Expert Interview Series: Matthew Seto of Topia Technology on How To Secure Your Electronic File Sync And Storage Network
by Andrew Mullen on May 10, 2017
Thanks for agreeing to take part in our Expert Interview program! This is a great opportunity to promote yourself as an industry influencer, as well as earn a high-ranking link to your website. Once you've successfully completed this interview, we have plenty of additional opportunities for interviews with other powerful Media Shower customers.
Matt is the Product Manager for Topia Technology’s flagship EFSS solution, Secrata.
To start, can you describe what enterprise file sync and storage (EFSS) is, for people who aren't familiar with the term?
Modern enterprises run on documentation, employees are becoming mobile, and BYOD environments are causing complex problems for security. Employees need access to their files from virtually anywhere, and without an easy means of getting those files, they will often resort to unsecured sharing methods like email.
Enterprise File Sync and Share services, like Secrata, help to alleviate the problem of accessing your sensitive documents and sharing them with others. Using an EFSS service you can securely retrieve your files, upload new documents, or share your work with other users. EFSS aims to do this securely so that you don’t need to use unsecured sharing methods.
Topia Technology started with file sync and storage back in 1999. How much have you seen cloud storage and computing change in that time? What have been some of the biggest changes you've seen in the last 18 years?
Topia has been working to secure government data for some large clients for many years, but has only released Secrata, out EFSS solution, in the last few years. The marketplace for EFSS systems is robust, with a lot of large companies pushing into the marketplace. Secrata’s differentiator is that we do security differently. Secrata does not rely solely on SSL/TLS for data in transit. Secrata shreds files, then uniquely encrypts each shred before wrapping in SSL for transit. This method of security means that Secrata offers true end-to-end encryption and is impervious to SSL exploits like Heartbleed and DROWN. With this extra security step in place, we are proud to offer the most secure EFSS solution in the market.
Topia Technology has worked with some huge clients, with some exacting security protocols - US Army, FAA, Air Force, and TSA. What did you learn about electronic file sync and storage working with huge clients with demanding security needs?
Government agencies certainly have exacting security demands that must be met. Secrata’s hallmark is that it offers the same military-grade encryption and security to all of our clients, regardless of whether or not they are a government agency, a Fortune 500 company, or a tech start-up. We believe that your data is precious to your company and we offer you all the tools to secure it, while easing workflows for your employees. Topia takes a great deal of pride in offering unique shredding and encryption, end-to-end.
These clients had some exacting performance metrics, as well, which is common for government agencies. What were a few of these performance metrics, and how did you meet them?
These agencies each had their own specific performance and security standards. In the high-security era that Topia has operated in we have had to be agile and adaptive to specific requirements from top-secret organizations at the federal level.
I can’t speak to specific metrics or requirements from these agencies, but I can assure you that our work in conjunction with these partners has strengthened the positioning of cybersecurity for those agencies, and directly impacted our own EFSS solution, Secrata.
There has been a growing concern about data breaches, after a few high-profile infiltrations, from Blue Cross/Blue Shield to Ebay and Ashley Madison. What are a few data-security risks that anyone using cloud storage or EFSS needs to be aware of?
First and foremost, Secrata offers enhanced end-to-end shredding and encryption that is not offered by other EFSS providers. I mentioned before that data is shredded and encrypted before ever leaving the machine because each end point client handles the security. This procedure interdicts man-in-the-middle attacks that can exploit SSL/TLS protocols. Anyone investigating EFSS for their enterprise should pay particular attention to how that service offers data security while in transit, because there are some solutions that offer only SSL security which has been proven time and again to be exploitable.
Secondly, enterprises must be cognizant of how their employees are managing their files. I have heard from multiple CISOs that they have discovered their employees using unauthorized third-party apps to share files with unsecured users. Perhaps the most egregious is the use of web-based email to send sensitive documentation. CISOs are continually preaching the need to unify file sharing under a secure product, and EFSS attempts to bridge that gap.
Finally, and this is true of any security product, employees must be aware of proper password and security best practices. Simple changes like having different passwords for different accounts, increasing password complexity and using 2-factor authentication when available will go a long way to preventing disastrous data breaches.
