Balancing collaboration: Managing the risk of file sharing
Modern productivity suites like Microsoft 365 and Google Workspace have transformed the way organizations collaborate. These tools enable agile, efficient teamwork, but they also introduce significant risks, especially when it comes to file sharing.
Modern productivity suites like Microsoft 365 and Google Workspace have revolutionized the way organizations work. In fact, today businesses are building their competitive advantage around the speedy, agile collaboration enabled by these kinds of tools. But we all know these tools come with some pretty challenging risks.
Once a file has been shared, directly or via a link, it’s tough to see (much less control or limit) what happens from there. That challenge is magnified by the fact that, for CISOs and security teams, shutting down or even impeding this kind of file-sharing would contribute to their reputation as the department of “no.”
Friction-free file-sharing — with internal users, external partners and even sharing with yourself (i.e., sharing company documents with a personal email) — has become an essential part of day-to-day productivity. In fact, it’s not just documents shared through tools like MS365 and Google Workspace — essential apps like Salesforce and GitHub also allow easy information sharing. Security leaders know they need to find paths to enabling, not inhibiting.
Cobbling together file-sharing visibility
In my time as a CISO, I was frustrated by the lack of tools available that could give me the visibility I needed. Not to stop file-sharing, but to just see it and manage the associated risks. And I know from my conversations with my colleagues that my peers and their teams struggled with this issue, too.
I had a hunch that many risky file-sharing incidents center on “oops” actions like unintentional sharing and misconfiguration of sharing permissions.
Another file-sharing risk that kept me up at night was sharing that’s gone dormant or outlived its business utility. For example, imagine you share a document with a third-party vendor. Weeks, months or years later, you no longer do business with that organization, but they still have access to that file or information — including any new information that’s been added as the file evolves over time. Whether it’s a product design file, a sales or marketing strategy document, or sensitive customer information or company financial data, you can see why this is a scary scenario.
At best, finding these “oops” shares and dormant shares required me (or my team) to dive deep into each specific collaboration tool, one by one. Even with that extra effort, the functionalities within each tool were not built with security operators in mind.
As plenty of you reading this know, finding risky file-sharing is like searching for a needle in a haystack.
Oleria delivers broad, deep, actionable visibility on file-sharing risk
At Oleria, we’re making it fast and easy to gain visibility into file-sharing across your IT estate. We’ve built functionalities on top of the Oleria’s Trustfusion Platform that allow organizations to have broad visibility to all the documents or other data shared with external entities, across all their collaboration tools and apps, all in one place.
And that centralized breadth comes with the meaningful depth that security teams need to answer the essential questions around file-sharing risk: who has access to what, how they gained that access (whether it's through anonymous sharing links or documents shared directly via email), and what they’re doing with it (including how long it’s been since they last accessed the file).
Focused insights for managing sharing at scale
Raw visibility is the first step. But we will also provide functionality to help you see the most glaring risks and low-hanging fruit around file-sharing, so you can close off those open file-sharing doors.
What’s our vision for managing sharing at scale? We’re making it easy to perform common remediation tasks such as removing all shares of a sensitive file, disabling long-running anonymous sharing links, or to revoking access for specific domain names — all with a few clicks. For instance, in that scenario where you no longer do business with an external entity, you can shut down all shared documents with that entity. This purpose-built functionality is what CISOs need to balance the business risk and business value of enterprise file sharing and collaboration.
The best part, to me, is that most of the file-sharing risks you’ll find with Oleria will have zero impact on productivity and collaboration. We’re helping you home in on the riskiest situations where files were mistakenly shared with the wrong individuals, mistakenly shared anonymously, permissions were misconfigured, or shares are no longer necessary.
Instead of having to choose between shutting down sharing or turning a blind eye to its risks, these kinds of capabilities enable CISOs and their security teams to be the heroes of productivity and collaboration — saying “yes” and removing barriers and friction, while still keeping the business protected.
Interested in learning more? Schedule a demo today and see how Oleria provides full clarity and control of your access.