In response to internal demand for collaboration and sharing, companies are moving to cloud-based enterprise file synchronization and storage (EFSS) services that enable users to freely create, manage, organize, and share data within and across organizational boundaries.
Some of the biggest EFSS suppliers include Google Drive, Microsoft OneDrive, and Dropbox. But using EFSS as a service has some serious issues. Privacy and security of sensitive data is a particular challenge with the upcoming General Data Protection Regulation (GDPR) in Europe which will go in effect in May 2018. Growing ransomware attacks and directed criminal and state-sponsored cyber attacks are also on the rise. Events like Brexit or uncertainty around the Privacy Shield data exchange deal with the USA pose a legal risk for the IT admins who have to avoid storing sensitive data in certain countries.
graph from a Proofpoint threat analysis
We provide you three main points to consider when picking an EFSS solution.
Legal issues
Once you sign up for a service, who owns your data? If you pick a hosted solution, you have to accept their terms of services. The vendor has access to your data and can even block you from accessing your own data. They can be compelled to share your data with governments, gag orders forbidding them from telling you about it. And your partners or business customers‘ data are at risk too! You have to ensure you are compliant for current and future regulation, as having to migrate to another solution is rarely easy or affordable. The best way to avoid these murky waters of legal mumbo jumbo is by keeping data either in your own datacenter or at a trusted server provider based in your own country. But how do you pick a good provider that keeps you safe on the legal side?
Make sure you check:
What sensitive data might be processed and where is it currently stored
That the solution you pick enables you and your employees to act in compliance with local regulations
That you have processes in place to protect privacy and deal with problems
Security
When was the last time your file sync and storage provider informed you of a data breach? Never. There was a massive breach of Dropbox in 2012, but we didn’t know about it until 2016 and this turns out to be rather typical in the industry. Reality check: no software is immune to bugs and security breaches. When you use EFSS as a service, you can’t count on getting informed about a breach, nor might you get timely fixes or access to mitigation.
Even self-hosted solutions are at a risk there: vendors are often hostile to security researchers reporting vulnerabilities. And many invest little in security features beyond what gets them marketing attention.
A few factors to consider:
Does the vendor develop its software in a secure way? A transparent process with security reviews of new designs, code reviews and use of pen-testing tools all help avoid bugs in the process of writing code.
Have these processes been verified by an independent third party? It is worth downloading a report and flipping through it and checking what the conclusions were.
Is there a public Security Bug Bounty program with relevant payouts? On security platforms like HackerOne, you can easily check statistics of responsivity and payments, giving you an idea of how serious a vendor takes security.
How is their security track record? Security mistakes are rarely heavily advertised but you can often find reports by independent researchers complaining their findings were not taken seriously. Or you find issues mentioned and discussed on prominent security lists like the famous Full Disclosure list. A search in the archives can be enlightening!
And a final point: encryption is great. Modern encryption ciphers are rarely broken. Instead, crypto is bypassed! Amazon’s Kindle and Samsung Galaxy protections were bypassed by replacing the key or remove the signature checking code. Bad development practices and a lack of security reviews isn’t fixed with encryption!
I love crypto, it tells me what part of the system not to bother attacking
— Drew Gross, forensic scientist
Future
The market changes quickly and you will need a solution that changes with it. Today you need to share and collaborate. Next year you need to give presentations or have video calls. And you need all this integrated into your infrastructure, in a way you can control.
A simple checklist:
How well can this solution be integrated into our current infrastructure? Does it support our user directory & authentication, existing storage solutions, monitoring and security processes, auditing and compliance checks?
Can this solution grow with us? Will it allow us to open an office in another country or even continent and will we be able to keep our processes and sharing working within the legal boundaries, like keeping data localized?
Can I easily move from one vendor to another? This is relevant not just for your files but also the associated metadata: comments, older versions, sharing information and so on.
Does the vendor have a healthy development process and are new capabilities that we might need in the future being developed? The world changes and while vendors sometimes excuse little investment in development with “focus on stability”, being a customer of a company that is merely ‘milking’ its customer base is no fun. You’ll end up with a solution that won’t meet your needs, forcing you into a costly migration.
Conclusion
All three focus issues have something in common: transparency of the vendor helps you as a customer. Having access to the code you run on your own or rented servers; being able to see security processes take place in real life; being able to see and perhaps even participate in development. These three factors are how Open Source solutions uniquely help you with legal and security issues and prepare you for the future.
And while there are many prominent Open Source Enterprise File Sync and Share solutions, one stands out. Started by the visionary founder of ownCloud, together with a large team of experienced engineers, Nextcloud is taking the EFSS market by storm.
In the year since its founding, it has established itself as the leading solution for companies looking for a first class security and scalability in a self-hosted technology that facilitates sharing and collaboration. And the large ecosystem of partners and contributors around Nextcloud has developed over 80 applications adding features and capabilities, from authentication and external storage mechanisms to online collaboration and infrastructure integrations.
Picking the right EFSS vendor is not an easy feat. Focus on your legal needs and pick a vendor with a healthy development and strong security expertise to ensure you won’t end up on the list of companies hit by data leaks. Pick a winner that keeps your data safe!
Nextcloud ist die erste Cloud-Plattform, die mit dem Umweltzeichen „Blauer Engel“ ausgezeichnet wurde und damit beweist, dass eine digital souveräne und grüne IT möglich ist.
Wir stellen Nextcloud Talk „Munich“ vor - eine digital souveräne Open-Source-Kommunikationsplattform für hybride Teams, die eine starke Antwort auf die Clouds von Big Tech bietet. Jetzt noch resilienter, leistungsfähiger und einfacher in der Anwendung. Erfahren Sie mehr.
Willkommen bei Nextcloud Hub 10. Die neueste Version der Plattform bietet eine besserte Leistung für alle Apps, besser Integration Plattform und Dutzende neuer Funktionen, die Ihnen den Alltag erleichtern werden.
Unternehmen, ob klein oder groß, brauchen eine Möglichkeit, die Ausfallsicherheit und digitale Souveränität ihrer Abläufe zu gewährleisten - eine Open-Source-Alternative zu Teams, die die Privatsphäre respektiert. Und heute stellen wir diese Lösung vor - Nextcloud Talk.
Bechtle und Nextcloud kündigen heute eine vollständig verwaltete Kollaborationsplattform für den öffentlichen Sektor an, die keiner Ausschreibung bedarf und sofort bereitgestellt werden kann.
Our mission is to help individuals, businesses and organizations achieve digital sovereignty and regain control over their data. Nextcloud Hub 5 marks a massive step forward towards achieving this mission, putting the power of AI into your hands – in a way that keeps you in control. New release, new possibilities Hub 5 builds on […]
Almost seven years ago, in October 2018, our CEO and founder Frank Kartlitschek used the € 20,000 from winning the prestigious Reinhard von Koenig award to launch a brand new initiative: “Nextcloud Include.” As an open source diversity project, Nextcloud Include addresses the needs of underrepresented groups to join the Nextcloud project. By building an […]
Anfang 2025 begannen US-Hyperscaler, in einer großen PR-Kampagne neue „souveräne Cloud“-Angebote in Europa zu bewerben. In den letzten Wochen ist ihr Narrativ jedoch in sich zusammengebrochen. Es sind nicht die Kritiker, die die Widersprüche aufdecken – die Technologieunternehmen selbst haben zugegeben, dass ihre „souveränen” Versprechen heiße Luft sind.
Passionate about data privacy and Nextcloud? We invite you speak at the Nextcloud Community Conference to share your experience, knowledge and news with the community!
Wir speichern einige Cookies, um Besucher zu zählen und die Nutzung der Website zu erleichtern. Diese verlassen unseren Server nicht und dienen nicht der Verfolgung Ihrer online-Aktivitäten.
Weitere Informationen hierzu finden Sie in unserer Datenschutzrichtlinie. Anpassen
Statistik-Cookies sammeln anonym Informationen und helfen uns zu verstehen, wie unsere Besucher unsere Website nutzen. Wir verwenden cloud-gehostetes Matomo
Dienst:Matomo
Cookie-Beschreibung:
_pk_ses*: Zählt den ersten Besuch des Benutzers
_pk_id*: Hilft, die Besuche nicht doppelt zu zählen.
mtm_cookie_consent: Erinnert daran, dass der Nutzer seine Zustimmung zur Speicherung und Verwendung von Cookies gegeben hat.
Cookie-Ablauf:_pk_ses*: 30 Minuten
_pk_id*: 28 Tage
mtm_cookie_consent: 30 Tage