Send large files

File too big for an email attachment yet again?

We’ve all been there. After all, many email clients only allow for sending files up to 20 megabytes – given today's data volumes, that is not nearly enough. So what can you do? Users often resort to stopgap solutions they are familiar with, such as WhatsApp or Dropbox – a real nightmare for corporate compliance.

But that doesn't have to happen because there is a simple and secure solution: Cryptshare! With Cryptshare, you can not only send large files, but also do so in a way that is compliant with data protection. And what’s more:

Cryptshare is super easy to use – if you can use email, you can use Cryptshare. This makes both users and admins happy! It’s simple: write a message, insert files via drag & drop, and click send. That's it!

Want it to be even more convenient? There are integrations for Outlook and HCL Notes. And if you want to boost digitalisation in your enterprise and connect an in-house tool, you can do so with the Cryptshare API. You take care of your work, and Cryptshare will take care of the digital logistics.

Just so you know: Cryptshare works bidirectionally, which means that all of your contact partners can also send messages and files back to you securely and confidentially - without additional costs, training or further effort. To learn more about how to enable secure digital communication for your entire workforce, try Cryptshare or ask us for a consultation!

Large files and data transfers in companies and organisations

Requirements for file transfers are constantly increasing:

In the modern business world, sending data is a regular part of everyday work - and will become even more important in the future. It is important for every organisation to enable its staff to transfer large files of several GB and to meet the following requirements in particular:

Data protection requirements

In the European Union, the General Data Protection Regulation has been applicable law since the end of May 2018. With the aim of protecting personal data and ensuring the free exchange of data within the EU, it includes important rules that must be complied with - otherwise there is the threat of severe penalties:

In accordance with paragraph 2, fines of up to EUR 20,000,000 or, in the case of a company, up to 4 % of the total annual worldwide turnover in the preceding business year, whichever is higher [...].

GDPR Art. 83 (5)

What is equally important, however, is that the GDPR also applies to data concerning EU citizens that is sent abroad from the area of application of the GDPR. This is because the data must be subject to at least the same level of protection there as is legally ensured by the GDPR. Today, files are increasingly stored in the cloud and the largest providers of such services are located in the USA. This means that many data flows of companies and organisations are affected, which they are not even aware of at first. Files are often not consciously sent to the USA, but flow there in the background. Nevertheless, European organisations can be held liable for violations, especially since legal foundations such as the Privacy Shield were overturned by the European Court of Justice.

For companies as well as organisations, it is therefore important to always guarantee the prescribed data protection and to also ensure compliance with the GDPR when transferring large files.

Internal policies:

Companies and organisations often have internal guidelines concerning the sending of files. These also contain concrete guidelines on how to handle incoming and outgoing data and how to store them. For example, if an archiving system is connected. In this case, internal regulations determine what is stored, how and where.

Admins also like to use file type filters as a security measure to ensure compliance with internal guidelines. With these, they can ensure that only the file types they have defined as trustworthy are allowed and others are blocked. Such filters are mainly used when certain types of files are frequently used for malware attacks.

Protection against access by unauthorised third parties

What is already important for compliance with the GDPR for personal information also comes into play for data concerning one's own organisation - when protecting one's own intellectual property. It is not uncommon for large files of several GB, often with content worthy of protection such as patent applications or construction plans, to be sent electronically. To prevent industrial espionage or hacking attacks, it is necessary to protect such data in the transfer from sender to recipient(s) through effective encryption.

User-friendliness

This is one of the most important requirements for any software solution but is all too seldom given sufficient focus. Ultimately, however, it is user-friendliness that determines whether a solution for secure data transfer is used in practice. If such a solution is too cumbersome or complicated for the staff, it will not be used in everyday work - no matter how technically sophisticated it may be. It is crucial that the solution can be used quickly and easily by all employees and that it works without much training. Simple rollout, simple integration into existing work processes, simple handling: this is what makes users and admins happy!

Data volumes are growing rapidly - how large files are created:

Data has enormous importance across industries and needs protection in different gradations. With powerful software, employees create large files of several gigabytes every day, e.g. with Microsoft Office programs such as PowerPoint and Excel, with databases and through CAD files, videos or pdfs. With new technologies, the quality of data sets is increasing - and so is the amount of data, file size and storage space required for them.  
             
Data unfold their true value when they are shared with others and can thus be worked with. For example, when even large files such as an MRI scan can be sent quickly and easily to a specialist to obtain a second expert opinion. What is important here is that such transfers are secure and data protection compliant through encryption. Your workforce wants to work with files in different locations and devices, and many of the recipients with whom they share data are outside your organisation. So how can file transfers be made secure and privacy compliant? After all, such transfers involve important and confidential aspects of your business.

It was not so long ago that physical media were used to transfer such data. On these, the information was stored and then shared with the recipients. In the end, however, DVD, USB stick and co. could not keep up with developments and became increasingly impractical for the transfer of large files in particular, especially in the business sector.

