More about Cloud File Sharing
- How to Configure NFS Storage Using AWS Lambda and Cloud Volumes ONTAP
- AWS File Storage with AWS Lambda
- Cloud File Share: 7 Solutions for Business and Enterprise Use
- In-Flight Encryption in the Cloud for NFS and SMB Workloads
- Amazon S3 as a File System? How to Mount S3 as Drive for Cloud File Sharing
- How to Set Up Multiprotocol NFS and SMB File Share Access
- File Sharing in the Cloud on GCP with Cloud Volumes ONTAP
- SMB Mount in Ubuntu Linux with Azure File Storage
- Azure SMB: Accessing File Shares in the Cloud
- File Archiving and Backup with Cloud File Sharing Services
- Shared File Storage: Cloud Scalability and Agility
- Azure NAS: Why and How to Use NAS Storage in Azure
- File Caching: Unify Your Data with Talon Fast™ and Cloud Volumes ONTAP
- Azure Storage SMB File Sharing
- File Share Service Challenges in the Cloud
- Secure File Sharing in the Cloud
- Enterprise Data Security for Cloud File Sharing with Cloud Volumes ONTAP
- File Sharing in the Cloud: Cloud Volumes ONTAP Customer Case Studies
- Cloud-Based File Sharing: How to Enable SMB/CIFS and NFS File Services with Cloud Volumes ONTAP
- Cloud File Sharing Services: Open-Source Solutions
- Cloud File Sharing Services: Azure Files and Cloud Volumes ONTAP
- File Share High Availability: File Sharing Nightmares in the Cloud and How to Avoid Them
Cloud-based file sharing supports seamless collaboration and the free flow of information across enterprises. However, improperly secured file shares can expose the enterprise to significant cloud security threats in the face of malicious attacks or human error. How can you secure your cloud file sharing solutions?
In this blog we examine potential cloud security risks related to file shares and how those risks can be mitigated. We’ll also look at how NetApp’s Cloud Volumes ONTAP adds important file share protection capabilities.
Secure File Sharing: A Top Security Priority
It is critical to remember at all times that in the cloud IaaS and PaaS service models, the onus of both data loss protection and data loss prevention lies completely with the customer. Even in the SaaS service model, the end-user is responsible for determining which individuals or which roles have access to data.
The cloud service providers offer an array of cloud-native security features and managed services to support cloud data protection efforts and secure file shares. For example, cloud storage providers can typically encrypt data at-rest, often offering encryption key management services as well. The cloud providers also offer the option of encrypting data in-transit as it moves in and out of the cloud’s network. They also offer cloud activity monitoring services, such as Amazon CloudWatch and Azure Monitor, that can alert users about anomalous events.
However, no tool or service can secure file shares if the organization lacks the cloud security expertise to avoid the following poor practices:
- Undefined or unenforced corporate policies for sharing information, such as inadequate classification of data according to sensitivity levels and security control requirements.
- Granting overly permissive access to file shares by users or applications.
- Failure to implement automated policy-based constraints such as reasonable timeframes for revoking access or content expiry.
- Implementing person-to-person sharing directly on IaaS storage.
- Unobfuscated—i.e., openly readable—file share URL links.
Tools That Mitigate Cloud File Share Risks
Through the cloud service partner networks, cloud users also have access to tightly integrated third-party vendor tools that provide visibility into and robust corporate control of file shares across multiple applications and complex multicloud and hybrid infrastructures.
Cloud Access Security Brokers (CASB)
CASBs are typically deployed as gatekeepers interposed between internal and external end-users and the organization’s cloud infrastructure. CASBs provide central IT with full visibility into cloud service usage and automatically identify high-risk users, apps, and activities. Most CASBs provide access controls that prevent unsanctioned access to data as well as trigger risk mitigation workflows. Next-generation CASBs often use machine learning, artificial intelligence and behavior analytics to predict and preempt security threats.
Data Loss Protection and Prevention (DLP) Software
DLP tools ensure that sensitive and business-critical data is protected against loss or exfiltration due to accidental or malicious unauthorized access. Although DLP engines are often included in CASB platforms, they are also available as standalone solutions. DLP tools monitor networks, storage and end-points to identify and block activities that could lead to data exposure, loss, corruption or leakage.
Digital Rights Management (DRM) Services
DRM is a set of tools and practices that protect copyrighted and/or confidential digital media—including file shares—from unauthorized copying and redistribution. DRM tools support secure file shares by tracking and auditing which users are accessing files through which devices. Enterprise-grade DRM tools typically offer highly-secure encryption, protection at the file level, and analytics for control and visibility into how digital assets are being consumed.
How Cloud Volumes ONTAP Supports Secure File Sharing
NetApp’s Cloud Volumes ONTAP is an enterprise-grade software-defined storage (SDS) solution and management platform that runs on both AWS and Microsoft Azure. The OnCommand® Cloud Manager provides unified single-pane configuration and management of file shares across hybrid and multicloud deployments, including automated workflows. With support for all major NAS file share protocols, including SMB/ CIFS and NFS (as well as block-level SAN/ iSCSI storage protocols), the Cloud Volumes ONTAP features most directly relevant to secure file sharing are:
- Data Protection with Snapshot-based point-in-time incremental backups and DR.
- Cloud WORM to prevent accidental or intentional changes to or deletion of shared files.
- Data encryption.
- Tight integration with all the leading access control protocols such as Microsoft AD, LDAP, VPC, Amazon IAM, as well as built-in user and multi-tenancy management.
- Dedicated network connections so that file shares do not transit the Internet.
Cloud-based file shares have become an important business enabler, allowing information to flow freely among employees, customers, and partners. However, it is incumbent on each organization to ensure that leveraging the benefits of cloud file sharing does not expose data to increased risks of loss, corruption or exfiltration. The IT and security teams tasked with establishing and enforcing data security best practices can build a robust data security technology stack using cloud-native as well as third-party services and tools.
NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP capacity can scale into the petabytes, and it supports various use cases such as file services, databases, DevOps, or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more. Cloud Volumes ONTAP supports all the cloud file-share protocols, including NFS, SMB, as well as iSCSI.