Archive for the ‘Enterprise File Sharing’ Category

Should You Use a Password Manager?

It’s the beginning of 2022, and now is an excellent time to improve your privacy and security measures. One of the more essential aspects of your security is updating and securely saving your passwords to access all the online services you use, as well as your offline password, such as your computer password.

In the last decade, the use of online services has increased dramatically; they are more convenient for various reasons (minimum maintenance, less overhead, easy to escalate, etc.). Since many have switched to this model or have mixed-mode (online and offline software and tools) usage, maintaining the safety of your login credentials is crucial.

Today, we can manage our credentials in different ways:

  1. Use a password manager to save login information.
  2. Use a centralized login method like Login with Google, Apple, Facebook, etc.
  3. Use an authenticator app like Google auth, Microsoft auth, Open auth, etc. (not widely supported)

There are other methods, but these are the main three options supported by popular online services. While the three are valid, there are pros and cons of using one method over the other. We will focus our attention on the first option: using a password manager.

What is a Password Manager?

A password manager is a software tool (online or offline) that can save the login credentials of different tools and services. Most of these tools will use a master password that will grant you access to the list of your saved credentials.

The Benefits of Using a Password Manager

The main feature is, of course, saving your credentials, so you can remember them when you need to access your service; however, there are other reasons why this is convenient. Password managers:

  • help you choose a unique, strong password for each service. Since you don’t need to remember the password for each service, it enables you to select a strong password for each service account, making them less likely to be hacked.
  • help you keep track of your online services. It is an excellent place to keep an inventory of accounts that you have; in many password managers, you can also use special features like password expiration (to make sure you update your password on a schedule) and warnings for duplicated passwords across different services.
  • ease the login process across all your accounts. Most password managers have browser extensions that make logging into services as easy as clicking the password field or hitting a keyboard combination.

There are other interesting features of password managers, like cross-checking your password with hacked DBs of passwords or account form fillers (general account information, credit card, etc.). It all depends on your requirements and preferences.

The Cons of Using a Password Manager

Even though there are many benefits to using a password manager, that doesn’t mean it’s without risk. These are some of the more relevant ones.

  • Your password manager can serve as a single point of failure. The convenience of only remembering one master password means if your master password is exposed, someone can gain access to your password database. Naturally, this poses a significant security issue.
  • You need to have access to the password database. If you solely use an online password manager and you lose internet access for any reason, you won’t be able to log in to any of your services. That’s why I recommend that any service you use maintains a local copy of your database in your computer or mobile device. This can save you trouble in case of emergencies.
  • If you use an online service, you are relying on someone else’s security. When using a third-party service, there’s always going to be the risk of trusting that it keeps your information safe. Many services advertise that your information is encrypted and can’t be accessed if their system is exposed. However, this is often proven to be a false advertisement or not as secure as they claim to be. If you choose to use an online service, make sure to research your options, check the reputation and user ratings, and their security history.

What Password Manager Should You Use?

After reviewing what a password manager is and the benefits and risks, the convenience of using one is often found to outweigh the cons. You have two options: an online password manager or an offline password manager.

Many popular online services have a great feature set and strong security reputations. If you want to go that route, you can use the likes of 1Password, LastPass, or Dashlane, among others.

If you want to focus on security, the fact that your passwords are only available to you and not saved in external services is essential. In that case, I recommend an Offline Password Manager.

The industry preference has been KeePass, but there are many other options like KeePass variants, Safe In Cloud, or even tools provided by antivirus services.

Security Recommendations

No matter what option you choose, keep a record of your login credentials.

Review your options and choose the one that best suits your needs. There is no perfect tool for everyone, but there is a suitable tool for each use case.

Web browsers include password management functionalities in their engine; however, it’s important to use other options dedicated to keeping your information safe.

Though this may seem like obvious and oft-repeated advice, it is important to distinguish your accounts with different usernames and passwords; doing so will help preserve your online security.

Article written by Daniel Alarcon

 

 

Changes Coming to CMMC in 2022 with CMMC 2.0

CMMC 2.0 - What to expect

The U.S. Department of Defense (DoD) published an Advance Notice of Proposed Rulemaking (ANPRM) on November 17, 2021 which previewed significant changes to its Cybersecurity Model Certification (CMMC). The changes will take effect in 9 to 24 months from November.

CMMC 2.0 represents DoD’s response after an internal review prompted by over 850 public comments to the September 2020 “CMMC 1.0” interim rule. While changes are in progress, the DoD will not include CMMC requirements in its solicitations. Contractors are advised to continue to follow the current cybersecurity “assessments framework,” which focuses on compliance with National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 controls and the Basic Assessments required.

The revised program structure and requirements were created to meet the goals of the internal review.

  • Encourage accountability while minimizing barriers to DoD compliance
  • Protect sensitive information to protect and enable warfighters
  • Establish high professional and ethical standards to maintain public trust
  • Contribute to a collaborative culture of cybersecurity and cyber resilience
  • Enhance DIB cybersecurity to meet changing threats

What is the CMMC program?

The Cybersecurity Maturity Model Certification (CMMC) program protects sensitive, unclassified information shared by the Department with contractors and subcontractors by enhancing the cyber protection standards of companies. It integrates requirements into acquisition plans and gives the DoD greater confidence that subcontractors and contractors are in compliance. The three key features of the framework are:

  • Tiered Model: Companies with access to national security information must practice cybersecurity standards at progressively higher levels depending on the nature and sensitivity of the data. There is also a proper process for how information should flow down to subcontractors.
  • Assessment Requirement: CMMC assessments enable the Department to verify compliance with cybersecurity standards.
  • Implementation via Contracts: Certain DoD contractors who handle sensitive, unclassified DoD data will need to attain a specific CMMC level in order to be eligible for contract awards after full implementation of the program.

Overview of CMMC 2.0

CMMC 2.0 will replace CMMC 1.0’s five-level model with three levels of progressively increasing cybersecurity requirements. Each level is keyed to independent standards (e.g. Federal Acquisition Regulation (FAR), NIST requirements). The new model also increases third party assessor oversight and eliminates CMMC-unique practices and “maturity” requirements.

Improvements to the CMMC model include:

More Speed and Flexibility – Allows waivers of CMMC requirements and lets companies create Plans of Action & Milestones to obtain certification under certain circumstances.

Less Expensive – Allows all Level 1 (Foundational) and a subset at Level 2 (Advanced), to show compliance through self-assessments.

Streamlined Requirements – CMMC 2.0 focuses on the most critical requirements, reducing the model from 5 to 3 compliance levels.

Use of Widely Accepted Standards – The model now uses National Institute of Standards and Technology’s (NIST) cybersecurity standards and removes CMMC-unique practices.

More Accountability  Increases oversight of professional and ethical standards of third-party assessors.

New CMMC 2.0 Controls and Requirements

These are the new requirements for tiered entry in the three-level model:

CMMC 2.0 Level 1 – “Foundational

Level 1 must match the same 15 controls as FAR52.204-21 “basic” controls to protect Federal Contract Information. There are annual certifications and self-assessments by company leadership. This is essentially the same as the previous model.

CMMC 2.0 Level 2 – “Advanced”

CMMC 2.0 Level 2 is based upon the old CMMC 1.0 Level 3. However, the new Level 2 CMMC control lowers the number of required controls to 110 controls in the SP 800-171 Revision. 2 (NIST SP 800171). This eliminates 20 additional CMMC 1.0 Level 3 controls.

There will be a division between “prioritized” and “nonprioritized” acquisitions based on the sensitivity of information involved. An example of a prioritized acquisition might be one that includes Controlled Unclassified Information (CUI) related to weapons systems. A nonprioritized acquisition might include CUI regarding military uniforms. Details about prioritization will be released in future rulemakings.

Prioritized acquisitions will need an independent third party assessment (C3PAO) every three years. Nonprioritized acquisitions only require an annual self-assessment and certification.

CMMC 2.0 Level 3 – “Expert”

Level 3 of CMMC 2.0 will replace Levels 4 and 5 in CMMC 1.0.

Most importantly, acquisitions at the new Level 3 “Expert” level will require triennial government-led assessments. In addition to the 110 controls that are required for the new Level 2 certification, Level 3 certification will require compliance with NIST’s SP 800-172.

How to Prepare for CMMC 2.0

Cyberattacks on the Defense Industrial Base (DIB), are becoming more frequent and more complex. Therefore, cybersecurity is a priority for the Department of Defense. The DoD created the CMMC program in order to protect American ingenuity as well as national security information. Its purpose is to improve DIB cybersecurity to better meet evolving threats and safeguard the information that supports and enables warfighters.

The DoD encourages contractors to improve their cybersecurity posture during this transition. To assist DIB companies in assessing their cybersecurity readiness and implementing sound cybersecurity practices, the Department created Project Spectrum.

As rulemaking is underway, the Department plans to suspend current CMMC efforts and will not approve CMMC requirements being included in DoD solicitations.

Once the rules become effective, companies will have to comply, and the rules will be open for public comment. The DoD says it will seek out opportunities to engage stakeholders as it moves towards full implementation as participation by stakeholders is crucial to achieving the goals of the CMMC program. 

FileCloud is Powering Up for the Next Phase of Growth

In 2008, we started working on a peer-to-peer cloud-alternative platform called Tonido, which eventually powered our tiny TonidoPlug computer, various white-labeled OEM HW solutions and was adopted by use by hundreds of thousands of users across the world. While adoption was great, it was difficult to grow the business in this particular market and things were looking dim.  However, one thing we got right from the early days was listening actively to our customers and they were telling us one thing loud and clear. They loved Tonido but wanted the power and flexibility of the platform for their business and we listened. We released the first version FileCloud in 2012 and the rest is history.

Now 7 years in, with thousands of happy enterprise customers, it is improbable and almost impossible to imagine our growth given we were bootstrapped all along growing fully only on sales revenue generated. What started as a secure and personal cloud solution for business has now grown to a robust, scalable, secure, and compliant platform that powers large manufacturing, finance, and insurance businesses as well as military and government organizational content management solutions across the world.

While we could continue to build FileCloud organically using the same product-led growth, we realized that the breadth of customer problems that our product solves needs widespread market awareness and we need to bring the benefits of FileCloud’s solution to more customers quickly. If we could with almost zero marketing spend and no outbound reach win very large customers, there is a huge untapped market for a hyper-secure and compliant content management solution that is FileCloud.

That is why I am happy to announce that FileCloud has raised a $30 million Series A led by Savant Growth Fund I LP with participation from Kennet Partners and an additional $10 million growth capital facility with Avidbank.

I would also like to welcome Ray Downes as our new CEO and Peter Melerud as our new Chief Revenue Officer. Ray is not only an accomplished leader (previously CEO at Kemp and exited recently), but he also fully shares my core beliefs in providing value to customers, taking care of people, building a scalable business, and doing it all with integrity. I am happy to have him lead us to the next level.

I will step down as CEO and transition to my new role as President & CTO being responsible for technology and product strategy and execution. I will continue to serve on the board. The existing management team will continue in their current roles.

All of this wouldn’t have been possible without the hard work from the incredible people at FileCloud including the original founding team and some of my closest friends (who were crazy enough to believe in the vision), to some of the smartest, warmest, and incredibly talented people we have hired as we grew. I am extremely proud and thankful to have you all alongside this part of our sometimes arduous and oftentimes challenging journey as a bootstrapped company and the complete trust you had in me to lead you all.

To all of our customers who trusted us with your business, thank you! We have always been about serving customers and providing a best-in-breed product and best-in-class support, solutions, and service. This investment allows us to redouble our efforts to do much more and we will continue to make your satisfaction our biggest priority. I know that every company claims to be customer-centric, but our company’s DNA is based on deeply understanding customer pain and solving it elegantly.

While the bootstrapped part of our journey is over, the next part begins, and I cannot be more excited at the future growth and opportunities that lie ahead for all of us. While I am proud of the work that has been done and the problems we have solved, I firmly believe that we have only got started and there is plenty more to do.

Let’s continue to make that ‘dent’ in the universe.

Cheers!

Madhan Kanagavel
Founder

FileCloud Closes $30M Series A Led by Savant Growth

filecloud funded by savant growth

  • Kennet Partners also participated in the round, along with a $10 million growth capital facility with Avidbank
  • Ray Downes joins as CEO, Peter Melerud as Chief Revenue Officer—both from Kemp Technologies
  • Funding will accelerate innovation and global market expansion

FileCloud, a leading, hyper-secure content collaboration platform used by enterprise organizations around the world, today announced that it has raised a $30 million Series A led by Savant Growth Fund I LP with participation from Kennet Partners. In addition, the company raised a $10 million growth capital facility with Avidbank. The investment will support the company’s continued innovation and rapid market expansion, both domestically and throughout international markets.

FileCloud also announced the addition of two notable industry veterans to lead its expansion efforts. Ray Downes joins the company as Chief Executive Officer after a decade leading Kemp Technologies, a former portfolio company managed by Savant Growth’s investment team. Joining him will be Kemp co-founder Peter Melerud as Chief Revenue Officer, spearheading FileCloud’s go-to-market initiatives. Under their leadership, Kemp transformed from an SMB-focused load balancer vendor to a market-leading application experience company that was acquired in November for $258 million by Progress Software (NASDAQ: PRGS).

