Regardless of efforts to enhance security, EFSS services mostly remain outside of IT control.
Consumer-grade file-sharing can thwart compliance efforts
When project teams work together on projects, they need to share digital documents and project data amongst themselves to accomplish their business goals. To do so, workers often turn to Enterprise File Sync and Share (EFSS) services set up to enable person-to-person file synchronization.
Examples of cloud-based EFSS services include:
- Google Docs, Google Drive
In addition to file synchronization, some services offer collaboration and user management features and more enterprise-focused solutions provide visibility and auditing features, depending on the vendor and subscription tier.
Most EFSS services are designed for, marketed to, and sold to end users, without IT oversight. Many EFSS vendors have recently added administrative tools to appease IT managers, who are frustrated by the loss of control over their networks and the inherent security risks.
For example, this Ipswitch blog post points out that: "Rumor has it at least one major EFSS service even uses the same encryption key for all of their users (which is kind of silly, if the intent is to keep people outside of your organization from reading your stuff). This is so well-known in enterprise IT that "just store it in (insert major EFSS vendor)" is a running joke for workers in the data protection field." (from, "What Kind of File Transfer Solution Do You Need?")
Regardless of efforts to enhance security, EFSS services are still end-user-focused, resulting in many enterprise IT managers actually block EFSS services from their corporate domains to maintain control of their networks. Instead, they offer easy-to-use ad hoc file transfer systems that incorporate email clients and file sharing.
To understand when EFSS makes sense vs. a managed file transfer system, check out our whitepaper, EFSS and Managed File Transfer.