What happens when users fail to use the proper security settings when they upload files to the cloud?
In the case of select Microsoft Office 365 users recently, the inadvertent exposure of private information — everything from password lists and job acceptance letters to investment portfolios, divorce settlement agreements, and credit card statements.
Some of the documents in question contained a treasure trove of personally identifiable information, including Social Security and driving license numbers, birthdates, phone numbers, and email and postal addresses.
Here's What Happened
The issue involved data stores on the Microsoft site Docs.com. A part of Office Online, Docs.com is an internet site for publishing Office documents that anyone can find, browse and share.
For a time, Microsoft really provided what it promised — because anyone could actually search through millions of files for sensitive and personal information.
Most document and file sharing sites default uploaded content to private. But on Docs.com, users apparently had to opt-in to keep their information private because Microsoft set the default setting on all documents uploaded to the site as "public." That means the information was findable through the site's search engine/
The issue was discovered late last week when users realized a wide array of information from Word documents, Excel workbooks, PowerPoint and Office Mix presentations, OneNote notebooks, PDF files, Sway stories and Minecraft worlds was surprisingly easy to find.
Microsoft pulled the search feature from the site, but then restored it after adding some search restrictions. In a statement released to ArsTechnica, Microsoft explained:
“Docs.com lets customers showcase and share their documents with the world. As part of our commitment to protect customers, we're taking steps to help those who may have inadvertently published documents with sensitive information. Customers can check and update their settings by logging into their account at www.docs.com.
Too Much Information?
There is a massive business issue here and not just with Docs.com.
Josh Eddy, director of product marketing at security vendor CTERA’s, told CMSWire situations like this underscore the dilemma many businesses now need to address.
“Accidental oversharing via Docs.com highlights how many businesses have failed to adopt proper controls and tools to keep private files from leaking. This is just the most recent in a series of major cloud exposures over the past two years, a period that has seen the breach of information about more than 3 billion users from major clouds, including Dropbox, Yahoo, Adobe, Evernote and many others,” he said.
“Despite these setbacks, businesses understand they must embrace cloud technology to stay competitive. But enterprise IT needs to recognize that not all clouds provide the same information security, and need to increase the importance and thoroughness of data privacy considerations in their decision making. Only then can they curtail data leaks.”
In other information-related news ...
Google Removes SMS Service From Hangouts
Google is removing its SMS messaging support from Hangouts on Android after May 22.
According to an email sent to G Suite administrators and Reddit, the change will prevent anyone using Hangouts as both a Google messaging app and their primary text messaging app from sending SMS texts.
“Users will be prompted to choose another default messaging app already installed on their phone. If none exists, they will be directed to the Google Play store to find a new SMS messaging app. Choosing a new messaging app will not impact existing SMS messages. All messages will be accessible in the new messaging app,” the email explained.
The change only affects text messaging. Google Voice numbers are still supported.
It’s not clear why Mountain View, Calif.-based Google is doing this and it didn’t explain. So let’s speculate. A few weeks ago, Google unveiled new ambitions for Hangouts and announced it wanted to turn it into a better workplace took for communication and collaboration.
The Hangouts SMS feature is more customer orientated and doesn’t really fit well with an enterprise application, especially one that potential has access to enterprise documents. The easiest thing to do and the best way of reassuring enterprise admins that content is secure and that nothing will leak through SMS is to simply get rid of it.
Further, a consumer-grade SMS service doesn't fit well with the new Hangouts Meet and Hangouts chat for business users Google unveiled at its Cloud Next conference.
HelloSign’s New Workflow Offering
San Francisco-based HelloSign just released HelloWorks, a digital workflow product. Founded in 2011, HelloSign is the company behind one of the better-known e-signature platforms. By adding digital processes, it advances its goal of transforming paper processes to digital workflows.
Until now, digitizing paper processes meant converting the documents to PDFs and then incorporating those into enterprise processes.
However, these processes are typically high volume, directly relate to a business’ revenue stream, are highly complex and error-prone. Incomplete business workflows, including those hampered by obsolete PDF technology, can cost businesses between 11 and 25 percent of their revenue annually, HelloSign claims.
The HelloWorks solution makes both documents and workflows dynamic. It enables businesses to pull information from PDFs into other systems, applications and databases. It's also responsive, which means it’s easy to fill out the required information on any device.
In January, HelloSign released an updated version of its e-signature app, HelloSign for Salesforce on the Salesforce AppExchange. In March it released a suite of features designed to enable more advanced e-signature processes and expand the HelloSign API.
Access, DocuSign Partner
Livermore, Calif.-based records management specialist Access, now a part of Iron Mountain, announced an integration between FileBRIDGE and DocuSign's Digital Transaction Management (DTM) platform and e-signature service.
The integration aims to give users an entire life-cycle, compliance and documents storage offering across the enterprise.
San Francisco-based DocuSign offers e-signature capabilities on any device while the Access FileBRIDGE platform automates document-centric business processes and centralizes digital file management for better security, compliance and information governance.
Because of the integration, mutual customers will be able to use DocuSign's capabilities with FileBRIDGE to make sure critical business documents are securely managed through their lifecycle from creation of the digital record to its secure storage and access to compliant document elimination.