In addition, Eric Filipek, managing partner and co-founder of Savant Growth, will join FileCloud’s board of directors.

“Savant Growth’s investment in FileCloud is a testament to its many years of impressive organic growth,” Filipek said. “The company represents an excellent opportunity to partner with an impressive founding team and seasoned leadership with whom I have worked to realize substantial stakeholder returns.”

“This Series A funding comes at a time of rapid growth for FileCloud and will help us capitalize on the increasing market opportunities to meet escalating customer demand,” said Madhan Kanagavel, founder, president and CTO. “I am incredibly proud of our success bootstrapping the business to where it is today, and I can’t wait to begin this next phase of our journey. We are excited to partner with the new investors and welcome the arrival of Ray and Peter as they join our leadership team.”

“Our market research showed the content collaboration and secure file sharing space is evolving at an accelerating pace and has been in need of an innovative entrant like FileCloud to address the specific demands by enterprises around security, compliance and workflow automation,” Filipek said. “From the very first engagement with Madhan Kanagavel and his founding partners, we saw firsthand their passion and focus on solving complex customer challenges that resulted in FileCloud maturing into a unique, highly capable CCP platform.”

For more information about FileCloud and Savant Growth, please visit www.filecloud.com and www.savantgrowth.com.

About FileCloud

FileCloud is a hyper-secure content collaboration platform (CCP) that provides industry-leading compliance, data governance, data leak protection, data retention, and digital rights management capabilities. Workflow automation and granular control of content sharing across most enterprise platforms are fully integrated into the complete CCP stack. The platform offers powerful file sharing, sync, and mobile access capabilities on public, private, and hybrid clouds. FileCloud is headquartered in Austin, Texas. FileCloud is used by millions of users around the world, including top Global 1000 enterprises, educational institutions, government organizations, and managed service providers. For more information, visit www.filecloud.com.

About Savant Growth

Savant Growth is a data-first growth equity firm that invests in bootstrapped, founder-led, high-growth B2B SaaS and tech-enabled services businesses. The firm combines 30 years of investment experience with a data-driven, entrepreneurial approach to bring together talent, companies, and capital for transformational outcomes in large, high-growth markets. The firm uses SaleSavant, its proprietary natural-language processing and machine learning software to help identify companies and teams that match its success predictors for its portfolio. Savant Growth generally targets companies with annual recurring revenue of $5 million to $15 million and typically invests in both minority and majority positions of $10 million to $50 million as the first institutional investor. Savant Growth believes it provides unique operating leverage to portfolio companies with its proprietary software and services for prospect identification (SaleSavant) and engineering resources to augment development initiatives (DevSavant). For more information, please visit www.savantgrowth.com.

FileCloud Now Runs RHEL 8 with DISA STIG Profile

At FileCloud, we’re always working to make sure our system fulfills the security requirements of companies and organizations, specifically compliance with government regulations. To accomplish this, FileCloud offers top-notch security features such as virus and ransomware protection, advanced digital rights management and folder permissions, and DLP and two-factor authentication. Additionally, FileCloud’s compliance dashboard helps compliance officers and administrators remain in line with ITAR regulations and will soon also provide support for GDPR and HIPPA requirements.

Now, it is even easier for government agencies, specifically the US DoD (Department of Defense), to run FileCloud in accordance with their guidelines because it can now run on RHEL 8 with DISA STIG Profile.

What is DISA?

DISA, (or The Defense Information System Agency) is a combat support agency that supports the DoD specifically with IT and communications (essentially how information is distributed, managed, and organized).

Every organization has different internal regulations and requirements, and governmental agencies often have more than usual, specifically for the security of the US and its government. That’s where STIGs come in.

What are STIGs?

STIGs (or Security Technical Implementation Guides) are guides that DISA releases specifically based on use of an application within DoD agencies. These guides essentially tell anyone working for the DoD how they must handle the software and systems they use.

DISA puts out and maintains hundreds of STIGs to ensure DoD information is being kept and shared securely.

These regulations might seem like a lot of work, but these STIGs allow developers and administrators to properly maintain software and hardware, update protocols, and even identify security weaknesses or issues in code.

There are three different DISA STIG categories organized from the severity of risk (that could result in intense consequences if not taken, including loss of life, mission failure, and not being able to operate) to less severe risks (like increased vulnerabilities, delays, and inaccurate information).

Essentially, if FileCloud needs to be run within the DoD (based on how the DoD agency wants to use FileCloud) DISA gives the agency a list of STIGS to comply with in order to run FileCloud while still following regulations. This includes being able to run FileCloud within RHEL 8 as long as the STIGs are followed.

What is RHEL 8?

RHEL 8 is developed by Red Hat, and, according to Red Hat, “gives organizations a consistent OS across public, private, and hybrid cloud environments. It provides version choice, long life-cycle commitments, a robust ecosystem of certified hardware, software, and cloud partners, and now comes with built-in management and predictive analytics.”

This, in essence, turns on controls at the OS level. With specific controls on, the OS limits application installing, running, and even forces certain behaviors on the application.

DISA recently worked with Red Hat to develop and release a STIG for RHEL 8 that is approved to run within the DoD as long as the STIG is properly followed.

How Does this Apply to FileCloud?

As always, we want FileCloud to be useful and compliant within all companies and organizations, and specifically within the DoD. Prior to enabling FileCloud to run on RHEL 8 with DISA STIG controls, we had already worked on similar capabilities, such as running FileCloud on Centos with FIP-140 control enabled at the OS level, so we knew it was possible.

Why We Did It?

At FileCloud we encourage all our employees to speak up, from marketing to sales, and one of our amazing sales team members saw the need for FileCloud to run on RHEL 8 with a DISA STIG profile.

The problem was brought forward, and our sales team worked with our development team in order to find a solution. Ultimately, we were able to make it so that FileCloud can be installed on RHEL 8 with DISA STIG controls on.

What this Means for The US Department of Defense and FileCloud

As we said at the beginning of this blog, we’re always working to make it easy for users to use FileCloud. Sometimes this means adding new features like Workflow Automations and an ITAR Compliance Center, other times it means working within DISA STIGs in order to make it easier for DoD agencies to use FileCloud even within their regulations.

Now that FileCloud runs on RHEL 8 with DISA STIG controls, it’s easier than ever for the DoD to use FileCloud’s secure storage and file sharing system, along with its other impressive benefits and features like advanced DLP, integrations with systems like Microsoft Office, Teams, and Only Office, and Metadata management and personalized branding.

How to Perform MongoDB Upgrade for High Availability from 3.6 to 4.2

MongoD

At FileCloud, we’re always working to make sure our systems are upgraded to the highest possible standard.

With our 21.1 update, FileCloud MongoDB has been upgraded from 3.6 to 4.2.

