In our recently released ECM and Cloud File Sharing evaluations, we assess some new requirements, including:
- Mobile Access to ECM-managed content
- Ability to share and sync files across multiple devices (think Google Drive or Dropbox within your enterprises)
- Cloud-based architectures (of which there are several variants)
A common theme running through these requirements is security, and in particular how files get encrypted. This can especially resonate when employees use their own mobile devices to access documents residing in a cloud environment.
Different types of encryption
Of course there are many dimensions to security, especially in a cloud context. With respect to external security, most ECM vendors will describe all kinds of advanced security algorithms to encrypt your files in remote locations. But, as always, you’ll want to look closely at the details here.
In particular, note carefully the difference between:
- Encryption “at rest," while the files are stored in the cloud or on their servers
- Encryption “in transit” or “in flight,” while the files are being transferred between the server and your devices or among different devices
- Encryption at the "end-points" when the file gets downloaded
Most vendors say they encrypt files in-flight and at rest -- in their repository. However, not all vendors encrypt files when it resides at one of the end points – that is, after the file has been downloaded to your mobile phone or tablet. This has important implications because employees can leave organizations (and take their devices along) or devices can get stolen.
Some enterprises have recourse to address this latter challenge via mobile management platforms, which can do things like remotely wipe files when an employee quits or a device gets stolen. Some ECM vendors can do this too, but not all.