Sharing documents with your business partners should not be onerous but does require some caution to ensure the documents reach their intended recipients and don’t end up in the hands of your competitors or those that wish to damage your business.
The cost of document sharing and collaboration has been greatly reduced over recent years with the introduction of public cloud services such as Google Docs, Dropbox and Box.net.
For small businesses, these solutions have proven extremely valuable - but they do carry a percieved notion of being insecure.
On occasion, hackers have been able to break in to online document sharing systems. Hackers gained access to an employee account of Dropbox in mid-2012, where they found a document containing a large number of customer email accounts that later became targets for large volumes of spam.
While that may put enterprise users off, it's also been an important development - as a direct result of those breaches, several online document sharing providers have introduced two-factor authentication. Dropbox - to continue the example - reacted to the mid-2012 breach by introducing an optional two-factor authentication login. Customers can opt to set up a feature under which a temporary code is sent to the customer via SMS on every occasion they enter their account name and password to ensure it really is being accessed by the right individual.
It's much the same as how our banks secure new or unfamiliar transactions - and while the system isn't perfect, it creates some level of disincentive for hackers to target it.
A quick comparison
If you do decide to use an online document sharing system, you should look closely at the terms and conditions the service is provided to ensure it meets your security and privacy needs.
Let's, for the sake of an example, consider how two different online document sharing providers, Dropbox and SpiderOak, implement privacy and security.
Dropbox and SpiderOak both encrypt documents on their servers using 256-bit AES encryption which gives both providers a tick for security. But Dropbox retains access to the encryption key used to secure your documents and SpiderOak does not, which means that only SpiderOak gets a tick for privacy.
SpiderOak encrypts the document encryption key using your password, which is also encrypted on their system. The one caveat that if you forget your password, you lose access to your documents. Thankfully, SpiderOak lets you store password hints that should ensure you don't end up in this situation.
There are a range of online document sharing solutions available today, so how should you chose a provider that is right for you? To help you make this choice, some of the features that you might look for are:
1. Access everywhere
The provider should include applications that can be installed on all of your devices – computer, notebook, smartphone, and tablet. Your provider should also permit you to access your documents through the web should you not have one of your devices available.
2. Document sharing
Document sharing should be possible using one or more of three approaches. The first is where a document is identified as being publicly available, meaning anyone can see the document and download it. The second approach is where you select the people who can access a file or folder – this approach relies on the people also having an account with the document sharing provider. The third approach adds collaboration capability – a feature of Google Drive and docs.
3. Document synchronisation
Synchronisation is a key feature you should look for. If you edit a document on your computer that is within the document sharing application's folder the document should be updated automatically to all of your other devices and to the document sharing provider’s servers. Document synchronisation ensures that you have the latest version of the document at your fingertips at all times.
As hacking evolves so too does the security needed to prevent unwanted access your information. Security using 256-bit AES encryption is a minimum standard that you should consider.
However, you also need to consider the security of documents stored on your devices. Most providers encourage customers to load applications on their devices and then let the device remember the password. Whilst this removes the need to login every time you access your documents, it also reduces your security to zero. Anyone that gets access to your device will also gain access to your document sharing application. Get into the habit of logging out of the document sharing application when it is not being used.
How valuable are the documents you want to share with your business partners? Depending on the answer to this question you might decide to use a provider that guarantees privacy (e.g. SpiderOak). If the provider does not guarantee account privacy (e.g. Dropbox, SugarSync, Apple iDrive), then you might choose to encrypt your documents using TrueCrypt or Knox before you share them.
Using a second layer of encryption may prevent the documents being accessed on some devices and over the web. A description of how to use TrueCrypt with Dropbox can be found on this blog post. Remember that the TrueCrypt folder object needs to be inside the Dropbox folder for the documents to be TrueCrypt encrypted on the DropBox server.
Document sharing providers typically offer individuals about 2 GB free storage and charge about $100 per year for 100 GB.
For enterprises with multiple users on one account, the cost goes up to about $600 per month for 1 TB and includes a range of additional enterprise features including email integration, backups to an enterprise backup server, user and usage reporting, and enterprise authentication integration using LDAP or Active Directory.