For standalone installations, the script will automatically upgrade the version, as it includes compatibility checks and issues. Prior to web node upgrades, the MongoDB cluster will need to be upgraded manually.

Below are the steps to upgrade MongoDB Servers in Linux:

Step 1: Set Feature Compatibility to 3.6

mongo –host {IP address of Primary}  –eval “db.adminCommand( { setFeatureCompatibilityVersion: ‘3.6’ } )”

Step 2: Upgrade Secondary Nodes to 4.0

In Linux versions, you can use the command filecloudcp -m40 which should help you upgrade the MongoDB from 3.6 to 4.0

Step 3: Stepdown current primary as secondary

rs.stepDown()

Step 4: Upgrade the last server to 4.0

Step 5: Set Feature Compatibility to 4.0 in the current Primary Server

mongo –host {IP address of Primary} “db.adminCommand( { setFeatureCompatibilityVersion: ‘4.0’ } )”

Step 6: Upgrade Secondary Nodes from 4.0 to 4.2 one by one using the below commands:

filecloudcp -m42

Step 7: Stepdown current primary as secondary

rs.stepDown()

Step 8: Run command in Step 6 to upgrade all the MongoDB servers to 4.2

Step 9: Set Feature Compatibility to 4.2 in the current Primary Server

mongo –host {IP address of Primary} “db.adminCommand( { setFeatureCompatibilityVersion: ‘4.2’ } )”

After upgrading the MongoDB servers, you can run the command filecloudcp -u on all the web servers which should help you to upgrade the FileCloud webservers to the latest version.

Below are the steps to upgrade MongoDB Servers in Windows:

Download the file https://patch.codelathe.com/tonidocloud/live/scripts/fc/filecloudcp.ps1 and place it under Xampp\htdocs\resources\tools

Step 1: Set Feature Compatibility to 3.6

mongo –host {IP address of Primary}  –eval “db.adminCommand( { setFeatureCompatibilityVersion: ‘3.6’ } )”

Step 2: Upgrade Secondary Nodes to 4.0

In Linux versions, you can use the command Xampp\htdocs\resources\tools\filecloudcp -m40 which should help you upgrade the MongoDB from 3.6 to 4.0

Step 3: Stepdown current primary as secondary

rs.stepDown()

Step 4: Upgrade the last server to 4.0

Step 5: Set Feature Compatibility to 4.0 in the current Primary Server

mongo –host {IP address of Primary} “db.adminCommand( { setFeatureCompatibilityVersion: ‘4.0’ } )”

Step 6: Upgrade Secondary Nodes from 4.0 to 4.2 one by one using the below commands:

Xampp\htdocs\resources\tools\filecloudcp -m42

Step 7: Stepdown current primary as secondary

rs.stepDown()

Step 8: Run command in Step 6 to upgrade all the MongoDB servers to 4.2

Step 9: Set Feature Compatibility to 4.2 in the current Primary Server

mongo –host {IP address of Primary} “db.adminCommand( { setFeatureCompatibilityVersion: ‘4.2’ } )”

After upgrading the MongoDB servers, you can run the command filecloudcp -u on all the web servers which will help you to upgrade the FileCloud webservers to the latest version.

In case of any issues with the upgrade, please feel free to open a ticket with our support team at support@filecloud.com

Article written by Nandakumar Chitrasuresh

Security Monthly: Company Data in the Cloud

This article is the first entry in the Security Monthly series, where we will discuss recent and important events regarding security incidents, data protection, notable attacks, and related topics. To kick off our series, we will cover four attacks that demonstrate different aspects of how modern security breaches are operated.

Critical Infrastructure Needs to be Cyber-proof

There has been an increasing trend of critical infrastructure (emergency call centers, grid line controls, power plants, etc.) migrating service operations to the cloud. This migration leaves certain infrastructures vulnerable to cyberattacks. A European Union study highlights the need for a more organized approach toward securing critical infrastructure, similar to what is seen in technology companies. The report shows that a systemic approach to protecting institutions and organizations critical to a larger population must be considered from the ideation phase. Cybersecurity considerations thus become operational requirements – it is a crucial part of any business or endeavor.

With cloud adoption rising, the associated risk of being attacked is also increasing. There are many types of issues in software that can be exploited by hackers – as developer tooling and experience rises, so does the number of new developers and hackers. Armed with knowledge of which attack is most popular, we can better prepare for a security incident.

The list of top ten important vulnerabilities for 2021 is available on the OWASP website, along with in-depth analysis and context behind each of the vulnerabilities depicted below and the methodology behind how this list was calculated.

Fig 1. OWASP Top 10 Vulnerabilities Shift 2017 to 2021

Consequences for Poor Cybersecurity

With the need to protect critical infrastructure comes the need to immunize infrastructure (or at least have a backup plan) against the most typical vulnerabilities. Broken access control can lead to disaster scenarios such as losing control over nuclear reactors or leaking millions of credit card information or a billion users’ passwords online. All these attacks exploited one or more of the known, popular vulnerabilities.

In this introductory article, we will take a look at some of the more popular and recently talked about attacks from around the world. First, we will review the recent attack mitigated by Azure Cloud. We’ll follow with another Microsoft company, LinkedIn, which fell victim to an attack that leaked 700 million users’ data, only two months after a breach that leaked 500 million users.

We will then examine a leak of 1.1 billion users’ information from Alibaba, where a malicious actor was scraping the platform’s data containing sensitive information over a period of eight months. The last piece will show an infrastructure attack on npm (Node Package Manager) by publishing a package with crypto-mining malware.

The need to protect critical systems will become more prevalent in the systems that engineers create. Consider the current possibility: an attack on your local home server running your IoT doorbells can lock you out of your home; imagine what can happen if a nuclear power plant is hacked.

We hope to never know.

Azure Cloud Mitigates 2.4 Tbps DDoS Attack

Graph showing bandwidth spikes registered by Azure during 2021 DDoS Attack

Fig 2. UDP bandwidth mitigation timeframe by Azure

In the last weeks of August, Microsoft’s Azure service was able to save a customer hosting his data in Europe – it was the biggest attack to date in terms of volume, with over 70 thousand hosts sending requests. The inbound traffic was 140% larger than the impressive attack from 2020, also mitigated by Azure.

Though the blog post covering the incident does not share details, other news outlets state the attack was a type of DDOS known as UDP reflection.

“Reflected amplification attacks are a type of denial of service attacks wherein a threat actor takes advantage of the connectionless nature of UDP protocol with spoofed requests so as to overwhelm a target server or network with a flood of packets, causing disruption or rendering the server and its surrounding infrastructure unavailable.” thehackernews report

Azure was able to fend off this attack due to the massive scale of the cloud, applying specific logic that could siphon the huge data wave before it ever arrived at the customer service. The solution was implemented behind the scenes, with customers experiencing no issues during the attack.

