Are document storage/sharing SaaS providers doing enough to protect sensitive data, in your opinion?
Sort By:
Oldest
Director of Information Security Operations in Consumer Goods2 years ago
Of course not, I need to have monitoring rules and tools like varonis for example Director, Security Operations in Telecommunication2 years ago
No. While using a SaaS provider for this will actually increase protection for many, which is a good thing, this is not enough. As with any SaaS solution, many people feel that by shifting to SaaS, they've been able to shift the responsibility as well, which isn't the case. It's important to focus on the SaaS provider's capabilities during procurement due diligence, and also have a good vendor management program in place to ensure ongoing compliance. Often overlooked, but just as important is ensuring you have some ability to monitor activity focuses on the SaaS repositories, no different than monitoring your own systems.CIO/CISO in Healthcare and Biotech2 years ago
Not nearly enough, given the maturity of 3rd-party controls available to supplement the obvious gaps within the primary providers. I'm hoping many of the features available in some of these data detection and protection solutions ultimately get integrated, or in the extreme case, hopefully some of these control providers get acquired by the storage providers so that their functionality can be seamlessly integrated.Director of Information Security in Manufacturing2 years ago
No, I do not think so. The platform should not only have the technical ability to safeguard sensitive data (and most of them do), but also make it natural and easy for people to do so. Setting a default is a start, but also noticing the nature of the document (e.g. a spreadsheet with financial data) or the type of audience should be strong indicators to help trigger a warning or a choice to the user. If you e.g. write an e-mail and forget to attach, or you include external recipients, you get a warning. This would help at least some of our users if we can do that for document storage as well.I also believe that expiration dates should be something that is built in. When creating a document, set a data after which a warning will be given and then deletion will be initiated.
Last but not least, at least some basic auditing capabilities would be nice. What are the documents I have shared, and when was the last time anybody even had a look at my documents....
Director in Construction2 years ago
Document management should not be confused with document storage SaaS provider solutions. The only way to protect information is to (a) know what information you are trying to protect and (b) implement appropriate access control, monitoring... with regard to how to protect it. Unfortunately, the masses are just looking for quick and 3sy ways to share documents and they find cheap and easy SaaS providers for this small aspect of a larger business problem.