Bring enterprise data back under control with Nextcloud

What is the GDPR?
The General Data Protection Regulation is a European regulation which aims at harmonizing and reshaping the way organizations handle personal data. Any information related to a natural person must be stored with the consent of the data subject in a secure place under the control of the company processing the data, so that the company can ensure the privacy of its customers. Fines are significant. Merely not having clear records on how data is han- dled and where it is can incur fines of up to 2 % of annual global turnover, with fines for clear violations going up to 4 % or EUR 20 million, whichever is greater.

Soon, the General Data Protection Regulation goes into effect in Europe. This law makes your company liable for any deviations from an extremely high data security standard: even ‘leaking’ email addresses of people on your email list is an offense with an associated fine. Any business-to-consumer company, but also many B2B enterprises will have to ensure they have their data under control.

Do I know where company data is?

If you’re responsible for the IT in your company, you have to ask yourself: how certain am I that my employees keep company data in places where I can see, protect and control it? How often do they email documents with customer’s personal data (if only name or email address…) around? Or even share them via consumer file sync and share like Dropbox or Google Drive?
While this used to be tolerated, it will not be considered acceptable anymore. Everybody is feeling the shift: Austrian lawyer Max Schrems, famous for getting the Safe Harbor agreement with the USA thrown out by suing Facebook, recently co-founded noyb. None of Your Business is an effort to built a legal fund to sue companies into compliance with GDPR, something explicitly encouraged by the legislation. Organizations like noyb will force a reckoning in the IT industry: get reliable compliance in order or get sued!

The main issue is a lack of alignment between business and compliance goals. As the person responsible for IT, you are judged on compliance and costs. But most employees in your company are evaluated on productivity! If you start limiting the size of attachments and use old-fashioned Windows Network Drive with its tight access permissions that are always one step behind reality, you’re fighting your entire workforce. And people will use their private Gmail or Dropbox account to email urgent attachments around and get work done… The rules you set are nothing if they don’t result in actual compliance.

There is only one thing to do: making sure that compliance goes alongside with productivity.

How your problem is solved

This is where a private Enterprise File Sync and Share solution comes in!

Data storage: remove the threat of Dropbox

You already have a Windows Network Drive or a NFS server? A SharePoint perhaps? Excellent. Keep them and provide easy file sync and share on top with Nextcloud! Your employees will have a solution that is as easy as the consumer technologies they are used to from Google, Apple and Dropbox, complete with mobile and desktop clients. And you have powerful tools to keep the data under control!

Learn about the Nextcloud Storage technology and what tools we offer to control file access.

Direct collaboration

Of course, employees can send documents-v4_reviewed_jan3-2-final-final.docx around but that isn’t really the best way of keeping track, nor of collaborating on anything. Realtime, collaborative online document editing is the most productive way to go and Nextcloud offers this in partnership with Collabora Online.

Learn about Collabora Online in Nextcloud.

Calendars can be synced as well

Outlook integration: keep data in sight!

Email is still the backbone of the work force. But it is quite an old technology. Especially email attachments tend to be the bane of IT administrators trying to keep storage from ballooning and data from leaving company premises. Nextcloud offers Outlook integration which can automatically replace attachments with links to the internal storage system, allowing policies to remain in effect!

Learn about Nextcloud Outlook Integration.

Modern communication tools

On top of tools like email and file share, audio/video calls and chat are quickly becoming more popular tools to enable and advance productivity and communication. Nextcloud features built-in capabilities for secure calls and text communication!

Learn more about audio/video calls in Nextcloud.

Easy to manage

Perhaps the biggest question should be: can this new technology be integrated into my current infrastructure? The answer is: yes. Nextcloud offers user directory integration, external storage and many other points-of-contact between your existing tools and processes and the compliant future.

Learn about user management and Active Directory integration in Nextcloud.

Nextcloud uses an advanced crypto model for end-to-end security

Secure

For Nextcloud customers, security tends to be the primary concern. We thus have done what we can to ensure develop features that keep data safe using secure development processes and extensive internal and external reviews. In addition to in-transit and server-side encryption, our unique end-to-end encryption solution allows administrators to ensure the utmost protection for a subset of data from even a full server breach.

Learn about security in Nextcloud and our unique end-to-end encryption technology. See also our earlier post about why enterprises need a layered approach to security.

Nextcloud integrates into your existing infrastructure: better control, better compliance

Nextcloud offers a set of tools which integrates into your existing infrastructure and offers control and compliance without requiring costly migrations or constant manual policy enforcement and surveillance of your users. Find out more and take your first steps towards security for both you and your business today! Contact us now.

