Comparing security measures of popular file-sharing solutions - What organisations need to know

We live in a digital era where data is almost akin to gold - which means ensuring the security of the file-sharing applications chosen by organisations is of paramount importance. CIOs, CSOs and their teams are increasingly challenged to safeguard sensitive information while enabling seamless collaboration and remote access to files and data.

Digital file sharing is now the norm, but the continuous increase in cybercrime highlights significant vulnerabilities in many file-sharing platforms. Whether you're using cloud-based or hosted tools, hackers continue to target and gain access to your shared and stored data. 

This article highlights the inherent weakness of popular file-sharing applications such as Dropbox, OneDrive, WeTransfer, SharePoint, and MOVEit and the associated risks that they pose to effective data security. We'll also discuss the concept of the zero-knowledge security model and its significance in ensuring true data security.

How secure are the popular file-sharing solutions?

Several popular file-sharing applications (both cloud-based and hosted) are used by organisations worldwide - either for their own file-sharing needs (internal sharing) or in collaboration with clients and customers (external sharing).

The popularity of these applications leads one to assume they provide a high level of data security. But when taking a closer look, this isn't necessarily the case. The key is to understand where the data is encrypted and, more importantly, where it is decrypted.

Dropbox

Dropbox uses encryption for data in transit and data at rest.

However, Dropbox needs to decrypt the data on its servers to provide the service to the user, which means whoever has access to the Dropbox servers also has access to the user’s data. Those with possible access to the data at this point include Dropbox employees and opportunistic cybercriminals.

OneDrive

OneDrive uses the same security approach as Dropbox. The user’s data is decrypted on the provider’s servers, making it a potential target in a manner similar to that described above.

SharePoint

SharePoint, another Microsoft product, is designed for enterprise use. However, from a security perspective, it uses the same security approach as its sister product, OneDrive.

Therefore, it has the same security weaknesses, as whoever has access to the SharePoint servers also has access to the user’s data.

WeTransfer

WeTransfer's security approach is similar to Dropbox and OneDrive's. In fact, it is considered less secure than those solutions because it has a lower level of audit and enterprise controls.

MOVEit  

MOVEit is file transfer software used by several major global organisations. It is a self-hosted solution, which means organisations must ensure software updates are installed and current.

In May 2023, a cybercrime group exploited a vulnerability in the MOVEit software and stole sensitive and confidential data from organisations that used it.

Affected entities included US federal and state agencies, Shell, the BBC, and British Airways. Hundreds of organisations, including the Australian consulting company PwC, had data stolen due to the MOVEit software bug. In some cases, impacted companies were not actually using the software but were working with companies that did.

Why only the zero-knowledge security model ensures complete data protection

Despite the measures employed by many file-sharing applications, as noted earlier, a common limitation is that the data must be decrypted on the provider’s servers.

The zero-knowledge security model ensures that data can never be decrypted on the provider’s servers. This means that only the owner of the data can decrypt it. This guarantees the highest level of security and data protection.

Further benefits include:

• Enhanced privacy: Your data remains secure even if the service provider is compromised.
• Reduced insider threats: Without access to the data, insider threats are substantially reduced due to full auditability and visibility controls.
• Compliance friendly: Zero-knowledge security aids compliance with various data protection regulations, such as HIPAA, CJIS, and GDPR.

While we’ve seen that the majority of vendors provide only partial security, a few specialised providers like DekkoSecure incorporate zero-knowledge security, ensuring totally protected file storage and transfer.

The key to guaranteeing the protection of stored and shared data

The specific security needs of your organisation should guide the choice of a file-sharing platform. Simply, the question should be asked, “What are the consequences of our shared data being hacked or compromised?” Of course, if the data is highly sensitive and confidential, the only way to ensure its protection is to choose a zero-knowledge security platform. To choose a popular solution that is only partially secure is taking a substantial risk.

For more information about how DekkoSecure ensures file-sharing security, explore DekkoSecure's security model.