Sharing Files Securely with Zero Trust
Does your workflow involve a directory shared onto multiple computers? Of course it does, what other reason would there be for the share feature to exist? Maybe your ‘Z:’ drive is where your workgroup keeps its files. But, you are worried about ransomware. In this shared model you are only as strong as the weakest link. How can we reconcile securely sharing files with simplicity and convenience?
You’ve investigated other techniques, emailing files back and forth, Dropbox, Google Drive, Microsoft OneDrive, Microsoft SharePoint, Synology NAS, etc. But, they all were lacking as a means of sharing files. The emailing files had the problem of never knowing who had the most recent. It caused an increase in the backup size. It was not real time. The DropBox, Drive, OneDrive et al had the problem of being a store-and-forward method. Its ok if you have 1 writer, multiple readers, for things like e.g. company policies. But, if you have a database (like QuickBooks), this doesn’t work. Is there a better way?
Of course there is. What if you could take an arbitrary directory on your Windows, Linux, or Synology drive and make it available, over the Internet, to any user. Without a VPN. Live, real-time, with proper locking? Without causing ransomware risks? Without needing to disconnect from a VPN to start your video conferencing. What could you do with that?
Well, you could share your Intuit QuickBooks with your Accountant. Live. You could have that shared Spreadsheet that you can’t seem to get rid of. You could use a single backup stragey. You could avoid reworking your current workflows. Let your users work at home as simply as at work, with a mounted drive, without a VPN. Sharing files with high simplicity and high security.
How do we achieve this? First, we use a protocol called WebDav. In a nutshell it makes file access over HTTP possible. It has native drivers built in to Windows, Linux, MacOS. This means a user can just right-click and mount a directory like they are used to. This means any device.
Second, through the magic of a single federated identity, we can provide authentication and authorisation to any user. Whether via your Azure Active Directory, a Google account, or an Apple account. This means any user.
Now the ransomware. We have removed that risk, ransomware travels via the Microsoft SMB protocol. We have eliminated its use in favour of WebDav, an HTTP-based mounting and sharing mechanism.
Higher productivity. Higher security. Share your files with any user, on any device, on any network. Without a VPN, without the worry of ransomware.
Now, how do we get the data from your network to your user? Through the magic of an identity-aware web application firewall and Zero Trust Network Access you install an agent on your site. It makes an outbound connection. No firewall changes are needed, no configuration.