Peer-to-Peer File Sharing in the Corporate World

Peer-to-Peer File

Tiversa examines how Peer-to-Peer file sharing is works in the corporate world.

​Tiversa's longstanding mission has been to collect information in areas of the Internet considered difficult to monitor and index. Despite ever-increasing internet speeds, many important documents are just too large to send over email — Gmail, as an example, still sticks to a 25MB limit. Peer-to-peer (P2P) technology solves this problem by allowing file sharing directly between users. In contrast, traditional client/server storage systems keep files on a central server that individual users then access.

P2P file sharing features much of the same functionalities as cloud-based storage solutions despite their very different design philosophies: cloud storage hosts files across multiple servers and is usually accessed by individual users via the internet, while P2P connects users directly to each other, often through private networks.

Although cloud storage is incredibly popular among the average user, P2P is usually much faster and more secure. This additional security is especially important for hospitals, doctors' offices, schools, universities, and other organizations covered under federal HIPAA and FERPA privacy laws. Popular cloud file sharing services like Dropbox don't comply with privacy standards without the use of additional third-party tools.

Security Risks

Despite being more secure than cloud-based file sharing, P2P networks are still not 100% safe. Viruses and other malware are engineered to steal valuable data by targeting security flaws in business networks. If that wasn't scary enough, human error can also make files unintentionally accessible to the wrong people.

Compromised trade secrets and business plans can seriously damage a corporation's profits and even its reputation. Additionally, many companies are legally obligated to protect sensitive client information, such as credit card information, medical data, and Social Security numbers, to prevent identity theft and fraud.

Security Solutions

Some companies that deal with especially sensitive information ban P2P technology altogether. They use admin security controls to block P2P traffic and scanning programs to detect and block P2P software on their corporate networks. Below are additional measures that can be taken to minimize the risks of data exposure on P2P file sharing networks:

·         Using application-level file encryption

·         Setting up well-defended network servers and strong firewalls

·         Keeping passwords and encryption keys in a secure location

·         Maintaining consistent, company-wide file naming conventions that obscure the nature of the information contained to people outside the company — files shouldn't be named something like "Client Name tax information.doc"

·         Restricting sensitive files to designated locations

·         Blocking unapproved P2P applications and traffic using a firewall

·         Properly training employees about security risks and establishing appropriate standard operating procedures for P2P software

·         Taking additional steps to maintain security with non-network computers for remote access, such as implementing virtual private networks (VPNs)

Ideally, best practices for P2P file sharing will involve some combination of these measures, which are recommended by the Federal Trade Commission. By consistently applying these strategies, preferably under the guidance of an experienced IT security consultant, companies can minimize the risk of data exposure on P2P file sharing networks.

Source: Tiversa