Send large files

File too big for an email attachment yet again?

We have all been there. After all, many email clients only allow for sending files up to 20 megabytes – given today's data volumes, that is not nearly enough. So what can you do? Users often resort to stopgap solutions they are familiar with, such as WhatsApp or Dropbox – a real nightmare for corporate compliance.

But that does not have to happen because there is a simple and secure solution: With Cryptshare, you can not only send large files, but also do so in a way that is compliant with data protection. And what's more:

Cryptshare is super easy to use – if you can use email, you can use Cryptshare. This makes both users and admins happy! It is simple: write a message, insert files via drag & drop, and click send. 

Want it to be even more convenient? There are integrations for Outlook and HCL Notes. And if you want to boost digitalization in your enterprise and connect an in-house tool, you can do so with our API. You take care of your work, and we will handle the digital logistics.

Our solution also works bidirectionally, which means that all of your contact partners can also send messages and files back to you securely and confidentially - without additional costs, training, or further effort. To learn more about how to enable secure digital communication for your entire workforce, try Cryptshare or ask us for a consultation!

Large files and data transfers in companies and organizations

Requirements for file transfers are constantly increasing:

In the modern business world, sending data is a regular part of everyday work - and will become even more important in the future. It is important for every organization to enable its staff to transfer large files of several gigabytes, and to meet the following requirements in particular:

Data protection requirements

In the European Union, the General Data Protection Regulation has been applicable law since the end of May 2018. With the aim of protecting personal data and ensuring the free exchange of data within the EU, it includes important rules that must be complied with - otherwise, there is the threat of severe penalties:

In accordance with paragraph 2, fines of up to EUR 20,000,000 or, in the case of a company, up to 4 % of the total annual worldwide turnover in the preceding business year, whichever is higher [...].

GDPR Art. 83 (5)

What is equally important, however, is that the GDPR also applies to data concerning EU citizens that is sent abroad from the area of application of the GDPR. This is because the data must be subject to at least the same level of protection there as is legally ensured by the GDPR. Today, files are increasingly stored in the cloud, and the largest providers of such services are located in the USA. This means that many data flows of companies and organizations are affected, which they are not even aware of at first. Files are often not consciously sent to the USA, but flow there in the background. Nevertheless, European organizations can be held liable for violations, especially since the European Court of Justice overturned legal foundations such as the Privacy Shield.

For companies as well as organizations, it is therefore important to always guarantee the prescribed data protection and to also ensure compliance with the GDPR when transferring large files.

Internal policies:

Companies and organizations often have internal guidelines concerning the sending of files. These also contain concrete guidelines on how to handle incoming and outgoing data and how to store them. For example, if an archiving system is connected. In this case, internal regulations determine what is stored, how and where.

Admins also like to use file type filters as a security measure to ensure compliance with internal guidelines. With these, they can ensure that only the file types they have defined as trustworthy are allowed and others are blocked. Such filters are mainly used when certain types of files are frequently used for malware attacks.

Protection against access by unauthorized third parties

What is already important for compliance with the GDPR for personal information also comes into play for data concerning one's own organization - when protecting one's own intellectual property. It is not uncommon for large files of several GB, often with content worthy of protection, such as patent applications or construction plans, to be sent electronically. To prevent industrial espionage or hacking attacks, it is necessary to protect such data in the transfer from sender to recipient(s) through effective encryption.

User-friendliness

This is one of the most important requirements for any software solution but is all too seldom given sufficient focus. Ultimately, however, user-friendliness determines whether a solution for secure data transfer is used in practice. If such a solution is too cumbersome or complicated for the staff, it will not be used in everyday work - no matter how technically sophisticated it may be. It is crucial that the solution can be used quickly and easily by all employees and that it works without much training. Simple rollout, simple integration into existing work processes, simple handling: this is what makes users and admins happy!

Data volumes are growing rapidly - how large files are created:

Data has enormous importance across industries and needs protection in different gradations. With powerful software, employees create large files of several gigabytes daily, e.g., with Microsoft Office programs such as PowerPoint and Excel, databases, and through CAD files, videos, or PDFs. With new technologies, the quality of data sets is increasing - and so is the amount of data, file size, and storage space required for them.  
             
Data unfold their true value when they are shared with others and can thus be worked with. For example, when even large files such as an MRI scan can be sent quickly and easily to a specialist to obtain a second expert opinion. What is important here is that such transfers are secure and data protection compliant through encryption. Your workforce wants to work with files in different locations and devices, and many of the recipients who share data are outside your organization. So, how can file transfers be made secure and privacy-compliant? After all, such transfers involve important and confidential aspects of your business.

Not so long ago, physical media were used to transfer such data. On these, the information was stored and then shared with the recipients. In the end, however, DVDs, USB sticks, and similar could not keep up with developments and became increasingly impractical for transferring large files in particular, especially in the business sector.

