Sharesync Security Features

Learn why ShareSync from BEAR Technologies is a more secure solution.

ShareSync provides a high degree of security and protection. ShareSync’s protection features let administrators:

  • Assure compliance with security best practices
  • Get full visibility over end-user activity with Audit Log and Admin File Management
  • Utilize remote wipe capabilities in case of lost or stolen devices
  • Keep content safe with at-rest and in-transit encryption
  • Assure reliability with a 99.999% financially backed uptime guarantee
  • Leverage enterprise-class datacenters with redundant storage clusters and connections to multiple Internet providers
  • Protect content integrity with features that guard against accidental deletion or version conflict
  • Keep content in the right hands with permissions and access that are strictly controlled and easily amended

Encryption

ShareSync data is encrypted both when it’s at rest as well as when it’s in transit. At-rest data is encrypted with 256-bit AES encryption, while in-transit data is encrypted using 256-bit SSL/HTTPS encryption. Additionally, ShareSync generates a unique encryption key for every account, creating an even greater degree of protection through data isolation.

Password Protection

Each time a user activates a new ShareSync device or accesses ShareSync from the web, they must login using their username and password.

 

ShareSync password policies are imported from Active Directory and utilize “strong” parameters, helping to eliminate the possibility that external parties will guess passwords. This Active Directory integration requires users to use the same password for ShareSync that they use for all their cloud services. Because there are no additional passwords to remember, it reduces the possibility that they will write their password down where others might see it.

For mobile devices, an additional layer of security can be added by configuring a passcode that must be entered each time the app is launched.

Device Management

Using the Control Panel, administrators get complete visibility across all the ShareSync devices enabled on their account. Each time a new device is configured by an end user, the administrator is notified, and all users’ devices are catalogued in the Control Panel.

Remote wipe

ShareSync is one of just a few collaboration solutions that allows administrators to wipe data remotely. In case of a lost or stolen laptop, tablet, or mobile phone, or when facing a personnel issue, corporate data can generally be quickly removed, helping to minimize potential data leakage.

Audit Log

The Audit Log is a Control Panel feature that allows administrators to view all the ShareSync activities on their account. Whenever files or folders are added, updated, shared, or deleted, the event is logged and available for tracking and auditing purposes, providing a greater level of administrative control over ShareSync. There are multiple ways to use the Audit Log:

  • Browse by event type
  • Search by user, file name, or folder name
  • Filter by event type or date range

Admin File Management

Admin file management is an add-on that lets account owners maintain administrative control overall end user files and folders. Once account owners enable this feature through the control panel, they can manage all ShareSync content across the environment.

Admin File Management increases the ability for administrators to monitor and manage end user content. Using Admin File Management, account owners can

  • Adjust sharing permissions
  • Add, delete and restore files
  • Search across the ShareSync folder and file structure.

This feature needs to be explicitly enabled for each admin. All admin actions are tracked in the audit log.

User control over sharing permissions

When a user shares a ShareSync folder, he or she can set permissions for each collaborator independently. The configurable sharing permissions are “Co-Owner,” “Modify” or “View” permissions.

  • “Co-Owner” permissions give others full control to modify, delete, or share content
  • “Modify” permissions allow others to view, modify and delete content but not share it
  • “View-only” permissions simply enable others to download the files

Permissions can be set differently for each collaborator. And sub-folders can be shared with different collaborators. Permission levels can be changed or revoked at any time.

Sharing web links

Web links allow users to share individual files with users both inside and outside of the company, without giving users permission to view or edit other documents in the same folder. For additional security, web links can be protected with passwords.

External collaborators

Administrators can configure external sharing policies to allow users to easily share with virtually anyone. External ShareSync users can edit files, sync files, and access all content in the folders that have been shared with them. This is a useful feature if for collaborating on files and folders with another company on an ongoing basis.

External ShareSync users are able to access the complete set of ShareSync features and functionality. Administrators can track external user activity in the audit log and control data with remote wipe.

Data Protection

ShareSync was designed to ensure a high security of data, to help reduce the chances of data being accidentally deleted, and to help provide easy ways to restore and recover data should it be lost.

From a service architecture perspective, every ShareSync file is replicated to redundant storage clusters to help minimize the risk of data loss. Additionally, each user’s data is fully isolated from every other user’s data.

In the unlikely event of a service outage, users can still access all their locally-synced data.

ShareSync co-editing features help to prevent file overwrites and conflicts. File versioning allows users to easily restore previous versions of all files stored in ShareSync.

If a file is deleted, it is moved to a recycle bin, where it can be restored. Administrators can restore deleted files and prevent permanent deletions.

