Share Files with Outside World with End-to-end Security and Zero Data Loss

Posted by Ankur Panchbudhe on October 14 2014

Few weeks back, we took a quick peek into Vaultize's sharing capabilities. This post will cover our sharing-with-outside-parties features in more detail.

With Vaultize, users can share their data securely and easily with anyone, even outside their corporate network. They can share big files without worrying about the device being used by the recipient, whether it's a laptop, a desktop, a tablet or a smartphone, whether it's Windows, Mac, Linux, iOS or Android.

With our secure file sharing, users only need to share links with (optional controls like) password protection, expiration date and restricted download access – everything securely and efficiently. They don’t need to consume huge bandwidth or compromise security by sending insecure and heavy attachments via email or FTP. Secure file sharing also enables them to share data from file servers, NAS, Google Drive and SharePoint that recipients can access even when outside the corporate network and without connecting through VPN.

Normally, if a user wants to share a file on Google drive but wants it to be editable only by a few select people, it’s difficult to manage because access rights, or enterprise-class access control in general, are not available in services like Google Drive. With Vaultize Google Drive connector, it is possible to share Google Drive data through Vaultize secure links, which are completely in enterprise IT control and visibility.

How can I share my data via a link?

Link generation (for sharing) is a simple and quick process. One of the ways is to right-click the files/folders and choose “Share”. A popup window will appear, prompting you to enter email addresses with whom you want to share. You can enter internal as well as external email addresses. You can also enter the name of a Vaultize or Active Directory group. A separate link is then generated for each of the users and they receive an email from Vaultize allowing them to access the shared data by simply clicking the link.

Vaultize - Send file or folder as a link

When a sharing link is generated for a set of data, only the copy of data at that point-in-time is made accessible through the link. If you want that your changes should continuously get reflected in the link, you can choose that option in “Advanced options”.

Here are details about various ways to share via link:

  • Share with right-click context menu

Right click on a file/folder to open the context menu and select Vaultize “Send as Link” option. You will be redirected to Vaultize web-panel where you can enter email addressess. Multiple files/folders can be selected at once and they will be then be shared as a single link.

Sharing with right-click

  • Get a link from mobile devices

Vaultize mobile apps provide a facility to generate a secure link for any file/folder. You can send this link to anyone over email, text message, instant message, chat, etc.

  • Share from Vaultize file browser

In Vaultize web-UI, when you are logged in to your registered device, files and folders can be browsed and you can select any file/folder for sharing as a link.

Share from Vaultize browser

  • Share from Vault

In Vaultize web-UI, you can share any data that is already in your “Vault”.

Advanced options for sharing link

Link permissions

A share link provides secure access to corporate data to the outside world; it has a risk of data exfiltration. To minimize these risks, you can assign or deny certain permissions for each visitor of a shared link (see the screenshot above and below this para). Following are the permissions that can be associated with a share. If you are sharing a file with multiple users, different permissions can be set for each individual.

Sharing permissions or rights

  • View:

This permission enables an user to view a shared file in Vaultize online document viewer - the file can be viewed in the web browser without having to be downloaded on device. Vaultize online document viewer allows you to control things at the content level. See this blog post for more details

  • Download:

User can download a file in its original format.

  • Download watermarked file:

User can download a file, but a digital watermark will be added to the downloaded file. See this post for more details about watermarks.

  • Upload:

User can upload a new file to the shared folder. Upload is permitted only if the file fulfils the filter criteria set for data protection.

  • Share further:

If a user has been granted this permission, he can further share this link with other users and can set his own permissions, expiry, password, etc. The new permissions must be equal to or less than current permissions.

  • Print in online document viewer:

While viewing a file in online document viewer, it can be printed without downloading the file on user’s device.

How can IT secure a shared link?

Enterprise IT must ensure that information within their organization does not go beyond the intended audience and/or the intended intentions. More often than not, their users have to work with external parties – customers, vendors, partners, contractors and the like – for which, files have to be shared. So how does an IT administrator ensure that the shared data does not get accessed by anybody and everybody, and prevent data loss?

Vaultize provides a great way to control sharing and access of files/folders from the external world, by way of sharing policy that can be applied to users, groups or the entire organization.

  • Limit link access to geographical locations:

If IT wants to restrict recipients from accessing a link from specific geographical locations, administrator can specify a list of countries to block.

Geo and IP fencing in sharing policy

  • Allow or block link access based on IP of the accessor:

This control allows administrator to restrict link access based on certain IP ranges; it can be used to restrict access to extended corporate network or to fine tune after geographical locations are set.

  • Limit link access based on time:

Administrator can also define when the link can be accessed. She can define days of week and time of the day.

Time restrictions on sharing

  • Enforce link expiry:

Administrator can enforce the link to expire automatically after some time. Link creator can specify his own expiry which can be less than or equal to the expiry set by the administrator.

Link expiry, password and other things in sharing policy

  • Enforce password protection:

Administrator can enforce that all the shared links be password protected.

  • Enforce DRM protection:

Administrator can enforce that all the downloads from the link be through Digital/Information Rights Management (DRM / IRM) protected downloads. DRM helps in access control, copy protection, content control and so on.

  • Enforce watermark:

Administrator can apply a watermark to the files being viewed in Vaultize online document viewer. Watermark can be a text or image (for example, organization logo). Email address of the link visitor can also be embedded in the watermark.

  • Limit number of link accesses:

Administrator can specify maximum number of link accesses. When this count is achieved, the link will be expired automatically.

  • Limit number of downloads:

Administrator can specify maximum number of downloads from a link. When this count is hit, link will be expired automatically.

Vaultize also tracks all accesses to the shared data with parameters like email of the accessor, IP address, geographical location, time and type of access. Share publisher can see all this tracking information in the form of a timeline in our upcoming features called "File history" and “Share history".

This post is written by Aboli Aradhye, one of the key developers of Vaultize's sharing capabilities. She’s a Software Engineer at Vaultize and works in our Pune India R&D Centre.

Topics: Solutions, Product, Features

Subscribe To The Blog