Originally published at: https://nextcloud.com/blog/why-enterprises-need-a-layered-approach-to-security/
A major challenge enterprises face today is balancing security of data with productivity and convenience.
Using a public cloud solution like Dropbox or Google Drive means easy online collaboration and syncing of data but also exposure to legal and security issues. Using a heavily secured, locally encrypted TrueCrypt file to keep files means no sharing and co-editing and your employees will end up sending those sensitive files to each other over insecure email to get work done.
While there are products out there that offer partial solutions, none is satisfying. A full end-to-end encrypted technology protects your data but limits the use of the web interface and collaboration. Encryption on the server doesn’t protect you when the server is compromised. Some companies resort to using multiple distinct cloud solutions and hoping employees make no mistakes in choosing the right solution for each piece of data. Cue data leaks.
This is what your business needsLet's quickly go over the key capabilities your business needs in their Enterprise File Sync and Share solution.
1. A file sync and share solution that is convenient and easy
Only that way can it be secure! You must ensure users can’t pick an insecure password and you must ensure neither security nor data safety are compromised when they forget it.
2. That allows your employees to share and collaborate with othersYour employees need to collaborate with others in and outside your organization. If you don't ease collaboration, they will work around your restrictions by email or using Dropbox.
3. That keeps data secure but accessible in a balanced waySome files require utmost security (think GDPR or theft!). Other data should perhaps not be on the streets but accessibility and collaboration matter more.
4. Integrated in your infrastructureYou have a FTP drop site for suppliers. A SharePoint for collaboration. A Network Drive for user files. It should all work together.
A real enterprise solution thus has to offer a foolproof, flexible, easy to use solution that integrates in existing user directories and file storage technologies, offering a range of protection features so system administrators can pick the right protection for any kind of data.
This is NextcloudNextcloud offers a supremely easy to use, well-integrated file sync and share solution with a uniquely layered approach to security. Together with the support for nearly any storage technology, it features server-side encryption and offers the ability to employ end-to-end encryption for a subset of user files. Rather than making it an either-or choice, your business can rely on utmost security where it is needed but keep collaborative online document editing and full-text search on the server over the rest of the stored data.
Users can access data on a FTP drive shared with another company; data on a Sharepoint can be accessed easily but our File Access Control ensures no data can be accessed from outside a series of approved IP addresses while data stored on an external object storage could be encrypted using server-side encryption so the storage provider has no way to compromise their security. Meanwhile, files from the HR department are always enforced to be end-to-end encrypted on their clients, protecting their files from even the worst case of a full server breach.
Uniquely enterprise readyAnd this End-to-end Encryption solution is designed to be enterprise-ready, not relying on users to be perfect in handling technology. How would you run your business if you'd lose data any time a user forgets a password? Would it be even remotely acceptable to lose access to all data from an employee when they leave? And yes, you get audited, so you need your IT team to be in full control and have the ability to show who did what, when. All that without compromising security by leaking data to the server! The Nextcloud solution offers uniquely easy sharing, negating the use of passwords using sophisticated key management, secured by our Cryptographic Identity Protection. It makes password recovery for users easy yet secure and allows for an offline recovery key to be used in the situation where users leave the company or lose all their devices and backup password. Last but not least, it is unique in supporting a Hardware Security Module!
The layered approach to security makes sure users have the maximum amount of productivity in their web interface while making sure sensitive data receives the ultimate protection, client-to-client. Keeping it all in a single solution simplifies management and avoids mistakes from users or IT departments that might cause costly data leaks.
Learn more on our security page and see our end-to-end, client-side encryption feature explained.