Infrastructure

ShareSync is backed by a 99.999% uptime guarantee. No other file collaboration service offers a comparable uptime guarantee.

ShareSync is delivered through a data infrastructure comprised of:

  • Multi-tenant platforms secured with redundant firewalls, multiple Intrusion Prevention Systems
  • Facilities with dedicated, full-time certified security personnel and rigorous physical security measures

Compliance

ShareSync takes strict security measures to reach regulatory compliance across industry and vertical-specific standards.

Data Privacy, Integrity and Security Standards

  • SOC 1 – SOC 1 are specific assurances for businesses that use ShareSync as their internal controls over financial reporting. These regulatory guarantees are necessary for Sarbanes-Oxley (SOX) compliance.
  • SOC 2 Type II - ShareSync has a SOC 2 Type II audit report from an independent auditor who has validated that, in their opinion, our controls and processes were effective in assuring security during the evaluation period. ShareSync is audited company-wide, not just at the datacenter level. Additionally, while some service providers may only choose to be audited against one or two of the five trust service principles (security, availability, processing integrity, confidentiality and privacy), ShareSync has been audited against all five.
  • US-EU & US-Swiss Safe Harbour - ShareSync is registered and certified with the US Department of Commerce for privacy under the Safe Harbor program. This stringent set of requirements ensures any certified provider has established an in-house program, identified a privacy officer, met all the provisions for proper disclosure of its privacy practices, and offers mechanisms for feedback, opting out, and dispute resolution.
  • PCI Data Security Standards (PCI DSS) - The payment processing system utilized by ShareSync has passed the strict testing procedures necessary to be compliant with the PCI Data Security Standards (PCI DSS). This helps ensure that your payment information will not be accessed by unauthorized parties or shared with unscrupulous vendors.

Vertical-Specific Compliance

  • HIPAA - The Health Insurance Portability and Accountability Act mandates a set of regulations protecting the privacy and security of patients’ confidential health information, including when and with whom that information can be shared.

ShareSync and HIPAA Compliance


For many organizations, the decision to move to the cloud is about economics; the cloud provides greater value than an on-premises deployment. For healthcare providers or organizations that work with Protected Health Information (PHI) though, there is a consideration beyond economics; the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Here is how this impacts you: you need to make sure that your cloud service providers can support HIPAA compliance—because if they are not able to, you will not be able to achieve or demonstrate HIPAA compliance.

ShareSync services are designed to meet the privacy and security requirements for Protected Health Information. Our privacy and security policies, procedures, technologies and services are audited annually by a third party, and we will execute a HIPAA Business Associate Agreement with Covered Entities.

File Sharing and Syncing

  • HIPAA imposes an absolute responsibility for maintaining the privacy and confidentiality of patients’ health records, both at rest and in transit. This means you have to provide and control multiple levels of access to that information for the many people who collaborate on patient care and related services—that is, your many diverse partners as well as your staff. And you have to be able to monitor and audit all health information file access, use and change, both inside and outside your organization.
  • Integrity. To secure electronic protected health information (ePHI) from improper change or destruction, you must control not only who has access to what information but also who can change a file and when.
  • Mobility has come to medicine. You may already deploy authorized mobile devices, such as Wi-Fi-connected cart-based PCs in hospital wards and personal tablets for clinicians. Chances are, more and more staff want and need to connect with your network-based applications and files from mobile devices, whether issued by you or purchased by them (a trend known as BYOD, or bring-your-own-device). Mobility adds another significant layer of complexity to the task of providing secure, HIPAA-compliant file access.

Mobility and HIPAA Compliance

ShareSync offers doctors, medical researchers and medical administrators a quick way to securely back up and share files that contain PHI. ShareSync supports HIPAA compliance and signs HIPAA Business Associate Agreements with its customers.

File Sharing Compliance - Improve Healthcare Coordination

ShareSync helps teams inside and outside of healthcare organizations work together by streamlining the secure sharing of administrative and patient information. Medical departments rely on extensive file sharing of test results, patient data and lab practices. Traditional methods of sharing files over email, FTP and USB drives have security flaws, and often run the risk of violating HIPAA, HITECH and FDA regulations. ShareSync allows you to securely share sensitive files behind the firewall, without a VPN.

ShareSync also offers organizations a secure method to share specific folders and files of any size. ShareSync enables users to create shared, permission-based folders, for collaboration across internal and external teams. Individuals can use ShareSync to ensure specific files are sent securely by creating password protected web links.

Collaborate on Research

ShareSync allows for secure collaboration across multiple departments inside healthcare organizations and with outside contracted research partners. Collaborate on research, journals, grants and teaching materials. ShareSync has Microsoft Office plugins that help distributed teams and departments work together on the same set of files, as if they're in the same office.