With services delivered over the internet, the risk of disruption is high – especially for high-risk targets. The abundance of IoT devices that form new botnets is such that protection against denial of service attacks must be considered when working on a critical system.

It is not an easy task, as DDoS mitigation happens at a very low level – not every company is able to invest in precautions. Even fewer companies are able to build in-house solutions to handle data floods of such volume.

Slow Yet Thorough – How to Scrape a LinkedIn Profile

The news of the attack came via email from a concerned author at PrivacyShark, who saw a list of LinkedIn user data for sale on a hacker forum. Due to the hack, private emails and phone numbers were hosted online, available to malicious actors for spam and identity theft.

The issue of identity theft is serious, as it leads to losses on the order of 56 billion USD, as reported by CNBC. The total number of US citizens hit by an identity fraud attempt is on the order of 45 million. If there is one thing we can take for certain, it is that data in circulation is being put to use by criminals at ever faster rates. Furthermore, attackers are using new approaches to access user data, which may occupy a legal grey area, such as automated scraping.

This activity does pose some interesting legal questions. LinkedIn is currently involved in a Supreme Court case that seeks to define online scraping as illegal. If the ruling is in LinkedIn’s favor, scraping their or other social websites could be deemed as criminal activity.

man in front of screen with cybersecurity icons

An Alibaba Hack Leads to New Laws in China

The attack on Taobao, part of Alibaba, had led to criminal prosecution and jail for the attacker as well as his employer. Personal data was siphoned out of the system for over eight months by an employee of a consultancy firm.

The data was supposedly not sold online. The judge ruled jail terms of three years, with fines totaling 70K USD. In the aftermath of this case, China introduced new data protection laws, granting the state the ability to shut down services at will or fine companies found mishandling core state data.

Subsequently, a personal information protection policy is also in the works as the government is heavily invested in IT infrastructure. This law will give immense power to officials running the country.

It is worth noting that security issues can lead to significant changes in federal and global laws. With IT security being considered at legislative levels, cybersecurity is an increasingly important subject for lawmakers to understand. After all, if those crafting and implementing new laws do not understand what they are doing, how can they make an informed decision on the matter?

npm Hosting Crypto Mining Malware

With over six million weekly downloads, UAParser.js is a popular package used by developers all around the world. However, malicious versions of this package entered the registry, likely through a hijacked account.

All computers running the package version served as open hosts to malware and trojans, starting a vicious cycle of infestation – this was an attack placed deep in the supply chain.

 “The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner.” Hackaday

 The response to the attack was immediately put to public attention, and users could mitigate the issue once seen. It’s not yet clear how big of an impact this caused in the real world.

The important takeaway from this story is that supply chain attacks that lead to ransomware are easier than ever (remember Kaseya?) and do real harm. It only shows that even developers, who supposedly know a thing or two about security, can be vulnerable too.

An important element of this story is that once the attack was confirmed, the npm registry pulled all infected packages. Swift action can be a deciding factor in how well cybersecurity issues are resolved and how companies recover.

Conclusions

Data safety, compliance, and security for sensitive information are prime topics for every industry touched by digital transformation. To create a secure ecosystem, it is important to know not only the systems we create but to also understand the attacks and outcomes for end-users. It’s crucial for users and designers to tread carefully when securing a system.

A leaked email may be relatively mild on the scale of hacking worries. Leaking credit card data or social security numbers, on the other hand, has real-world implications. Since the pandemic and the global drift toward remote work, hackers have developed new methods of stealing user data and money with each passing month.

Several organizations were not prepared to move toward digitized platforms and the predators lurking in the network. With cyberspace full of technologically advanced attackers, it is ever more important to stay on the safe side, with multiple layers of protection and strong IT practices.

The next entry in the Security Monthly series will describe ransomware attacks, as well as new attacks that use AI – stay tuned!

Article written by Piotr Słupski

What Can Secure File Sharing Do for the Legal Industry?

This image has an empty alt attribute; its file name is Legal-Industry-Secure-File-Sharing-Banner-1024x576.jpg

Secure file sharing has become a necessity in almost all industries. From small businesses that want to easily share files with their clients, to large corporations that need specific compliance and governance regulations, secure file sharing is an aspect of business that all companies need to consider.

The legal industry is no exception. In fact, given the security needed for the sensitive materials legal professionals work with, secure file sharing should be a top consideration for any firm or business within the industry.

What is Secure File Sharing?

Because so much of work is now done online, most people share files without ever considering what they’re doing—or if what they’re doing is secure. Have you ever sent a file to someone from Google Drive or Dropbox? If so, then you’ve shared files. Of course, both Google Drive and Dropbox have security protocols in place, but those protocols still might not fit your company’s needs.

Secure file sharing is just sending files from one person to another while knowing that those files (especially ones with sensitive information) can’t be accessed by a hacker or unauthorized person.

This is important for many industries, but it is vital for those working within the legal industry. Because those in the legal industry work with sensitive and often confidential documents and media, it is necessary for anyone sharing files to be certain that their clients’ and firm’s information is secure.

There are so many different file sharing systems now that selecting one for your company can feel overwhelming. However, there are specific features you can look for that are important for the legal industry to have in their file sharing systems.

Let’s go over those features now.

File Sharing Features for the Legal Industry

Legal professionals and law firms often face regulations that require them to handle confidential data in a secure and compliant way. Additionally, all major companies dealing with law firms expect top security due to exchange of proprietary information.

Security

It’s important that any file sharing system you’re using lists security as one of its top priorities. Given the sensitive nature of many of the documents and media used within the legal industry, it’s important that your security is top-notch. Options like antivirus and ransomware protection, end-to-end encryption, and secure cloud storage are all important aspects of secure file sharing. Additionally, permission settings should be able to be customized by the administrator. Ideally, a secure file sharing platform will provide access to users and guests to ensure only authorized individuals can interact with confidential files.

This image has an empty alt attribute; its file name is Share-Link3--1024x795.jpg

Figure 1: Secure Link

Cloud Storage and Hosting Capabilities

There are many different options when it comes to storage for file sharing systems. One reason many people use file sharing systems is because of their cloud storage capabilities. Cloud storage allows users to access their files from any device. This is especially helpful as more and more companies turn to remote work.

Cloud storage services are typically divided into three options: private, public, and hybrid. The best option for a file storage and sharing platform will depend on the regulatory, user, and data requirements of your firm or business.

Private or on-premises hosting means to host the data and file sharing platform on your own server, behind a firewall. Some companies prefer to store everything on their own server as this allows them to have complete control over their data.

