities, and the integrity of unchanged files upon arrival.

  • TLS or SSL = 1 point
  • Anything else = -1 point

Are Your Files Encrypted During Both Transfer and Storage?

Many applications only encrypt files during storage or during transfer but not during both stages. Any time a file isn't encrypted, it's left vulnerable.

  • Encryption during both transfer and storage = 2 points
  • Only one or the other = 1 point
  • Neither = -1 point

Are You Actually Sending Data Itself?

Hopefully not. Sending the actual data itself as an attachment or within the body of a message brings a high degree of risk. Instead, files should be stored in a secure data center and only a link to the data should be sent to the person you wish to collaborate with. That recipient uses the link to access the file while it remains safeguarded in the cloud. This way, no sensitive information is ever actually moving from one place to the next.

Furthermore, links should be randomly generated using hash-based message authentication codes.

  • Only links to files are sent = 1 point
  • Files themselves are sent = -1 point

What's Your File Backup Status?

The beauty of mobile devices is their ability to be used to collaborate from anywhere. But that anywhere feature comes back to bite us when the device is lost or stolen, along with any data stored on it.

Are your files backed up to secure data centers? And are they backed up to redundant locations and configurable with file-retention and versioning features in case of a crisis of natural or human origin?

  • All of the above backup solutions = 2 points
  • Some of the above solutions = 1 point
  • None of the above = -1 point

How Password Protected Are You?

According to one study, almost three out of every four people use duplicate passwords across multiple devices and applications. And not coincidentally, up to 40 percent of the people surveyed experienced an account breach in just a year's time.

One major flaw in living a continuously connected life is that we never really log off. We remain signed in to e-mail servers on our phones after we leave the office and check the "Keep me logged in" box on websites thinking only about our convenience.

Does your collaboration software use multifactor authentication, password expirations and lockouts, and customizable password settings?

  • All of the above password protection features = 2 points
  • Some of the above features = 1 point
  • None of the above = -1 point

Do You Have a Plan for Lost or Stolen Devices?

When you lose your wallet, you can call your credit card company to have the card deactivated. It doesn't bring your card back, but it stops anyone else from using it. Likewise, you should have a plan in place for your mobile devices.

Does your collaboration software have a remote wiping or locking feature that enables the device to freeze or make data disappear altogether? What about a file self-destruct feature that eliminates transferred files after a certain number of days?

  • All of the above remote features = 2 points
  • Some of the above features = 1 point
  • None of the above = -1 point

Who Has Permission?

Collaboration should be restricted only to select parties. Files are often shared with a general team e-mail account accessible by multiple individuals. And when this happens, the door opens for unapproved users to conduct unapproved actions.

Are you able to manage permissions and rights for select files and users? Do you have control over whether or not downloaded files can be opened outside of your collaboration software? Do you have customizable permission options such as "View Only," "Comment Only," and "Edit"?

  • All of the above permissions features = 2 points
  • Some of the above features = 1 point
  • None of the above features -1 point

What's Your "Apptitude"?

Now add up your points to measure your "apptitude" and see how safely you collaborate.

  • 10–12 points = Your enemies are at a safe distance. Great job!
  • 7–9 points = Your friends and enemies are beginning to mingle.
  • 6 or fewer points = You are directly behind enemy lines.

Technology has afforded us the ability to put communication and collaboration right in front of our eyes at a moment's notice. But it's important to remember that our enemies are often right under our noses.

Adrian Phillips leads product marketing for Citrix ShareFile and has written about a number of cybersecurity topics. His diverse career dates back to the dot-boom era, and his passion is helping customers transform the way they work by using cloud-based technologies. Adrian strives to live a paperless life in Raleigh, North Carolina, and holds a bachelor's degree in journalism.

© 2016 Adrian Phillips. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.