Increase Productivity

Keep materials available in real-time to remote employees out in the field. ShareSync gives agents access to the latest files, through virtually any device.

ShareSync includes features like automatic file versioning that ensures when a change is made to a file stored on ShareSync, a newer version is automatically created and added to the folder containing the earlier version. File versions are time-stamped and include the name of the user who made changes to the file.  Users can even subscribe to be notified when changes are made by other collaborators.

Security Control, Visibility and Auditing

Saving critical company data such as lab results and drug approval processes on personal laptops or mobile devices can lead to serious security issues. ShareSync addresses the security needs of medical companies by providing complete control over folder access and real-time visibility on all user activity.

Administrators can deactivate user accounts as needed (e.g., when an employee leaves the company) and easily assign and revoke permissions on any folder. ShareSync also provides administrators with a rich set of controls such as audit reporting, administrative access to all ShareSync content, retention policy for past file versions and delete files, external sharing policies, and remote wiping of lost or compromised devices

Customer Data on ShareSync

  • 256-bit encryption for at-rest and in-transit data.
  • Unique encryption key for each account (much better than sharing keys between customers)
  • SSAE 16 SOC2 Type II Reports.
  • Reporting and audit trail of account activities on both users and content.
  • Administrators can remotely wipe data from any registered device.
  • Ability to grant specific access permissions to each collaborator.
  • Locking features to prevent overwrites, conflicts or deletions.
  • Secure file links sent inside and outside your organization.

Datacenter

  • Global Intrusion Prevention System protects cloud services.
  • Datacenter-level backup and file replication protects against loss or corruption of information.
  • Datacenters guarded by video moni­toring, motion detection and access control technology as well as 24/7 security personnel.

ePHI Security and Integrity

  • Security systems that guard against unauthorized access to ePHI during electronic transmission, whether in email and attachments or during the file-sharing process.
  • Both electronic and physical security to protect ePHI wherever it is stored.  Technology and policies to secure ePHI from improper alteration or destruction.

BEAR assures HIPAA Compliance.

ShareSync covers your HIPAA needs.

For more information about ShareSync’s HIPAA features, or to request a live product demonstration, please call (888)ONE-BEAR.

How ShareSync Beats Dropbox

Learn why ShareSync from BEAR Technologies is a better solution for your business than DropboxShareSync-Logo_1000x702

ShareSync offers greater security, control, and integration.

 

When it comes to sharing photos and storing family recipes, Dropbox is wonderful. That’s why it’s so popular with consumers.

Because people are so used to using it at home, millions of users have brought Dropbox into their work environment. According to Osterman Research, Dropbox has found its way into 70% of companies.

This is a problem. Because, when it comes to business, Dropbox’s consumer roots show through. It’s not right for business. In fact, Dropbox ended up on Bloomberg BusinessWeek’s list of top banned apps because there are many file management use-cases for which Dropbox will actually leave you vulnerable.  Click here for a document comparing ShareSync with other popular cloud storage services.

 

Here are 6 reasons why Dropbox isn’t secure enough for business.

1.       Dropbox has limited integration

With Dropbox, you get limited product integration across the tools you use every day. Dropbox doesn’t play well with Office, Exchange and Outlook. There is no easy Active Directory integration and you can’t use Exchange Distribution Lists to quickly share content with groups.

Syncing, sharing and content protection features

  BEAR Technologies
Dropbox
  ShareSync Business Personal
Share files and folders as web links   No password protection No password protection
Multiple folder permission levels

 

At-rest & in- transit

 

 

Microsoft Office integration

 

Save as, share, lock, & restore versions

 

 

Microsoft Outlook integration

 

Share any file configure settings

 

 

Share across Exchange Distribution Lists

 

 

2.       Users cannot set granular permissions.

Business users collaborate on files differently than individuals. Business collaboration requires granular control over permissions to ensure appropriate access levels for dozens of collaborators and stakeholders.  This protects against accidental overwrites or deletions, but it also preserves security and secrecy. In this regard, Dropbox falls short as it doesn’t let you customize read and write privileges for individual users.

 

3.       Data encryption is limited.

If you are storing financial reports, strategy documents or competitive analyses, you want them protected. But Dropbox has limited encryption and security features that can leave your data exposed. Your data is sitting on the same public cloud next to content from millions of other users, without adequate isolation.

