Online all the time, anywhere with anything
Call Us: +46 8 50003170

Will sync be possible with GDPR?

OneDrive arkiv

Many users want to sync all data from their cloud service, I am trying to convinve that syncing is not a feaature for all files stored in the cloud. The feature is unfortunately not explained correctly by some vendors of sync solutions. In my favorite online storage product SharePoint is syncing about to explode. Now when Microsoft are releasing the new OneDrive, the problem with the old OneDrive sync was a nightmare,. I know that many of the users ditched OneDrive for solutions like Dropbox, and mostly the consumer version. This caused a nightmare for CISOs in order to keep data safe.

What are some of the problems with syncing?

  • Syncing will fill up your harddrive. Most users are now getting laptops with 128 or in best case 256 GB SSD disk, with 128 GB disk it will be a problem when syncing.
  • Syncing is only working on closed files, if you or any of your colleague are working on the file it will not sync. You will end up with 2 or more versions.
  • Some limitations will force you to redo your folder structure. The number of characters in the filepath are limited so if you have more than 3 levels of folders you have a problem.
  • Illegal characters in filenames or to many spaces, data is stored as bytes and space bar is stored as %20 in the path. Characters as &, % and many more are not valid.
  • If you sync the same storage with several colleagues all will sync changes that one user does. This will be a problem if you are on a mobile connection with limited data plan.
  • Synced data is stored on the drive of the user and will in almost all cases stay on the drive after the user stops syncing. Employees leaving the company will be taking data with them.
  • Most sync solutions allow the user to forward a synced document outside of the organisation or the groups of users that have access to the files.
  • All data that is not encrypted can be retrieved if the laptop is lost or stolen. A PC can be started with Linux from a USB-drive and the files are no longer safe even without password!
  • Syncing will fail and once it fails it will be a time-consuming problem to get back to fully working. In more cases than you imagine it will never be fixed again.
  • Vendors are not totally honest with the issues you will get with syncing.

Above are some implications that are security related. There are features to overcome the security issues above, in order to be fully compliant with GDPR you have to fix these issues.

  1. All devices that sync data must have encrypted storage.
  2. Security features in the device so that it is not possible to start the device from USB or any other removable media.
  3. Possibilty to remote wipe only the synced data without wiping the whole device. The contract with the employee/contractor will most likely need to be ammended.
  4. Mobile Apllication Management will be a needed investment, this is also time-consuming even though many steps can be automated.
  5. Security features such as blocking of forwarding files and logging who and when have opened a shared file outside of the organisation or user group.
  6. Block employees to lend their device to family and friends, as well as colleagues.
  7. Block for sensitive documents to be printed copied or forwarded.
  8. The most important secirty inevstment is user security awareness. The user has to be security competent not only in digitally working even with how they handle documents.

These are some of the issues you have to deal with when syncing data to mobile devices. These issues are rarely presented by the vendors of syncing software.

This is a practical work that you have to start working on now. If you fail on any of the above actions to handle the issues you are not GDPR compliant. Wouldn´t it be best to ditch synncing?

Watch me presenting at the online conferenece Collab365 on thursday 20th of October, the title is ”Adopt Microsoft cloud services to EUs GDPR”. I will show some of the features you can use for securing your work with Office 365.


Ove is speaking @collab365