Sharing and collaborating online while locking the stable doors
Sharing & Collaborating online while locking the stable doors
Why and what do we share?If you think about the sensitive data currently being shared by businesses via insecure email systems and other files sharing tools it starts to get scary.
- Company and business accounts
- Tax returns
- Job offers and HR documents
- Financial discussions around contracts and transactions
- Property contract negotiations
- Legal communications either criminal or civil.
Scary stuff indeed!
All this takes place on cloud systems that are only as secure as the company that provides the service. A breach of your email service could expose the data from hundreds (or thousands of customers). Think about all the information currently in your "sent" folder in your email app!
Yes there are add-on's for email apps that can send secure attachments but our customers needed to collaborate on the content as a team and existing solutions didn't provide these features.
What would be the ramifications, especially under the new GDPR regulations, for your business if any of this sensitive data went public?
What breach! I've never had a breach.Data breaches are everywhere. Up over 40% in 2017 alone. It's not if a breach will occur, but when. So how can a breach occur?
- A leak by a careless employee
- A weak password
- A leak by your cloud provider or developers
- Hack/Data theft including the database
- Failure to secure an online app/repository thereby exposing the data
- The list goes on..
Let's face it - you are one weak/insecure password away from exposing your data.
So ask yourself - How secure is your data? How secure are your sensitive business documents and discussions when the inevitable breach occurs. Can you do anything to protect the data when a breach occurs?
DropVaultWe set about trying to fix this with our DropVault app. We looked at how our customers were sharing and collaborating with their team and more importantly, with their customers. We built a collaboration app around this need with all the tools and features that make collaboration work.
Instead of sharing a document with one recipient, Apptimi DropVault lets a team share the message and documents. Post, reply, add documents, comments, reminders, mention someone, watch conversations and lots more as a team. All the features a business is looking for in a collaboration and sharing app.
It's like Google Groups but with much fancier clothes.
Making it secure in the event of a breachAs one of our customers asked
Give me a way to share with anyone, at any time but secured from anyone except the people I choose... and that I can still sleep at night
Fact: most systems, including email servers can be browsed by IT staff. While some fields might be encrypted, the content of the messages and any attached documents are not normally encrypted. Your email server might be secure, but what about the recipients? This is a potential exposure point for your data.
So how do we make it better?
Securing your data from everyone (except you)
The challenge in building secure collaboration tools is the user experience. How can you provide the security while allowing easy sharing and collaboration of your data. Hardware keys are great and highly secure, but are big UX (user experience) killers. The task is to meet somewhere in the middle , maintaining ease of use while still securing the content.
We decided to implement a custom encryption key for each secure Inbox. Now each customer can choose their unique key or phrase and we encrypt and hash this key to secure it. Each team member or customer invited to the Inbox receives their own unique password or pin on top of their login to Apptimi. This additional layer provides the necessary security and protection needed to collaborate securely. A compromise of the pin on one Inbox won't expose the data on any other.
Our secure Inbox can now support any user content, with all the features of our regular Brainstorming channel but in a highly secure environment. We don't store the key (in a format we can access or decipher) so even Apptimi support staff do not have access to the data. Add in the other basic encryption we have in the app, plus encrypting the database at rest , security monitoring and intrusion detection, and you have a highly secure collaboration and sharing app.
Where to next?
We'll probably add in hardware key support such as Google Titan (https://cloud.google.com/security-key) , Yubico (https://www.yubico.com/) or other Fido keys so provide additional options for customers that need the extra protection.
Sharing data anywhere at any time is potentially opening the doors to a breach of your data. With increased emphasis on protecting the privacy of your customers data, the onus is on you to take the steps necessary to protect this data to the best of your abilities. Encryption is not the only solution, it's just one step on the path to building a safer online presence.