You are one of the principle developers of Secreta, a military-grade EFSS encryption software. What makes Secreta so secure, beyond most commercially-available data security solutions?
I am the product manager for our EFSS product Secrata. Secrata takes great pride in our patented, enhanced encryption process that goes above and beyond industry standards to mitigate potential threats of protocol exploits.
Topia Technology grew up in the DoD space with heavy security demands from US Homeland Security, TSA, US Air Force, and other high-profile government agencies. With Secrata, we are happy and proud to offer the same security defenses that were developed for those agencies to any client who understands the risks associated with distributed enterprise file sharing.
What are some things that are particularly challenging about securing the data of an entire enterprise? How can enterprise-level EFSS security help negotiate some of these challenges?
CISOs and IT staff continually struggle to keep their staff on a unified, secure system. In some cases, that system exists but users are reluctant to change their workflows. Our team strives to leverage our unparalleled security with a simple and intuitive interface. We want users to integrate easily into the product and maintain as much of their existing workflow as possible. Our team is hard at work cultivating the user experience of the product such that we can get users to willingly change their workflows instead of being forced to by their IT team.
Secrata is the most secure EFSS product on the market, but that doesn’t mean it is the most complicated.
The enterprise IT team should always bear this in mind as they investigate new solutions for their employees. EFSS can solve a lot of security problems for an enterprise by being a unified source of sharing that IT administrators can manage, but the product must be simple, easy to use, and onboard users so that there is limited pushback to new tools.
With so many professionals using their phones for absolutely everything, including business, do you have any advice on how to secure EFSS across mobile devices? What are some benefits of having secure mobile EFSS?
The age of BYOD has introduced a new variable into the EFSS market. Employees now demand that they have access to their files and documents from the convenience of their own mobile devices, exposing a new endpoint for potential data interception. Years ago, the EFSS market had not fully matured to manage mobile devices, but in this day and age it is sacrilege to omit mobile devices from an EFSS strategy.
Virtually all EFSS platforms offer mobile clients. It is imperative for these platforms to provide ample security across mobile devices.
A few years ago, EFSS was still particularly vulnerable, causing many data security specialists to advise having on-site servers. How can secure EFSS help remove the need for on-site servers, for those that don't have that luxury?
The security realm as a whole has undergone a massive shift in recent memory. Cloud infrastructure providers have made significant strides in ensuring physical and electronic security. For this reason there has been a shift to cloud service providers to augment or replace on-premises server setups.
Cloud-based EFSS is a natural progression of this shift. Enterprises are beginning to trust these infrastructures more, and are able to offload a significant portion of their maintenance and service to a cloud service provider. Enhancing the security stance of a CSP with Secrata confirms an enterprise’s decision to move their servers and services into the cloud. It is important, however, that the enterprise have ownership to the encryption keys. Often with multi-tenet cloud infrastructures, the provider owns the keys, which means the enterprise data is at risk of being exposed. That’s why Secrata, whether deployed in a public or private cloud infrastructure ensures that the enterprise maintains ownership of the encryption keys and only the enterprise has access to its data.
What are a few of the most common misconceptions that most customers have about EFSS that would like to set straight? What are the risks of maintaining those misconceptions?
EFSS has exploded in recent years, but it is important to remember that not all EFSS solutions are created equally. There are so many specific aspects and components to an EFSS solution that providers prioritize differently. In the case of Secrata, we have chosen to prioritize security as the single cornerstone of our product. This is why we call ourselves the most secure EFSS solution on the market. Other EFSS solutions are available to address different business needs, some are slim and simplified, while others are complex and offer a suite of tools for collaboration or editing.
The misconception that all EFSS solutions are the same is inaccurate and enterprises must evaluate what their own priorities are for a potential EFSS solution. If you would like to discuss options for EFSS solutions, or would like to start a Secrata trial period, please reach out to Topia Technology at http://www.topiatechnology.com/contact/
Want to learn more about how cloud-based storage can help your business? Learn more about the TalonFAST solution today!