There were good reasons for this:

• The size limit of the data carriers, which could not keep up with the maximum file sizes indefinitely: The available storage space was then simply no longer sufficient.

• The postage costs for shipping: Especially in total, considerable sums could quickly arise.

• A lot of shadow IT was created, and data sovereignty was lost very quickly: it simply became impossible to track how many data sets were on the move and where.

• For malware, physical data carriers are a gateway that hackers like to use: where it is common to work with USB sticks, the threshold for their use is quite low. It is sometimes sufficient to label a suitably prepared data carrier with an "employee salary list" or similar, to deposit it in a company car park, or even to drop it by drone. If just one staff member cannot resist curiosity and plugs the stick into their computer at work, the integrity of IT within the organization is over.

Nowadays, it is common to send large files digitally. This is faster, easier and saves money. But there are also many pitfalls to be aware of.

How large files are usually sent digitally:

The corporate approach

To make these decisions, people often narrow their view too much; they then take a closer look at complex and costly tools like SMIME or less secure solutions like in-house FTP servers. Standard email and cloud solutions such as Dropbox or Gmail are also often chosen as the fastest way to share any file at any time.

Cloud services are popular, especially when there is a requirement for a large amount of storage space, but these are not always the most sensible solution. For many organizations, it is important to retain data sovereignty and to be able to guarantee that no data flows in the background to the large cloud providers in the USA. However, due to the US-CLOUD Act of 2018, it is not enough if the server with the relevant data is located in Germany; as long as the parent company is American, US authorities still have access rights to the data. This also affects some providers of secure communication, such as WeTransfer. Although this company is based in the Netherlands, it also uses servers in the USA for its cloud, where data from users' transfers is stored. US authorities, therefore, also have access to this data in principle. To prevent this and ensure data protection at the GDPR level, EU companies with servers in the EU are needed. IT decision-makers in companies and organizations must be absolutely clear about this point!

Data storage in the USA is not subject to such a strict legal framework as in the European Union. Although the California Consumer Protection Act (CCPA) in California gives consumers more rights over the use of their data, it is still in a pioneering role. It is only bindingly in force in the state of California. While in this country, data protection for those affected is the focus, in the USA, commercial interests are given greater consideration. Therefore, data transfer to third parties without the explicit consent of the data subjects is common practice there in many industries, whereas this is prohibited in the EU by the GDPR. In principle, companies and organizations in the US have much more discretion than their European counterparts as to how strong their data protection should be. In shaping this leeway, the high commercial value of the data is, therefore, very high on the list of priorities.

The legal requirements for data storage and handling are fundamentally different in the EU than in the US. Companies in the area covered by the GDPR must, therefore, keep a close eye on where their data goes - especially when it comes to sending large files.

Sometimes, organizations and organizations already have solutions and services in place to send or receive data. At the same time, however, they are often not used, and the workforce switches to applications that they are familiar with from their private lives. These are usually not GDPR-compliant and have not been approved by the in-house IT. The resulting shadow IT, therefore, causes nightmares for the admins because they have no knowledge of which data of their company or organization is circulating where. However, shadow IT does not only occur when there is no solution for secure data exchange; it is already enough if the users find the solution too cumbersome or complicated to use.

Once workarounds have become ingrained in the daily work routine of the staff, it is difficult to get rid of them again. It is,, therefore,, all the more important that organizations prevent such workarounds from the outset by providing their staff as early as possible not only with a communication solution that is secure and compliant with data protection requirements but also one that can be easily used by all employees.

In the everyday work of the workforce

There are many ways to send large files of several GB from the sender to the recipient. Employees are familiar with many providers of such services from their private lives, such as DropBox, WhatsApp, OwnCloud, or WeTransfer. But this is exactly what can become a problem for any organization.

Solutions from the consumer sector are especially unsuitable for sending data subject to external or internal compliance requirements. They do not always use encryption, and the transport route over which the data is sent is not necessarily protected from access by unauthorized third parties. Moreover, such solutions undermine the data sovereignty of organizations. Dropbox, WhatsApp, WeTransfer, and the like are quickly used but leave the IT department completely in the dark about what data flows out, when, and where.

Nevertheless, employees like to use such solutions as a workaround. Why? Many users are indeed unaware of the catastrophic consequences for their own organization of "just quickly" sending large files via unauthorized channels when they use them all the time in their private lives anyway. Even more severe, however, is the fact that services for private use are just that: "simple" and "fast", especially in use. In the case of doubt, this usually trumps any security concerns.  

Even if companies have provided approved options for securely sending large files, these are often avoided and bypassed by the workforce. This circumstance is also closely related to the high user-friendliness of the offers and their familiarity from the private sector.

Conclusion for organizations and companies:

The security of solutions for sending large files must, therefore, by no means be at the expense of user-friendliness!

Experience shows: If your organization does not provide a solution that is easy for your staff to use, they will be tempted to find workarounds. As a rule, they then use old familiar - and unapproved - means over which your IT has no influence.