Public cloud services host the file storage and sharing platform on behalf of their client in their data centers (like Dropbox and Google Drive). There are fewer options for customization or security settings, but this can be a good option for firms needing scalability without the responsibility of managing the cloud infrastructure directly.

Hybrid services typically combine public and private cloud storage solutions, so that clients have both an on-premises server for highly sensitive data combined with a public cloud service for archived data.

Retention Policies

Specific retention policies give admins the ability to implement types of hierarchical holds, including admin hold, legal hold, trash retention, and archival. These policies are attached to files and folders.

  • Admin Hold – This type of hold outranks all other policies and prevents updating/deleting content for an indefinite period.
  • Legal Hold – Designed to retain data for important legal cases or discoveries. During this time, file modifications are not allowed.
  • Trash Retention – An action that can be set to automatically delete all files in trash bins permanently off the sever.
  • Archival – This helps you move and store old content over the long term, with no deletion allowed until a specified time.

Legal hold is an especially important requirement for a file sharing solution used by the legal industry. Look for file sharing systems that offers options for legal hold—beyond retaining specific files, users will receive a notification telling them not to delete electronic or paper documents that are important for a legal case.

Governance and Regulatory Compliance

Governance and retention policies are often a vital part of working within the legal industry. That’s why it’s important to be able to set retention policies based on your regulatory requirements.

Some file sharing systems even offer compliance systems that help your administrator meet governance requirements for ITAR, HIPPA, GDPR, and more. These compliance configurations combine retention policies with other security and administrative features like metadata, content classification, audits, Data Leak Protection, and Digital Rights Management.

Audits

Advanced audit-log systems are an important part of file sharing systems, but they can be especially important for the legal industry. Audit logs (including what, when, who, where, and how) are important for administrators as they can see file actions, including who is accessing/using files.

DRM (Digital Rights Management)

DRM is an important part of any file sharing system, but it’s vital for the legal industry to be able to control who is accessing/viewing/using their files. DRM systems usually have the ability to control who shares, screenshots, and copies your data.

Customization

Customization is a key factor when considering your file sharing system. Some file sharing systems offer some limited customization of policies and governance, but many systems do not allow changes to their systems. However, it’s important for those within the legal industry to set the security, policies, storage, and DRM capabilities based on their company’s needs.

Client Portal

Many companies are now looking for the ability to give their clients a client portal. Client portal software allows companies to give their customers a place to access confidential documents securely. These portals are usually accessed with a password and allow customers to review, download/upload documents and other media. File sharing systems often offer the option to create your own type of client portal, without the need for extra software.

Because the legal industry works with clients who often have to provide sensitive documents, having a secure portal that clients can access will provide ease of mind. It’s also important to look for file sharing systems that will allow you to have free guest accounts that will still allow uploads/downloads and communication.

Branding

Keeping your branding the same throughout all your systems is an important part of establishing your company’s brand and identity. Look for a file sharing system that allows you to add your own logo, name, and create a custom URL.

Ease-of-Use

While your IT manager might understand the ins and outs of complicated technology, it’s important that your file sharing system is easy-to-use and understand for all users. Make sure that both your employees and clients can access the system easily and quickly learn how to share their files securely.

These are the most important features when it comes to making sure you have a file sharing system that works for the legal industry. Now it just comes to selecting the specific system.

FileCloud as a Secure File Sharing System

There are many systems to pick from, including options such as Google Drive, Dropbox, and OneDrive, but we think that FileCloud sets itself above these as it has all the capabilities needed for working in the legal industry, and more.

FileCloud offers enterprise-level security like 256-bit AES SSL encryption at rest and SSL/TLS protocols for data in transit, SSO (single sign-on), Active Directory integration, two-factor authentication, automatic anti-virus scanning of files (when uploaded) and more.

FileCloud’s Governance and Retention Policies

FileCloud understands the importance of governance for the legal industry, and that’s why there are totally customizable classification and retention policies available.

Retention policies allow you to automate certain actions when it comes to managing and organizing your documents. This policy-based automation helps secure your content and gives you total control over the document life cycle.

Within the FileCloud policy system you can create policies that restrict how files and folders are deleted/edited which helps ensure the security of your content. FileCloud’s retention policies are hierarchical, which means you can select the policy that best protects and retains specific types of digital content.

These hierarchical retention policies support document life cycle management for the legal industry. Policies include admin hold, legal hold, retention, trash retention, and archival. Within the FileCloud system, you can apply these retention policies to files and folders and customize policies based on the needs of your business.

FileCloud also offers options for smart content classification, custom metadata, and DLP (data loss prevention). Legal industries can use many of these features in different ways, such as creating a metadata tag for legal articles or other data which can then be applied using smart classification.

FileCloud’s DRM Capabilities  

FileCloud offers advanced DRM capabilities, including restricted sharing, prevention of screenshots, and copying of data. Because security is such an important factor to all file sharing, all DRM files are protected with AES-certified 256-bit encryption and SSL/TLS protocols.

FileCloud Makes Work Easier

FileCloud recently released a new feature called Workflow Automation. This new feature helps users work smarter by providing the ability to build simple to complex workflows that streamline important business processes.

Managers can create and share workflows for everything from simple tasks like signature retrieval to more complex work like contract reviews. 

This can especially be helpful for those working in the legal industry as it can automate and speed up tasks like contract and patent approval and new policy review. 

This image has an empty alt attribute; its file name is Full-Workflow-4-1-1024x725.jpg Figure 2: FileCloud Full Workflow

Automating tasks is easy with FileCloud’s no-code, drag-and-drop tool that helps build workflows. Managers can even share custom workflows with their teams to help prevent errors and accomplish important objectives.

Running workflows can be viewed in a dashboard so you can see work happening in real-time, correct any oversights in automation, and download reports with a click of a button.

Making Your Business More Secure

FileCloud is always working to make customer’s lives easier, including the option to create a client portal, branding, and complete customization options. But you don’t have to take our word for it. Look what these other law firms have to say about working with FileCloud.

This image has an empty alt attribute; its file name is Legal-In-8-1024x322.jpg

Figure 3: Legal Industry Customer 1
 
This image has an empty alt attribute; its file name is Legal-In-9-1024x322.jpg
Figure 4: Legal Industry Customer 2
 
This image has an empty alt attribute; its file name is Legal-In-10-1024x322.jpg
Figure 5: Legal Industry Customer 3

As we said, we think FileCloud is a superior option, but there are many to choose from when looking for a secure file sharing system.

The most important thing to remember when selecting a file sharing system is that it has all the capabilities and features you need to succeed at business, including security, customization options, and DRM.

Secure file sharing is only going to become more important over the years. Making sure you have a system in place that can adapt to changing requirements will put you ahead of your competitors.

