October 27, 2016

    4 Crucial Steps in Creating Controlled Data Sharing Policies

    It’s no secret that ensuring the security of any company’s data should be a top priority. Yet, many businesses still don’t have the proper data sharing policies in place. Does your organization understand how to develop a controlled policy to protect valuable information and avoid putting your business at risk?

    Whether your workflows involve sharing data internally or with outside clients and vendors, knowing how to control this flow of information is an absolute necessity. Take our quiz to find out if you’re practicing secure procedures to protect your company’s critical data. And follow these four steps to create a controlled data sharing policy that keeps your assets safe from harm.

    1. Encrypt Access Across All Protocols

    Encryption accomplishes the following two objectives that are paramount to data security within your organization:

    This first step in the development of a strong data sharing policy can be easily implemented with an FTP hosting solution like FTP Today, which enables you to encrypt data both at rest and in transit. Regardless of how users are interacting with that data, you can rest assured that the information is secure. Only the sender and the recipient can access the data, even if the file is intercepted by a third party.

    Your FTP hosting plan should feature encrypted logins and data channels, including:

    • FTPeS (Explicit SSL encryption)
    • FTPS (Implicit SSL encryption)
    • SFTP (SSH encryption)
    • SCP (SSH encryption)
    • HTTPS (SSL encryption)

    2. Identify User Access Capabilities

    There are many upsides to being able to store and share digital information, but one downside is the ease with which data can be manipulated -- whether maliciously or as a result of human error. That’s why your company’s data sharing policy should have explicit parameters for user access.

    Unfortunately, setting these controls on a granular level is not typically possible with consumer-grade data sharing solutions. If you’re relying on this type of technology to transfer information within or outside of your company, you’re probably forced to apply broad access permissions that do not enable you to fully control your sensitive data.

    To avoid jeopardizing the security of your data, you must be able to password-protect and control access on an individual level rather than a company-wide one. This includes setting read and write permissions for specific people in specific departments or categories of the business. With the right FTP provider, safeguarding your information in this way is possible.

    TAKE THE QUIZ: Is your current SFTP provider putting your business at serious risk? Find out now.

    3. Restrict Global Access by Country

    This next step is about eliminating the risk of unwanted visitors on a global scale. Even (or especially) if you have users around the world, it is essential to be vigilant with your data, maintaining tight control over who is accessing it and from where.

    With FTP technology from a provider like FTP Today, you have the power to limit access by country using their highly accurate, professional geo-IP database. As a result, you allow authorized users to obtain their necessary information while denying access to potentially dangerous entities. You select the countries you wish to accept, and the rest are blocked.

    4. Set Folder Visibility & Writing Capabilities

    Defining folder visibility and writing capabilities enables you to both restrict information from anyone whose job does not require access to the data and protect that data from human involvement and/or error.

    Visibility of data should be classified based on the sensitivity of that data, and only granted to those individuals specifically designated to access it. Writing capabilities should be controlled on an individual basis as well.

    Be aware, though, that most FTP hosts use operating system permissions that are limited to read and write only. In this case, if you allow a user to upload, you must also allow them to delete. With FTP Today, however, you can choose any of four distinct permissions for each user within each workspace.

    • Upload – allows copying files to the FTP server from their local file system
    • Download – allows copying files from the FTP server to their local file system
    • Delete – allows deleting files from the FTP server
    • List – allows directory listing

    Ultimately, having a clear, controlled data sharing policy is the best way to securely manage how employees and external entities access, share and use your business’s data. As with any company policy, it should be reviewed on a regular basis and updated according to the most current needs and capabilities.

    What other elements do you think should be included in a company’s controlled data sharing policy? Add your input below, and don't forget to take our short quiz to determine if you’re practicing secure procedures with your data.


    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts