What Do You Use? - Send/Receive Large Files, Securely
-
As far as security, we are not a public company or one that needs to adhere to hippa etc. That being said, we don't want just anyone accessing the data so I am thinking client side encryption would be the way to go.
-
@Dashrender said in What Do You Use? - Send/Receive Large Files, Securely:
Prezip the contents with password protection and then transport it anyway you want.
That's not secure at all..
-
Sending files securely has been hard and will continue to be for the time being. First off, good on you for trying to explain to users that email is not really meant for file transfer. There are a variety of security issues with using email for sending sensitive docs, but you obviously know that already. Here are some options:
Client-side software- arguably the most secure since the encryption occurs "pre-internet." Assuming all users are able to install the software (many companies have strict policies on what can be installed) and have the "know-how" to use the software (i.e. they are computer-literate) then this can be a great option. There are freely available tools for this exact purpose (e.g. axcrypt). The downside, is you still have to figure out how to send the files. In your situation with the 15MB limit, this may not be the best solution.
Server-side software (self-managed)- people have mentioned ownCloud. This is definitely an option, but you either have to deal with installing it yourself or running it on a provider. Assuming you don't want to set it up yourself (you may not have the time, trust that you'll set it up correctly/securely, etc.), you are then relying on a third party to host it for you. In my opinion, at this point you are no better off (security-wise) than using a service that does it all for you (which leads me to the next option...).
Secure file service- there are a ton of providers in this area. Generally, how they work is your users upload a file, the provider stores it, and provides a URL for file download. Not all providers are equal- make sure they encrypt the files on their servers and not only during upload/download with HTTPS, also password protection is likely a feature you'll want, otherwise anyone with the link can download the file(s). I Googled "send files securely" and the first result looks like a good option, https://www.sendfilessecurely.com.
Best of luck!
-
@wrx7m said in What Do You Use? - Send/Receive Large Files, Securely:
I don't think it is even out yet.
Couple weeks. You can use ownCloud 9 in the meantime, though.
-
@JaredBusch said in What Do You Use? - Send/Receive Large Files, Securely:
@wrx7m said in What Do You Use? - Send/Receive Large Files, Securely:
@aaronstuder Any idea what the difference is between supported providers and other providers for owncloud? Aside from the obvious- but I don't know what supported entails.
Most likely, but never stated. Agreements with ownCloud.
My expectation is this... it's just service providers that they themselves are getting support from ownCloud.
-
Did anyone mention OneDrive for Business? If you have Exchange via Office 365 you can get this all integrated. When we send a large file, it prompts us how to do it and by default it uses ODfB. If the user is lazy, that's what it will do. And it's basically transparent on the receiving end as well.
-
@Jason said in What Do You Use? - Send/Receive Large Files, Securely:
@Dashrender said in What Do You Use? - Send/Receive Large Files, Securely:
Prezip the contents with password protection and then transport it anyway you want.
That's not secure at all..
Why not?
We use wetransfer.com
-
For a direct send of large files, without anything to install anywhere, https://instant.io/ is really cool
In a more corporate env and keeping files after (shares etc.), owncloud/its new fork.
-
I know the person who hosts this.
All files wiped after 48 hours. Everything encrypted. Surprisingly fast bandwidth too.
-
@Breffni-Potter What do you mean "everything is encrypted?" That site provides zero details. Do you mean they use HTTPS? They encrypt in storage? If so, what type of encryption? What about the keys? etc. It's a pet-peeve of mine when I see something claim it's "secure" without any explanation. I've seen many of these services buy a $10 SSL cert and then claim they are encrypted and therefore secure.
-
@Andy44 said
@Breffni-Potter What do you mean "everything is encrypted?" That site provides zero details.
Sure. I'll ask the creator for the exact specs.
@Andy44 said
It's a pet-peeve of mine when I see something claim it's "secure" without any explanation.
But how can you be worried about the technical security when you recommend a service which has no credibility?
https://www.sendfilessecurely.com/default.aspx
Who are they? Where are they based? Can I trust them? They are saying a lot of the right things technically but like...yikes. They want people to trust them with every confidential record under the sun but there are lots of very big questions.
-
@Breffni-Potter The site I listed is as credible as any other site. At least they have contact info, details about their security (https://www.sendfilessecurely.com/technical-security-overview.aspx), where they are based/hosted (https://www.sendfilessecurely.com/where-are-files-stored.aspx), etc. I get that sites like the one you listed are going for the "minimalistic" look and feel, but come on... no contact info, no details, just a statement that they are fast, easy, and secure.
-
@Andy44 said
@Breffni-Potter The site I listed is as credible as any other site. At least they have contact info, details about their security
The links you have posted don't have any credibility.
Where is the contact info and details about the company?
Any site which wants to take credit card details needs a LOT more credibility than an obfuscated email at the bottom of the site. The site has risky written all over it, from the suggestion you use it for your most confidential data, to it's invisible presence.
@Andy44 said
but come on... no contact info, no details, just a statement that they are fast, easy, and secure.
Yes, a statement from me. It is a free website which lets you use up to 1GB. The owner of said site is a good personal friend of mine. It is available for anyone to use. No one is forcing you to use it.
-
We're using a self-written one-time uploader.
Step 1: User or customer is using a form on a HTTPS protected site to
- Enter his mail address
- The recipients address (restricted to our team) and
- Upload a file
Step 2: Recipient gets a mail with a one-time link
Step 3: Within 7 days the recipient can download the file exactly one time. It will be deleted as soon as the last byte has been sent.
Step 4 (optional): In case the file wasn't downloaded within 7 days, it will be deleted by the system. Sender and recipient will get a notificationWasn't written by me, but should not be too complicated.
-
@thwr said in What Do You Use? - Send/Receive Large Files, Securely:
We're using a self-written one-time uploader.
Step 1: User or customer is using a form on a HTTPS protected site to
- Enter his mail address
- The recipients address (restricted to our team) and
- Upload a file
Step 2: Recipient gets a mail with a one-time link
Step 3: Within 7 days the recipient can download the file exactly one time. It will be deleted as soon as the last byte has been sent.
Step 4 (optional): In case the file wasn't downloaded within 7 days, it will be deleted by the system. Sender and recipient will get a notificationWasn't written by me, but should not be too complicated.
Ah, what I forgot... In case you want to send someone outside the file (so not receiving), you need to send it to yourself. Just forward the mail / link to the intended recipient et voila. Not works as good as a workaround
-
In the past, I've used zend.to to exchange files with clients.
-
@Breffni-Potter Right and no one is forcing you to use the site I mentioned. Iām not sure why you are so hung up on this. I listed multiple options. I mentioned that there are many similar services to choose from. I selected one that from a security perspective appears to be doing everything right (at least as much as one can expect from this type of service).
On the other hand, you said everything was encrypted on the site you mentioned, so I asked what that meant specifically. I assumed you might know since you know the guy. So far, I've heard nothing about it.
