Bring enterprise data back under control with Nextcloud

Originally published at: https://nextcloud.com/blog/bring-enterprise-data-back-under-control-with-nextcloud/

What is the GDPR?
The General Data Protection Regulation is a European regulation which aims at harmonizing and reshaping the way organizations handle personal data. Any information related to a natural person must be stored with the consent of the data subject in a secure place under the control of the company processing the data, so that the company can ensure the privacy of its customers. Fines are significant. Merely not having clear records on how data is han- dled and where it is can incur fines of up to 2 % of annual global turnover, with fines for clear violations going up to 4 % or EUR 20 million, whichever is greater.

Soon, the General Data Protection Regulation goes into effect in Europe. This law makes your company liable for any deviations from an extremely high data security standard: even ‘leaking’ email addresses of people on your email list is an offense with an associated fine. Any business-to-consumer company, but also many B2B enterprises will have to ensure they have their data under control.

Do I know where data is?

If you're responsible for the IT in your company, you have to ask yourself: how certain am I that my employees keep company data in places where I can see, protect and control it? How often do they email documents with customer's personal data (if only name or email address...) around? Or even share them via consumer file sync and share like Dropbox or Google Drive? While this used to be tolerated, it will not be considered acceptable anymore. Everybody is feeling the shift: Austrian lawyer Max Schrems, famous for getting the Safe Harbor agreement with the USA thrown out by suing Facebook, recently co-founded noyb. None of Your Business is an effort to built a legal fund to sue companies into compliance with GDPR, something explicitly encouraged by the legislation. Organizations like noyb will force a reckoning in the IT industry: get reliable compliance in order or get sued!
Your browser does not support the video tag.
The main issue is a lack of alignment between business and compliance goals. As the person responsible for IT, you are judged on compliance and costs. But most employees in your company are evaluated on productivity! If you start limiting the size of attachments and use old-fashioned Windows Network Drive with its tight access permissions that are always one step behind reality, you're fighting your entire workforce. And people will use their private Gmail or Dropbox account to email urgent attachments around and get work done... The rules you set are nothing if they don't result in actual compliance.

There is only one thing to do: making sure that compliance goes alongside with productivity.

How your problem is solved

This is where a private Enterprise File Sync and Share solution comes in!

Data storage: remove the threat of Dropbox

You already have a Windows Network Drive or a NFS server? A SharePoint perhaps? Excellent. Keep them and provide easy file sync and share on top with Nextcloud! Your employees will have a solution that is as easy as the consumer technologies they are used to from Google, Apple and Dropbox, complete with mobile and desktop clients. And you have powerful tools to keep the data under control!

Learn about the Nextcloud Storage technology and what tools we offer to control file access.

Direct collaboration

Of course, employees can send documents-v4_reviewed_jan3-2-final-final.docx around but that isn't really the best way of keeping track, nor of collaborating on anything. Realtime, collaborative online document editing is the most productive way to go and Nextcloud offers this in partnership with Collabora Online.

Learn about Collabora Online in Nextcloud.

[caption id=“attachment_1148” align=“alignright” width=“300”] Calendars can be synced as well[/caption]

Outlook integration: keep data in sight!

Email is still the backbone of the work force. But it is quite an old technology. Especially email attachments tend to be the bane of IT administrators trying to keep storage from ballooning and data from leaving company premises. Nextcloud offers Outlook integration which can automatically replace attachments with links to the internal storage system, allowing policies to remain in effect!

Learn about Nextcloud Outlook Integration.

Modern communication tools

On top of tools like email and file share, audio/video calls and chat are quickly becoming more popular tools to enable and advance productivity and communication. Nextcloud features built-in capabilities for secure calls and text communication!

Learn more about audio/video calls in Nextcloud.

Easy to manage

Perhaps the biggest question should be: can this new technology be integrated into my current infrastructure? The answer is: yes. Nextcloud offers user directory integration, external storage and many other points-of-contact between your existing tools and processes and the compliant future.

