Secure File Sharing: A Guide to Securely Sharing Sensitive Data

Files and folders in the cloud

Regardless of your industry, every organization creates, handles, stores, and shares sensitive data in order to keep the business running. Sensitive data ranges from personally identifiable information (PII)—such as social security numbers—and health records to company financials and intellectual property. Sharing this data is a major driving force for innovation and growth.

Why Does Sending Files Securely Matter?

When you need to share sensitive files with colleagues, third-party collaborators, or regulatory bodies, you have a few options. But that list quickly narrows if you need to share the files online and with minimal friction. Most organizations turn to cloud-based solutions to share files containing sensitive data…

  • 60% use online file storage systems like Google Drive, Dropbox, and iCloud.
  • 51% of organizations also share data via email.

Using cloud-based solutions—such as Gmail and Google Drive— provides organizations with a great way to share data, however, the security of these methods must be considered before organizations use them to store and share their sensitive files.

Sensitive Data Must be Secured

Gartner predicts that 50% of mid to large-sized organizations will use a content collaboaration platform (CCP) for file-based collaboration by 2022. As growth fuels competition, CCP vendors are introducing multi-device support and advanced sharing workflows that extend files even further beyond the organization’s control.

As the use of CCPs and file sharing accelerates, organizations need more control to maintain privacy and compliance. In the past year alone, organizations saw a 53% increase in the volume of files containing sensitive data shared via the cloud.

File Security Challenges

Keeping documents secure while supporting internal and external sharing is a balancing act and 63% of organizations indicate that existing file-sharing capabilities aren’t secure enough. One of the main challenges is that it is hard to keep track of what happens to a file after it is shared. For example, Google Drive uses Transport Layer Security (TLS) to protect data in motion and prevent eavesdropping and tampering. TLS secures the communication pathway that allows you to create, edit, and share documents in Drive.

While helpful as a baseline security measure, TLS doesn’t protect the data itself, only the communication channel, so you don’t get persistent protection and control over a Drive document throughout its full lifecycle. Files may become vulnerable once they are shared externally, and with each additional share, risks multiply.

Plus, without data-centric encryption, the cloud vendor can access your sensitive files. For many organizations, this presents a compliance concern and additional layers of security are necessary.

Not only is compliance with data privacy regulations—such as HIPAA, GDPR, and CCPA—a concern, but so is ensuring true privacy for files containing proprietary data and intellectual property.

This all comes down to one key concept: In order to collaborate with confidence, organizations must have a means of maintaining persistent control when sharing files both internally and externally. To illustrate this, let’s take a look at three industry examples.

Technology

Every organization has intellectual property (IP) that propels the business forward. For example, IP for technology businesses is likely in the form of product plans, code, specifications, and technical documentation, and other files containing IP. In order to innovate and remain competitive, these companies need to share this IP both internally with other departments and externally with technical and business partners. 

Not only does file sharing need to happen in a way that doesn’t slow down innovation, but the organization must be able to maintain control to prevent IP theft and maintain a competitive advantage. After all, if IP gets in the wrong hands, they’re vulnerable to losing market share to their competitors. 

Human Resources

HR organizations and departments correspond with recruits, contractors, labor unions, and other external parties daily. In these communications, personally identifiable information (PII) and personal health information (PHI) are often shared throughout contract negotiations, insurance and other benefit elections, and standard HR onboarding processes. Much like the tech company example, HR teams must be able to maintain control throughout their workflows in order to ensure this data remains private and compliant.

Securing inbound PII and PHI is especially critical because the collection of this sensitive data is likely done using multiple legacy methods—fax, FTP or email. Without persistent protection and control, these methods do not provide the data privacy, ownership, and visibility needed. Simply put, sharing PII and PHI in a non-secure way puts the organization at risk of a breach and noncompliance penalties. 

Healthcare

For healthcare organizations, even though HIPAA compliance is always a concern, providing the best in patient care is the top priority. In order to provide top-notch patient care, information sharing and collaboration with many different parties is non-negotiable. The challenge lies in doing so securely, so as not to put patients’ privacy and health—or your organization’s compliance—at risk.

Healthcare organizations need to share files with PHI—such as test results, medical records, prescriptions, and treatment plans—with external, third-party providers as well as with patients, all the while maintaining control throughout these communications to ensure HIPAA compliance.

Healthcare organizations also need to share medical claims, billing, and payment information with third-party insurance companies and maintain control throughout to ensure not only HIPAA but also PCI compliance.

Key Features for Ultimate File Sharing Security

If you’re looking for a solution to enable secure—beyond the native security features of your email or file storage system of choice—file sharing, the following features will help improve your organization’s security posture:

  • End-to-end protection encrypts files before they ever reach Google’s servers to prevent access by Google and unauthorized third parties.
  • Enhanced access controls strengthen Google’s native information rights management features, with the ability to watermark documents to prevent data exfiltration.
  • Granular audit gives your organization visibility over who has accessed and reshared documents, wherever they travel, with the ability to integrate with any SIEM.
  • Secure external sharing allows you to keep control over Drive documents—whether they’re shared with Microsoft users or anyone else—without forcing collaborators to create new Google accounts or creating open share links that increase data leak risks.
  • Customer-hosted encryption keys give customers direct control of the keys protecting their Drive files, preventing government surveillance and shielding your most sensitive information from Google.
  • Seamless user experience ensures adoption with security embedded directly in the native Drive interface, and without requiring local client software, separate applications and passwords, or new workflows.

Virtru provides these capabilities with our Google Drive and Gmail encryption solutions, providing organizations with the enhanced protection and control necessary to keep files private and secure.

How to Send Files Securely

As Google’s only recommended encryption partner, Virtru provides a critical layer of protection on top of G Suite’s native sharing features and security capabilities to help organizations realize the potential for private, compliant, and controlled file sharing workflows.

Virtru for Google Drive

Virtru for Google Drive allows organizations that store and share common file types in Google Drive—including PDFs; Word, Excel, and PowerPoint documents; .png and .jpeg image files; and .txt files—to encrypt them upon upload. Controls, like watermarking and disable resharing, can be applied to prevent unauthorized access as they’re shared internally between departments and externally with customers, partners, patients, and other collaborators. Users can also convert native Google files (Sheets, Docs, and Slides) to their respective Office counterparts (Excel, Word, and PowerPoint) to support secure sharing beyond the G Suite ecosystem.

Critically, organizations can automatically enforce file protection to ensure their files stay private and compliant with regulations like HIPAACCPACJISITAR CCPA, and more.

Virtru for Gmail

Virtru provides end-to-end encryption for your emails and all the data they contain. Virtru’s encryption services are built directly into Gmail for ease of use: send and receive emails as you normally would, but with robust data-centric protection included. Your end-users won’t be impacted—there are no extra steps or clunky manual processes.

You can also rest easy knowing that unwelcome eyes will not be able to view your data: Virtru’s encryption key management enables you to host your encryption keys separate from Virtru’s platform. No one, from Virtru to Gmail to outside threats, will access your data without permission.

To learn more about sending files securely using Virtru, please get in touch today.

Subscribe to Our Newsletter

Connect With Us


Dive Deeper