News Stay informed about the latest enterprise technology news and product updates.

Cloud file sharing: Secure enough for the CIA, secure enough for you?

Two U.S. government agencies will adopt cloud file sharing and collaboration services. Security concerns? What security concerns?

IT pros who cite data security as a reason not to adopt cloud file sharing and collaboration services may reconsider now that the U.S. intelligence community is getting in on the act.

IT needs to be much more proactive.

Larry Hawes,
founder, Dow Brook Advisory Services

Huddle, a U.K.-based cloud file sharing and collaboration platform, will replace SharePoint for the U.S. Department of Homeland Security and the National Geospatial-Intelligence Agency. Security is a prime reason why many IT shops have been slow to adopt cloud file sharing and collaboration tools. This partnership, however -- after selecting Huddle, the CIA-backed investment firm In-Q-Tel is now investing in the company -- helps dispel the notion that cloud-based tools aren’t secure enough for adoption.

"One of the most locked-down organizations in the world is putting data on a shared cloud with Huddle," said Terri McClure, an analyst at Enterprise Strategy Group, based in Milford, Mass. "That's why this is a big deal."

If Huddle is secure enough for the U.S. intelligence community, it should be secure enough for any old enterprise, said Larry Hawes, founder of Dow Brook Advisory Services, an enterprise content collaboration consultancy based in Ipswich, Mass.

Other cloud file sharing and collaboration barriers

Security is not the only issue preventing organizations from adopting cloud storage, file sharing and collaboration platforms, however. By the time IT has picked a tool and had a chance to deploy it, many employees will have already begun using other, consumer-oriented services -- which IT then has to rein in.

"Timely procurement of services is a bigger issue than security," Hawes said.

Until recently, the issue of syncing and sharing files across multiple devices outside the corporate firewall wasn't even on IT's radar.

More on cloud file sharing and collaboration services

Consumer cloud storage and collaboration guide

Enterprise cloud file-sharing apps give IT more control over data

Top 10 cloud-based file-sharing terms

"If IT isn't going to offer something like Dropbox, then employees are just going to adopt personal accounts to address this problem," McClure said.

Nearly 50% of employees use personal cloud file sharing and collaboration services, but 77% of organizations do not approve the use of those services, according to Enterprise Strategy Group research.

"IT needs to be much more proactive," Hawes said. "There's data out there, and business people adopt new technologies roughly twice as fast as IT. IT needs to understand why people are using these services without their consent, and then find an acceptable solution that's as easy to use."

Huddle's place in cloud file sharing and collaboration

The Department of Homeland Security and the National Geospatial-Intelligence Agency will deploy Huddle in two ways: a typical cloud-based deployment to handle the majority of content, and an on-premises version that won't be networked to the outside world in order to secure and protect the agencies' most sensitive files, said Alastair Mitchell, Huddle's founder and CEO. Huddle is already deployed throughout various European government agencies, including 80% of U.K. government departments, Mitchell said.

Huddle offers native mobile applications for Android and iOS devices, Active Directory integration, bi-directional integration with Outlook, auditing and versioning controls, various IT admin policy settings, homegrown data centers, and algorithms that determine specific files a user could potentially need on a mobile device, and then caches them locally for offline use.

The cloud file sharing and collaboration services market is increasingly crowded, with large enterprise vendors such as VMware Inc., Microsoft and Citrix Systems Inc. duking it out against upstarts such as Box and Dropbox, plus lots of other smaller companies.

In-Q-Tel's undisclosed investment in Huddle will help the company refine its cloud file sharing and collaboration platform to strictly comply with the Federal Information Security Management Act.

Dig Deeper on Mobile data, back-end services and infrastructure

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

If cloud file sharing and collaboration is secure enough for the government, is it secure enough for you?
Because it's not about security alone! Best supported community management is in-house. Cloud based today at least, is scattered with bullshit consultants and butterfly collaborators, that do absolutely nothing but crowd pleasing. Waste of time and money. Building a new house is collaboration not advertisements from various real-estate firms and lawyers. "the cake is a lie' ;-)
The CIA is not interrested to spy the data of themself, as they know whats in. But the patriot act allows them certainly to spy my data....

No way.
might mean that it is more for looking into your stuff, how much will be put from their side on these platforms?
One, notice that the CIA is using both an internal and external deployment. If it is so secure it should only be external? Two, without details on the CIA RFP it's hard to gauge what selection criteria was used and it's real relevance. Three, the CIA and others have been known to make mistakes. Four, time will how smart this decision is. It's worth taking a closer look but this should by no means be considered an proclomation of complete and utter security.
Can see the confidence of Gov. agencies in sharing in information cloud, which should be surely secure.
Internal networks are just as insecure as cloud file sharing.
The only way to be more secure is to have no personal information floating on the web. That is impossible. No credit (cards, house, car etc.). There has been so much not within the cloud based storage space that it is more safe than the server you have all your data on at home. That's where there are friends, children, relatives and others that come in and out and all they have to do
Is be smart enough to download data on to a USB or microSd and away goes your data. How about taking your phone or laptop in for service and the people there steal your pictures or important account info. There are many ways to steal data. In the cloud at least you can have your info vaulted away with your password you chg regularly and hosted at a secure site with protocols and video in place to keep employees and outsiders homer as well as firewalls and encryption. It's safe and oh by the way most banking and medical data have moved over to cloud based services and it works with privately managed cloud environments. A public cloud environment even has multiple Layers of security built into their structure. It's safe
If they are using it for public informaiton, I do not see an issue with it. I cannot imagine they are using it for sensitive information. There can be significant legal issues with regard to discovery and venue, as well as breach notification. This does not address begin to address the issues with bleed over between virtual partitions.
Bring on the hackers. No matter how secure you think your data is, if it's out there on the internet, someone is going to find a manner in which to breach your security. Sooner or later, in one manner or another it will happen.
Canadian company response:
- Yes - secure enough when considering on-premise cloud, but No if:
1) host is on US soil (Patriot Act)
2) host is US owned (Patriot Act)
3) high cost to exit (that's not a really a security issue though)
I use I Think Security's cloud-based file sharing technology. It's absolutely amazing - we chose where we wanted our data to stay and our administrator is able to monitor and control access and sharing. Third party access is never a worry for us.. even I Think Security never has access to our data.

I recommend it! Complete peace of mind .. I know my data is secure.

- J
Depends on individual neds (not just security).
The story is twisted to sound good for the Cloud says right in the story...and of course not at the beginning...that they will use a non-connected in-house version of huddle for their most secure documents...that's because they know it is not secure enough to put into the Cloud. They also have ZERO real liability because they have 100% civil service protection and if they lose the data…so what? All they do is say oops, sorry, while private enterprise either goes out of business, gets charged with a crime or gets sued in civil court. Using what government approves of to justify what business should do is a fool's errand and not even a realistic comparison. This has been a BS argument for years.
Depends on what information CIA decides to put in the cloud. Does that include top secret or above classifications? Highly unlikely.
Security of files depends upon the process adopted by the Service Providers. It should be compliant to the standard security policies.
The cloud providers have the consolidated resources to outspend me on security. And while I don't think any thing is secure enough, I just strive for narrowing the security gap.
What kind of information will you keep there?
Plain text or encrypted?
Your question is a joke!!
Fantastic Idea
It should be Yes, like it'is for our money on our bank
It forces the vendor to improve its product or lose its reputation.
Only if the confidential/privacy information stays secure through its lifecycle. Although solution as in data leak prevention is out there, they are rarely used.