Learn about user management and Active Directory integration in Nextcloud.

[caption id=“attachment_3131” align=“alignright” width=“266”] Nextcloud uses an advanced crypto model for end-to-end security[/caption]

Secure

For Nextcloud customers, security tends to be the primary concern. We thus have done what we can to ensure develop features that keep data safe using secure development processes and extensive internal and external reviews. In addition to in-transit and server-side encryption, our unique end-to-end encryption solution allows administrators to ensure the utmost protection for a subset of data from even a full server breach.

Learn about security in Nextcloud and our unique end-to-end encryption technology. See also our earlier post about why enterprises need a layered approach to security.

Conclusion

Nextcloud offers a set of tools which integrates into your existing infrastructure and offers control and compliance without requiring costly migrations or constant manual policy enforcement and surveillance of your users. Find out more and take your first steps towards security for both you and your business today! Contact us now.

Not to sound naive, but can someone please elaborate on how Dropbox specifically is a threat? This is a real question. I’ve been hearing statements being made to this effect lately, specifically targeting Dropbox in the context of being a threat to security, but I’m having a hard time understanding how Dropbox is a threat. At least it’s no more of a threat than other similar technologies such as Google Drive or Microsoft OneDrive right? Am I missing something?

To ask another way, if Nextcloud solves security and compliance problems by being self hosted, then why are we singling out Dropbox?

1 Like

I understand Dropbox as an example for all the other variants of online storage that is provided by the known big companies.
I see these services as a threat because these companies are driven by financial profit yet offer the service for free. Yes sure, there are ads on the web site.

However, we have no guarantees that our files are not scanned or looked through to sell some private information about us (to have better/ more personalized ads).

But to be fair: it doesn’t need to be the company who is leaking private data to third parties, it can also be an admin going wild. And at that point I see the same risk with Nextcloud when it’s hosted by anybody else but yourself.

2 Likes

Well some considerations: If I am not wrong Dropbox clients runs on software that you download and is distributed as binary. You run as superuser to install these clients. That is, verbatim, the definition of a treat. Not only you compromise your identity, the files you post on the service itself but your whole workstation. Is more than probable that they are not exploiting this privilege, but you need to believe someone out of your jurisdiction. Is not exactly a safety feature.
https://opensource.dropbox.com shows the project they use, nothing else.

Then, the argument about the business model made before, that is relevant as well.
Nextcloud, being open source can be auctioned by a third party (and a nth) not to be a spyware or a backdoor.

1 Like

Thanks for the discussion. I agree that when referring to Dropbox, it’s probably implied to mean all third party hosting file sync services. We just use Dropbox as the example since it’s one of the most popular, kind of like saying Kleenex or White-out.

Another security risk I’ve come across with Dropbox specifically is that because it’s so common, it’s easier to use in phishing email campaigns because users are more likely to click on links since they recognize the name, although the file may be malicious. I’ve heard of companies blocking access to Dropbox altogether, but I don’t think that’s much of a solution.

In a nutshell, the security threat Dropbox or others pose comes down to trust. Can we trust them to store our data and run privileged software on our clients? Let’s say hypothetically I trusted Dropbox with my data, what other security concerns might there be to using Dropbox?

1 Like

Again not specifically Dropbox, but you depend on their reliability when it comes to software updates, specifically security updates. Not sure how quick they usually are, but I see this as a risk as well. Especially because I come to believe that a major player like Dropbox is likely to be under constant attack and delaying the update of some important security fixes may have instant consequences. Dropbox with thousands of users and lots of private data is just a great target.

1 Like

That’s another point I was thinking about, that Dropbox is very large and therefore they are a much bigger target. Nextcloud solves privacy concerns when you self host, and it is a much smaller target.
I’ve heard the argument that we should move away from Dropbox and instead use a Board Portal (http://boardvantage.com/board-portal). This neither solves the privacy concern or the attack surface concern. Can you see any other security benefits to using a “board portal” type solution compared to Nextcloud? I realize that is a different type of software, but I’m kind of just thinking out loud.