Security and control features

  BEAR Technologies
Dropbox
  ShareSync Business Personal
Data Encryption

 

At-rest and in-transit

Unencrypts files for deduplication Unencrypts files for deduplication
Account-level encryption key

 

99.999% SLA

 

User management

 

 

4.       You cannot set different sharing permissions for sub-folders.

Sometimes a subfolder will contain data that should not be shared with everyone who can access the enclosing folder. But Dropbox doesn not let you specify permissions for sub-folders. To protect your data, you are forced to redo your entire folder structure. A business tool should adapt to your business processes, not force you to change them.

Syncing, sharing and content protection features

  BEAR Technologies
Dropbox
  ShareSync Business Personal
Multiple folder permission levels

 

Group Sharing

 

Secure External Sharing

 

Share files and folders as web links

 


 No password protection


No password protection 

Microsoft Office integration

 

Save as, share, lock, & restore versions

 

 

Microsoft Outlook integration

 

Share any file configure settings

 

 

 

5.       You cannot share password-protected web links.

Dropbox is great for sharing photos and videos between friends, but what if you want to share files over the web with a secure password? Or what if you want to add a password to a file you have already shared? When you send a business file with Dropbox, you lose control over who can access the file.

Content protection features

  BEAR Technologies
Dropbox
  ShareSync Business Personal
Lock files for editing  
Different sharing permissions for sub-folders

 

Full text search in desktop, mobile, web

 

 

 

6.       You cannot lock files for collaborative editing.

There is nothing worse than losing productivity while you try to sort out version conflicts. If you are working on a file that’s shared with multiple people, you want to be able to lock it so nobody else can overwrite it. Dropbox does not support locking files for editing—and this lack of protection risks the resiliency of your data.

Integration features

  BEAR Technologies
Dropbox
  ShareSync Business Personal
Active Dir. integration  
Control panel for all services

 

 

 

Employees love Dropbox so much because it is so simple to use. Which means an out-and-out ban on Dropbox will probably not be effective in your organization. In fact, IT is often unaware when employees start using Dropbox, so a ban may just drive users underground and increase the risks that much more.

 

To get the behavior you want out of your users, you need to provide file sync and share tools that enable the exact same functionality—but without the business risk. When it comes to getting employees to drop their Dropbox, the user experience is key.
Read more at Yahoo Small Business Advisor

What Cloud Computing Means for Small and Medium Businesses

The Definition of Cloud Computing

How can Cloud IT Services Benefit my Business?

Free yourself from traditional IT with Cloud Services

Cloud computing is managed, shared applications, development platforms, or computing infrastructure accessible via the internet. It provides options such as bandwidth and on-demand computing power with flexible capabilities normally purchased as a metered service.

Read more...

Hosted Microsoft Exchange | Email in the Cloud

Hosted Microsoft Exchange Email Server

E-mail Solutions In the Cloud

A complete E-mail service is critical for your business to function properly.

Exchange can give your company many powerful tools. By implementing these tools your organization can significantly improve the productivity of your staff. Without proper configuration, however, your company will run into issues that can potentially cost your company a lot of money in wasted productivity.

Read more...

Hosted Server and Infrastructure

Virtual Server

Your Server, In the Cloud

Take your server to the cloud and eliminate hardware and utility expenses.

The cloud is everywhere. Many businesses are unaware of the benefits that cloud computing can offer in the form of server and infrastructure hosting. Many small and mid-sized businesses can see benefits from adopting Bear Technologies®'s hosted solutions into their company computing interface.

Read more...

Cloud Hosted, Desktop Virtualization Solutions

Virtual Desktop - Desktop Virtualization Solutions

Virtualized Desktop Solutions from Bear Technologies®

Introducing your desktop delivered from the cloud.

Business owners and executives are always looking to save money. By using virtualization techniques it is possible to load all of your essential programs into a cloud environment, and then deliver them, on your employees workstations. Centralizing a worker’s digital environment in the cloud allows workers to access the data they need from all types of devices, such as smartphones and tablets, using a web browser. This minimizes the cost of support. Bear Technologies® has Hosted Desktop Solutions that do just that.

Read more...

ShareSync - Secure File Sharing with Your Business in Mind

Cloud IT Solutions | Cloud Hosted Technology Solutions

Cloud Computing Services

Cloud Computing for Business

The future of small and medium business technology that will save you money and increase efficiency.

Companies are starting to utilize cloud computing in higher concentrations. The recent boom in the capabilities of utility computing in the cloud presents many small and midsized businesses with alternative ways of substantially enhancing production anywhere there is Internet access. Cloud computing presents solutions for any of your businesses problems; from e-mail, to communications, to a full-scaled hosted infrastructure. In this way cloud computing is presenting companies of all sized considerable benefits.

Read more...