There were good reasons for this:

• The size limit of the data carriers, which could not keep up with the maximum file sizes indefinitely: The available storage space was then simply no longer sufficient.
• The postage costs for shipping: Especially in total, considerable sums could quickly arise.
• A lot of shadow IT was created and data sovereignty was lost very quickly: it simply became impossible to track how many data sets were on the move and where.
• For malware, physical data carriers are a gateway that hackers like to use: where it is common to work with USB sticks, the threshold for their use is quite low. It is sometimes sufficient to label a suitably prepared data carrier with "employee salary list" or similar, to deposit it in a company car park or even to drop it by drone. If just one member of staff cannot resist curiosity and plugs the stick into their computer at work, the integrity of IT within the organisation is over.

Nowadays it is common to send large files digitally. This is faster, easier and saves money. But there are also many pitfalls to be aware of.

How large files are usually sent digitally:

The corporate approach

To make these decisions, people often narrow their view too much; they then take a closer look at complex and costly tools like SMIME or less secure solutions like in-house FTP servers. Standard email and cloud solutions such as Dropbox or Gmail are also often chosen as the fastest way to share any file at any time.

Cloud services are popular especially when there is a requirement for a large amount of storage space, but these are not always the most sensible solution. For many organisations, it is important to retain data sovereignty and to be able to guarantee that no data flows in the background to the large cloud providers in the USA. However, due to the US-CLOUD Act of 2018, it is not enough if the server with the relevant data is located in Germany; as long as the parent company is American, US authorities still have access rights to the data. This also affects some providers of secure communication, such as WeTransfer. Although this company is based in the Netherlands, it also uses servers in the USA for its cloud, where data from users' transfers is stored. US authorities therefore also have access to this data in principle. In order to prevent this and ensure data protection at the GDPR level, EU companies with servers in the EU are needed. IT decision-makers in companies and organisations must be absolutely clear about this point!

Data storage in the USA is not subject to such a strict legal framework as in the European Union. Although there is the California Consumer Protection Act (CCPA) in California, which gives consumers more rights over the use of their data, it is still in a pioneering role and is only bindingly in force in the state of California. While in this country data protection for those affected is the focus, in the USA commercial interests are given greater consideration. Therefore, data transfer to third parties without the explicit consent of the data subjects is common practice there in many industries, whereas this is prohibited in the EU by the GDPR. In principle, companies and organisations in the US have much more discretion than their European counterparts as to how strong their data protection should be. In shaping this leeway, the high commercial value of the data is therefore very high on the list of priorities.

Both the legal requirements for data storage and data handling are fundamentally different in the EU than in the US. Companies in the area covered by the GDPR must therefore keep a close eye on where their data goes - especially when it comes to sending large files.

Sometimes companies and organisations already have solutions and services in place to send or receive data. At the same time, however, they are often not used and the workforce switches to applications that they are familiar with from their private lives. These are usually not GDPR-compliant and have not been approved by the in-house IT. The resulting shadow IT therefore causes nightmares for the admins, because they have no knowledge of which data of their company or organisation is circulating where. However, shadow IT does not only occur when there is no solution for the secure exchange of data; it is already enough if the users find the solution too cumbersome or complicated to use.

Once workarounds have become ingrained in the daily work routine of the staff, it is difficult to get rid of them again. It is therefore all the more important that organisations prevent such workarounds from the outset by providing their staff as early as possible not only with a communication solution that is secure and compliant with data protection requirements, but also one that can be easily used by all employees.

In the everyday work of the workforce

There are many ways to send large files of several GB from the sender to the recipient's side. Employees are familiar with many providers of such services from their private lives, such as DropBox, WhatsApp, OwnCloud or WeTransfer. But this is exactly what can become a problem for any organisation.

Especially solutions from the consumer sector are not suitable for sending data that is subject to external or internal compliance requirements. They do not always use encryption and the transport route over which the data is sent is not necessarily protected from access by unauthorised third parties. Moreover, such solutions undermine the data sovereignty of organisations. Dropbox, WhatsApp, WeTransfer and the like are quickly used, but leave the IT department completely in the dark about what data flows out when and where.

Nevertheless, employees like to use such solutions as a workaround. Why? It is true that many users are unaware of the catastrophic consequences for their own organisation of "just quickly" sending large files via unauthorised channels when they use them all the time in their private lives anyway. Even more serious, however, is the fact that services for private use are just that: "simple" and "fast", especially in use. In the case of doubt, this usually trumps any security concerns.  

Even if companies have provided approved options for securely sending large files, these are often avoided and bypassed by the workforce. This circumstance is also closely related to the high user-friendliness of the offers and their familiarity from the private sector.

Conclusion for organisations and companies:

The security of solutions for sending large files must therefore by no means be at the expense of user-friendliness!

Experience shows: If your organisation does not provide a solution that is easy for your staff to use, they will be tempted to find workarounds. As a rule, they then use old familiar - and unapproved - means over which your IT has no influence.