Large files and data transfers in companies and organisations
Requirements for file transfers are constantly increasing:
In the modern business world, sending data is a regular part of everyday work - and will become even more important in the future. It is important for every organisation to enable its staff to transfer large files of several GB and to meet the following requirements in particular:
Data protection requirements
In the European Union, the General Data Protection Regulation has been applicable law since the end of May 2018. With the aim of protecting personal data and ensuring the free exchange of data within the EU, it includes important rules that must be complied with - otherwise there is the threat of severe penalties:
In accordance with paragraph 2, fines of up to EUR 20,000,000 or, in the case of a company, up to 4 % of the total annual worldwide turnover in the preceding business year, whichever is higher [...].
GDPR Art. 83 (5)
What is equally important, however, is that the GDPR also applies to data concerning EU citizens that is sent abroad from the area of application of the GDPR. This is because the data must be subject to at least the same level of protection there as is legally ensured by the GDPR. Today, files are increasingly stored in the cloud and the largest providers of such services are located in the USA. This means that many data flows of companies and organisations are affected, which they are not even aware of at first. Files are often not consciously sent to the USA, but flow there in the background. Nevertheless, European organisations can be held liable for violations, especially since legal foundations such as the Privacy Shield were overturned by the European Court of Justice.
For companies as well as organisations, it is therefore important to always guarantee the prescribed data protection and to also ensure compliance with the GDPR when transferring large files.
Internal policies:
Companies and organisations often have internal guidelines concerning the sending of files. These also contain concrete guidelines on how to handle incoming and outgoing data and how to store them. For example, if an archiving system is connected. In this case, internal regulations determine what is stored, how and where.
Admins also like to use file type filters as a security measure to ensure compliance with internal guidelines. With these, they can ensure that only the file types they have defined as trustworthy are allowed and others are blocked. Such filters are mainly used when certain types of files are frequently used for malware attacks.
Protection against access by unauthorised third parties
What is already important for compliance with the GDPR for personal information also comes into play for data concerning one's own organisation - when protecting one's own intellectual property. It is not uncommon for large files of several GB, often with content worthy of protection such as patent applications or construction plans, to be sent electronically. To prevent industrial espionage or hacking attacks, it is necessary to protect such data in the transfer from sender to recipient(s) through effective encryption.
User-friendliness
This is one of the most important requirements for any software solution but is all too seldom given sufficient focus. Ultimately, however, it is user-friendliness that determines whether a solution for secure data transfer is used in practice. If such a solution is too cumbersome or complicated for the staff, it will not be used in everyday work - no matter how technically sophisticated it may be. It is crucial that the solution can be used quickly and easily by all employees and that it works without much training. Simple rollout, simple integration into existing work processes, simple handling: this is what makes users and admins happy!
Data volumes are growing rapidly - how large files are created:
Data has enormous importance across industries and needs protection in different gradations. With powerful software, employees create large files of several gigabytes every day, e.g. with Microsoft Office programs such as PowerPoint and Excel, with databases and through CAD files, videos or pdfs. With new technologies, the quality of data sets is increasing - and so is the amount of data, file size and storage space required for them.
Data unfold their true value when they are shared with others and can thus be worked with. For example, when even large files such as an MRI scan can be sent quickly and easily to a specialist to obtain a second expert opinion. What is important here is that such transfers are secure and data protection compliant through encryption. Your workforce wants to work with files in different locations and devices, and many of the recipients with whom they share data are outside your organisation. So how can file transfers be made secure and privacy compliant? After all, such transfers involve important and confidential aspects of your business.
It was not so long ago that physical media were used to transfer such data. On these, the information was stored and then shared with the recipients. In the end, however, DVD, USB stick and co. could not keep up with developments and became increasingly impractical for the transfer of large files in particular, especially in the business sector.
There were good reasons for this:
- The size limit of the data carriers, which could not keep up with the maximum file sizes indefinitely: The available storage space was then simply no longer sufficient.
- The postage costs for shipping: Especially in total, considerable sums could quickly arise.
- A lot of shadow IT was created and data sovereignty was lost very quickly: it simply became impossible to track how many data sets were on the move and where.
- For malware, physical data carriers are a gateway that hackers like to use: where it is common to work with USB sticks, the threshold for their use is quite low. It is sometimes sufficient to label a suitably prepared data carrier with "employee salary list" or similar, to deposit it in a company car park or even to drop it by drone. If just one member of staff cannot resist curiosity and plugs the stick into their computer at work, the integrity of IT within the organisation is over.
Nowadays it is common to send large files digitally. This is faster, easier and saves money. But there are also many pitfalls to be aware of.