Get started secure file sharing today by getting a free trial of FileCloud

Box Relay vs. FileCloud Workflows

Workflow Automation 

Workflow automation refers to the creation, deployment, and management of business processes using pre-defined rules. People can use workflow automation to standardize work, and it allows for business rules and compliance to be met. It also eliminates human error and ensures transparency and accountability at all stages of the process.

Even though we are on the verge of realizing that people can automate their daily processes, most current workflow tools are too rigid and complex, tied to IT, or both. Existing workflow tools have these unappealing characteristics because they are not designed for business users. Implementing workflows using many existing tools is also a failure because they restrict workflows to the environment rather than their extended enterprise.

This is where Box Relay and FileCloud Workflows come in. Both are workflow automation tools built with the business user in mind. We will first look at Box Relay, though the two products are similar in what they offer.

Introduction to Box Relay

Box provides Cloud Content Management (CCM), and Box Relay is a core product in the Box platform that automates content-centric workflows.

Box Relay lets users create workflows and keep multiple business processes under control in an easy-to-use manner with its simple interface and no-coder approach. Businesses can automate repetitive tasks and streamline business processes like contract approvals, content review, and onboarding. A conditional logic feature, in particular, allows users to route content by using multiple metadata fields. The software also facilitates real-time collaboration among business partners, vendors, clients, and other business entities, allowing the flow of relevant business content. 

Relay allows the business user to automate redundant procedures, reduce work, and lets IT focus on other value-added tasks. It achieves this by automating content-centric business processes right where the content is. Box Relay’s content-centric workflows make it easy for business users to automate tasks that would otherwise take too much time and effort. Box Relay’s “if that, then those” statements are a simple, no-code way to build a codebase. The statements include many fillers to create triggers, conditions, or outcomes that all together form the desired automated process. Box even offers pre-built workflow templates, which cover multiple use cases – Marketing, Sales, HR, and Finance and Operations.

Box Relay is not an IT-dependent service, but it helps IT empower business users with the right technology to increase efficiency and drive business processes. IT is not able to understand the use cases of business users better than themselves. Relay’s design allows business users to collaborate with IT in creating automated processes.

Box Relay Features

Now that you have a basic understanding of how the software works, we will look at Relay’s specific features.

No-code Workflows: Users can build business workflows without extensive coding knowledge.

Pre-made Workflow Templates: A collection of pre-built templates helps quickly create common workflows for finance, human resources, legal, legal, marketing, and sales. Users can customize them, and the library covers at least 24 different business uses. 

Workflow Ownership Transfer: This allows the transfer of workflows between users. Workflow transfer is helpful to adapt quickly and efficiently to organizational changes such as job/role shifts. Users could also use the feature to transition workflows from IT to business users.

Workflow Trigger API: This API lets third-party apps trigger workflows. This feature is handy for business processes that involve a lot of client interaction, making it easier to automate client interactions even if they don’t involve the Box platform.

Summary Dashboard with Export: Users can track progress with one dashboard to view all workflow history. Box Relay also provides an exportable audit history that shows the status of each workflow. Administrators can monitor access rights for workflow generation and the oversight of business processes.

FileCloud Workflows Introduction and Comparison 

FileCloud is an award-winning enterprise file sharing, sync, and backup solution (EFFS). FileCloud Server is a self-hosted solution that provides complete data ownership, residency, and control. It allows enterprises to create and manage a Dropbox or Box-like file storage and sync system integrated with their IT infrastructure. With Filecloud Online, FileCloud hosts data on the company’s world-class infrastructure in the customer’s region. 

FileCloud Workflows is FileCloud’s workflow automation tool. Like Box Relay, FileCloud Workflows makes it easy to create workflows, manage multiple business processes, and monitor progress with an intuitive interface. It also allows real-time collaboration between business partners and vendors, clients, and other business entities and facilitates the flow of relevant business content. 

Other similarities include simple “if this, then those” statements that allow you to build a codebase without any programming and content-centric workflows that make it simple for business users to automate tasks that would otherwise require too much time or effort. 

Despite many core similarities, there are a few differences to consider. Just as Box Relay is integrated with the Box platform, FileCloud Workflows is tightly integrated with FileCloud. Box and FileCloud each provide different features that are well-suited to various enterprises depending on their business needs. 

Unlike Box, FileCloud has a self-hosted option (FileCloud Server) attractive to enterprises in heavily regulated industries and government organizations. FileCloud uses industry-standard encryption methods (AES 256 bit) to securely transfer data (SSL/TLS secure channel) and store it. It supports ransomware detection, ransomware prevention, anti-virus scanning, data loss prevention, and easy-to-configure security policies.

There is also a difference in pricing and value. FileCloud Server Standard edition costs $5,000/year for 100 users, while Box Business edition costs $15,000/year for 100 people. Included within that price, FileCloud offers unlimited client accounts for free. To see a detailed comparison of the two platforms, click here

Two downsides of FileCloud Workflows compared to Box Relay are that it lacks pre-made workflow templates and a workflow trigger API. An upside is that FileCloud Workflows’ drag-and-drop canvas makes it much easier to visualize and build workflows than the vertically stacked boxes in Box Relay’s user interface. 

FileCloud Workflows Features

Let’s take a more detailed look at FileCloud Workflows’ features.

No-code Workflows: As with Relay, users can build business workflows without extensive coding knowledge.

Drag-and-drop Interface: The visual canvas and drag-and-drop tool make it easy to see and create any business workflow. 

Workflow Ownership Transfer: This allows users to transfer workflows. Businesses can use workflow transfer to adapt quickly to organizational changes like job/role moves. IT and business managers can also use this feature to make and share workflows with departments and teams.

Summary Dashboard with Export: FileCloud Workflows also provides a summary dashboard with real-time reports and the ability to export an audit history. The dashboard provides a convenient way for users to see the progress of their work, and admins can monitor access rights for workflow generation and the oversight of business processes.

Self-hosted Data: For organizations that require complete control of their data, FileCloud has a self-hosted version. With FileCloud Workflows, organizations hosting their data on-premises can still enjoy the benefits of workflow automation. 

Comparison Conclusion

As you can see, there are many similarities and a few critical differences between FileCloud Workflows and Box Relay. Both tools provide business users with the ability to introduce workflow automation into their everyday processes. Which one you choose will depend on the requirements of your organization. 

A Deep Dive into Workflow Automation

 

Over the past few decades, organizations have faced the challenge of digital transformation. How do you transition from and improve a workplace previously dominated by email, phones, whiteboards, spreadsheets, and hand-written notes? Each of these tools is based mainly on human memory, increasing the possibility of human error. They can be challenging to use for collaboration and provide poor visibility by management, particularly in the remote or hybrid workplace that is becoming the norm.