Notable Replies

  1. Not to sound naive, but can someone please elaborate on how Dropbox specifically is a threat? This is a real question. I’ve been hearing statements being made to this effect lately, specifically targeting Dropbox in the context of being a threat to security, but I’m having a hard time understanding how Dropbox is a threat. At least it’s no more of a threat than other similar technologies such as Google Drive or Microsoft OneDrive right? Am I missing something?

    To ask another way, if Nextcloud solves security and compliance problems by being self hosted, then why are we singling out Dropbox?

  2. Schmu says:

    I understand Dropbox as an example for all the other variants of online storage that is provided by the known big companies.
    I see these services as a threat because these companies are driven by financial profit yet offer the service for free. Yes sure, there are ads on the web site.

    However, we have no guarantees that our files are not scanned or looked through to sell some private information about us (to have better/ more personalized ads).

    But to be fair: it doesn’t need to be the company who is leaking private data to third parties, it can also be an admin going wild. And at that point I see the same risk with Nextcloud when it’s hosted by anybody else but yourself.

  3. fredd says:

    Well some considerations: If I am not wrong Dropbox clients runs on software that you download and is distributed as binary. You run as superuser to install these clients. That is, verbatim, the definition of a treat. Not only you compromise your identity, the files you post on the service itself but your whole workstation. Is more than probable that they are not exploiting this privilege, but you need to believe someone out of your jurisdiction. Is not exactly a safety feature.
    https://opensource.dropbox.com shows the project they use, nothing else.

    Then, the argument about the business model made before, that is relevant as well.
    Nextcloud, being open source can be auctioned by a third party (and a nth) not to be a spyware or a backdoor.

  4. Thanks for the discussion. I agree that when referring to Dropbox, it’s probably implied to mean all third party hosting file sync services. We just use Dropbox as the example since it’s one of the most popular, kind of like saying Kleenex or White-out.

    Another security risk I’ve come across with Dropbox specifically is that because it’s so common, it’s easier to use in phishing email campaigns because users are more likely to click on links since they recognize the name, although the file may be malicious. I’ve heard of companies blocking access to Dropbox altogether, but I don’t think that’s much of a solution.

    In a nutshell, the security threat Dropbox or others pose comes down to trust. Can we trust them to store our data and run privileged software on our clients? Let’s say hypothetically I trusted Dropbox with my data, what other security concerns might there be to using Dropbox?

  5. Schmu says:

    Again not specifically Dropbox, but you depend on their reliability when it comes to software updates, specifically security updates. Not sure how quick they usually are, but I see this as a risk as well. Especially because I come to believe that a major player like Dropbox is likely to be under constant attack and delaying the update of some important security fixes may have instant consequences. Dropbox with thousands of users and lots of private data is just a great target.

  6. That’s another point I was thinking about, that Dropbox is very large and therefore they are a much bigger target. Nextcloud solves privacy concerns when you self host, and it is a much smaller target.
    I’ve heard the argument that we should move away from Dropbox and instead use a Board Portal (http://boardvantage.com/board-portal). This neither solves the privacy concern or the attack surface concern. Can you see any other security benefits to using a “board portal” type solution compared to Nextcloud? I realize that is a different type of software, but I’m kind of just thinking out loud.

  7. nuxnix says:

    Dropbox, is well known as a brand. Its like saying Hoover when you mean Vacuum Cleaner. But like many other such services it is hosted in cloud infrastructure specifically located in the United States, and depending on your location that may not meet your compliance requirements, or you may believe it means that dropbox is compromised by the United States security services. Nextcloud can be hosted entirely privately, on servers you choose, with security levels you specify, in the geographic location you specify to meet your requirements.

  8. Dropbox, Box.com, Google Drive, iDrive, etc. all specify in their Terms and
    Conditions that by using their services, you surrender your data to them.

    For example, in the Google Terms of Service “you give Google (and those we
    work with) a worldwide license to use, host, store, reproduce, modify,
    create derivative works (such as those resulting from translations,
    adaptations or other changes we make so that your content works better with
    our Services), communicate, publish, publicly perform, publicly display and
    distribute such content.”.

    If that doesn’t scare you, nothing will. To paraphrase nuxnix’s earlier
    response, NextCloud is hosted privately on servers of your choice. If you
    are concerned about privacy or security, your decision should be easy to
    make.

  9. Thanks for elaborating! It would be awesome if you wrote a blog about this topic, I would really appreciate it!

  10. Thanks! I think that makes it easy to understand the main points about why public clouds may not be a good place to store data.

Continue the discussion The Nextcloud forums

5 more replies

Participants