1 Like

Dropbox, is well known as a brand. Its like saying Hoover when you mean Vacuum Cleaner. But like many other such services it is hosted in cloud infrastructure specifically located in the United States, and depending on your location that may not meet your compliance requirements, or you may believe it means that dropbox is compromised by the United States security services. Nextcloud can be hosted entirely privately, on servers you choose, with security levels you specify, in the geographic location you specify to meet your requirements.

1 Like

Dropbox, Box.com, Google Drive, iDrive, etc. all specify in their Terms and
Conditions that by using their services, you surrender your data to them.

For example, in the Google Terms of Service “you give Google (and those we
work with) a worldwide license to use, host, store, reproduce, modify,
create derivative works (such as those resulting from translations,
adaptations or other changes we make so that your content works better with
our Services), communicate, publish, publicly perform, publicly display and
distribute such content.”.

If that doesn’t scare you, nothing will. To paraphrase nuxnix’s earlier
response, NextCloud is hosted privately on servers of your choice. If you
are concerned about privacy or security, your decision should be easy to
make.

4 Likes

Others have made the point, esp @AbriaCloud_Manager: if your employees are sharing data via their private (or corporate…) Dropbox accounts, you have lost all control.

  • First of all because you can’t limit who has access to the files - if they email public sharing links around - you’re toast. Emails are unencrypted! With Nextcloud, you could still use tools like File Access Control to ensure IP address ranges outside your company don’t get access to certain files. Key here is: Administrators are no longer in control. Employees are. This is a huge legal liability, even IF the employees would NEVER break company policy and always act 100% responsible with regards to security (like picking strong passwords…)
  • Even if you’d manage to stay on top of those files, you just let the data out of Europe, to a server which can be anywhere. And the government of ‘anywhere’ gets access to it under laws of that country. Are data centers in China cheaper for Dropbox? Great, the Chinese government just got access to your data. Will Dropbox ever admit that? No, of course not, but it happens.
  • While I’m sure the Dropbox security team is very very good, everything gets hacked, if only by employees or through phising. And they won’t tell you if they got breached, if behavior of other big US companies are any indication. So not only is your data is at risk from countless threats, YOU WON’T KNOW IT WHEN IT GOT STOLEN. So you can’t take action.

There’s plenty more reasons but I suppose these are pretty important. I could write a blog about that, I suppose :wink:

What do you think, should I?

2 Likes

Thanks for elaborating! It would be awesome if you wrote a blog about this topic, I would really appreciate it!

1 Like

Server side control is well done with nextcloud server for me the issue is now on the user side.

First Task
You talk about network shares, yes it would be awesome to remove network shares with nextcloud but therefore the sync client need some improvements like a VFS. When the sync client do everything in the background and the users don’t have to care about “anything” like at windows shares than we are one step closer.

Second task would be to lock files like you have it now on network shares. I know this is an issue when you work real offline but when you work online and your colleque work also online it would be nice if nextcloud could lock the file.

Third task would be that we have now an crypted server a crypted conntection with the sync client and than everything is stored on the local disk. It would be awesome to have something like kde show with vault. An integrated encrypted folder. The benefit would be that with the encrypted folder you may be more indepandant from the used file system and you can solve the VFS and the 4rd point easier.

The 4rd issue is that the awesome stuff like trash AND version management is only available in the webbrowser. Have the version management available on the hard disk it would be awesome.

True on all accounts, those would be great improvements. Any ideas on how to make them happen?

Your second point is partially covered here:

Good news. Marie Gutbub wrote a nice guest piece for our blog:

Should answer your questions :wink:

Let me know what you think!

Thanks! I think that makes it easy to understand the main points about why public clouds may not be a good place to store data.

1 Like