Organizations can significantly reduce the reliance on outdated communications and tracking software by implementing workflow automation. Workflow automation improves the efficiency and productivity of organizations by streamlining business processes. It also ensures that a clear record of work tasks is maintained for easy tracking and auditing.

There is far less dependence on human memory, task tracking spreadsheets, and employee manuals. Instead, the structure of essential and ongoing processes is held in an accessible, central repository that can easily be accessed or distributed by anyone with the proper authority (using Role-based Permissions).

What is Workflow Automation?

In concise terms, workflow automation is the design, creation, deployment, and management of business processes based on preset rules. This allows work tasks to be automatically triggered between people, technology, data, and other resources.

Workflow automation can be used to standardize work. It allows for compliance policies and business rules to be met. It reduces or eliminates human error and deviation and provides transparency and accountability at all levels of the process. The tactical goal is to ensure that the appropriate workers are focusing on the correct tasks at the proper time and have everything they require to complete said tasks.

A History of Workflow Automation

  • The 1990s. The first workflow-based automation software solutions were created. This software replaced the paper-based workflow processes with electronic versions, allowing companies to replace paper tasks-routing activities with electronic-form processes.
  • The late 1990s. Business rules and tools for modeling allow companies to build, analyze, and visualize business processes. They can see graphical views of current organizational processes and compare them with prospective trial processes to make work more efficient.
  • From 2005. The current era of workflow automation begins with the introduction of business process management (BPM).

Workflow Automation’s Primary Benefits

There are several key benefits to automating workflows and processes:

  • Increased efficiency and productivity
  • More accuracy
  • Real-time visibility of work
  • Individual accountability at the highest level
  • Ability to set meaningful KPIs and collect real-world data that can be used in process improvement
  • More data for better decision-making
  • Improvement in data security

Other possible benefits include:

  • Better customer experience and vendor relations with a reduction in wait times and errors and improvement in communication
  • More job satisfaction since employees are better able to prove and reap the rewards of high performance

In summary, workflow automation can provide a more consistent, positive experience for all your customers regarding the delivery of finished work products. It makes it easier to get work done and track what is being completed.

The ultimate goal of workflow automation is to give you an advantage over manually-driven competitors. This can be achieved by offering higher quality work, lower prices, and faster decision-making.

Statistics on Workflow Automation

Statistics can provide a wealth of information about how workflow automation is affecting organizations. Here are some statistics on the importance of process automation for digital transformation from a survey of 400 IT decision-makers across the US and Europe.

  • 97% of IT decision-makers agree that process automation is key to digital transformation.
  • 67% of businesses are currently implementing business process automation solutions that improve visibility across various systems.
  • 47% of IT leaders agree that the most significant ROI in automation is achieved within operations.
  • 36% have already implemented workflow automation technology.
  • 29% of organizations plan to implement low-code or no-code workflow automation software soon.

How Workflow Automation Can Help Departments

Automation can streamline the work of any department. Here are some ways that workflow automation software can help:

IT

  • Reduce time and energy spent on building tech processes for other departments by empowering others to build workflows with no-code, drag-and-drop workflow automation
  • Manage department assets and track usage trends
  • Assign escalations and tickets to team members based on availability
  • Avoid duplicate support requests
  • Easily execute stakeholder updates

Sales

  • Standardize processes to simplify list building
  • Ensure that all leads receive excellent treatment and never miss a lead because of human error
  • Get in-depth reports of ongoing processes

HR

  • Reduce paperwork and manage documents more easily
  • Streamlined approval process makes it easier to find, verify and hire candidates quickly
  • Improve and speed up onboarding and off-boarding experience
  • Increase the visibility of your workflow

Finance

  • More easily track expenses to avoid unwelcome expenditures
  • Build workflows for approvals and notifications of employee travel, budgeting, and reimbursements
  • Save time processing approvals

Marketing

  • Streamline content creation process
  • Improve quality by making sure the right people approve all content
  • Increase employee accountability
  • Nurture quality leads with a consistent and trackable process

How to Get Started with Workflow Automation

A workflow automation plan starts with a clear goal and ends in process evaluation. Below are the five steps that go into a workflow automation plan.

1. Identify a Core Process

The first step is to determine a process that is core to your team or department. Ask questions like “Is this process mature enough to automate?” and “Do I have the support of the team to automate it?”

2. Define the Objective

Automation has many benefits. It can increase ROI, speed to market, and team productivity. Clarify the expectations of your team regarding automation.

3. Build the Workflow

Next, it is time to build the workflow using your workflow automation platform. The general steps are to create a new workflow, assign rules and permissions for each step, publish the workflow, and share it with your team.

4. Team Training

Workflow automation will only succeed if its stakeholders are willing to use it. Share the benefits with process owners, show them what you have built, and encourage feedback.

5. Measure Performance

Automation will not be fully realized unless your business measures the differences it has made to pre-existing processes through reports or data analytics. How has workflow automation impacted your KPIs and ROI? That is the question you want to answer.

How to Choose the Best Workflow Automation Software

There are many choices in the workflow automation market. Some are universally applicable, while others cater to specific needs. No matter your situation, workflow automation software must be flexible, fast, and able to fulfill your specific requirements. Below are the most important features in workflow automation software.

Easy to Use

Seeing as automation is intended to make life easier, the product must be simple to learn and use. Look for a user-friendly interface, no-code solutions, and a drag-and-drop design.

Good Pricing

Some vendors charge thousands of dollars just to install workflow automation software. Consulting and implementation are not included. Say no to those vendors. As with any product purchase, avoid shady pricing models and look for something transparent and predictable. 

Customization

The ability to build custom processes is essential to reap the full benefits of automation. You need software that can manage everything from simple to complex workflows with many steps and decision branches.

Simple Tracking

Without the ability to review a process, you can’t improve it. The best workflow automation software tools provide built-in reporting that allows you to monitor and analyze tasks so you can refine your processes.

 

Workflow Automation with FileCloud

Below are some benefits of FileCloud’s workflow automation.

Excellent ROI

FileCloud’s workflow automation is integrated with all of FileCloud’s other benefits, including enterprise file storage, collaboration, flexible infrastructure (self-hosted, hybrid, or cloud), unmatched security and compliance, and award-winning support. Managers can replace unnecessary subscriptions like Nintex by using an all-in-one solution.

Ease of Use

The drag-and-drop tool enables users to create business workflows of all levels of complexity. Managers can easily create and share customized workflows with their staff to improve productivity, reduce errors, and simplify high-volume tasks. Additionally, it is easy for users to automate their work thanks to our no-code design. 

Real-time Tracking

Administrators and users can track every step of their processes with an intuitive dashboard that shows all running workflows. 

Get more information about FileCloud’s Workflow Automation >>>