Are document storage/sharing SaaS providers doing enough to protect sensitive data, in your opinion?

Collaboration SolutionsSecurity
801 views13 Comments
Sort By:
Oldest
Director of Information Security Operations in Consumer Goods2 years ago
Of course not, I need to have monitoring rules and tools like varonis for example 
Director, Security Operations in Telecommunication2 years ago
No. While using a SaaS provider for this will actually increase protection for many, which is a good thing, this is not enough.  As with any SaaS solution, many people feel that by shifting to SaaS, they've been able to shift the responsibility as well, which isn't the case.  It's important to focus on the SaaS provider's capabilities during procurement due diligence, and also have a good vendor management program in place to ensure ongoing compliance.  Often overlooked, but just as important is ensuring you have some ability to monitor activity focuses on the SaaS repositories, no different than monitoring your own systems.
2
CIO/CISO in Healthcare and Biotech2 years ago
Not nearly enough, given the maturity of 3rd-party controls available to supplement the obvious gaps within the primary providers. I'm hoping many of the features available in some of these data detection and protection solutions ultimately get integrated, or in the extreme case, hopefully some of these control providers get acquired by the storage providers so that their functionality can be seamlessly integrated.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director of Information Security in Manufacturing2 years ago
No, I do not think so.  The platform should not only have the technical ability to safeguard sensitive data (and most of them do), but also make it natural and easy for people to do so.   Setting a default is a start, but also noticing the nature of the document (e.g. a spreadsheet with financial data) or the type of audience should be strong indicators to help trigger a warning or a choice to the user.    If you e.g. write an e-mail and forget to attach, or you include external recipients, you get a warning.   This would help at least some of our users if we can do that for document storage as well.

I also believe that expiration dates should be something that is built in.   When creating a document, set a data after which a warning will be given and then deletion will be initiated.

Last but not least, at least some basic auditing capabilities would be nice.  What are the documents I have shared, and when was the last time anybody even had a look at my documents....
Director in Construction2 years ago
Document management should not be confused with document storage SaaS provider solutions.  The only way to protect information is to (a) know what information you are trying to protect and (b) implement appropriate access control, monitoring... with regard to how to protect it.  Unfortunately, the masses are just looking for quick and 3sy ways to share documents and they find cheap and easy SaaS providers for this small aspect of a larger business problem.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Are you facing the same cost increase / risk on the timeline for the PCI DSS 2024 Audits?

Auditing & LoggingIT Strategy & RoadmapSecurity Strategy & Roadmap+1 more
CISO in Healthcare and Biotech8 days ago
The update to PCI DSS has introduced new validation and documentation requirements, increasing the cost and timeline of audits. These changes require more detailed evidence of compliance, affecting internal processes and ...read more
1.1k views1 Comment

Who do other large companies use as an outside cybersecurity firm to assess their cybersecurity program, controls and also have the capabilities to perform red team activities and adversary attack simulations?

Vendor/Product RecommendationSecurity
Strategy & Enterprise Architecture VP, Information Systems9 days ago
We have used in the past Mandiant, Accenture, and Deloitte to perform cybersecurity program assessments. For red team activities, we rotate vendors each year and have used the same vendors as above.  
Read More Comments
233 views2 Comments

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments