How to safely share data

Posted onAuthorStephan Stadlbauer

Table Of Contents

Sharing data (documents, images, databases,…) to internal and external users/collaborators is a very common task we do every day. Safely sharing is not always necessary, but usually suggested.

When is it necessary to share safely?

The following data needs to be shared safely:

  • Documents/data containing personal data (e.g. CVs, passports, addresses, grades, …)
  • Financial data (e.g. credit card and account numbers,…)
  • Any other data, which is not “public available” data
Sharing documents via email to external recipients is NOT safe!
Unfortunately, sending documents/some data as an email or email attachment is not a safe way to share documents/data. The communication between the mail-servers can be un-encrypted, so any “Man-in-the-Middle” might be able to read the email and attachments.

Internal emails are usually fine, as those do not leave IST servers, but email has still some size limitations, and sending data to the wrong recipient can happen very easily. (Calling back an email does not work reliably with every mail-client, and the recipient can always deny such a callback action!)

Sharing data within a research group/team/unit/division

Sharing within an internal group, where everyone shall have access to the data and has access to a common storage-system is the easiest case – it’s suggested to just put the data onto the common storage-system.

Work on the group-drive
We suggest to work on the group- or department-drive if possible. This ensures, your data is accessible from others (e.g. your supervisor) and regularly backed up.

Depending on the data and the group of people you want to share the data with, the common storage system can be the main fileserver (istsmb3), the archive (archive3), Staff data (nas02) or the cluster storage. Some groups/teams may have other shares/systems, too.

Why are these options safe?

To access any of the above storage systems, users need to be logged in on their computer with a working ISTusername/ISTpassword and from externally VPN needs to be initiated first. Alternatively, users may also user out Remote Desktop Connection to access their data.

Using the ISTCloud (seafile.ist.ac.at)

The suggested way to share data externally but also internally – especially if the users you want to share data with are from different groups/teams – is our ISTCloud.

Safely sharing internally with ISTCloud

To share a file internally, you should send the “Internal Link”. You just hover over a folder or filename, and a “link” symbol appears.

You can now share this “Internal link” and everyone clicking on this needs to be first authenticated in Seafile, i.e. needs a current active account from IST.

Also required is, that the person has at lease “read permission” to the file/folder. This can be done by clicking the “Share” symbol, and configure either “Share to user” or “Share to group”.

IST users and groups are not synced automatically.
If you cannot find a user in Seafile, please ask the person to login at least once to the ISTCloud – then the account has been created. Groups in Seafile are not synced from ICP, but are groups which can be maintained by all Seafile users by themselves.

Safely sharing data with externals

Sharing data/documents to externals can be done very easily with our ISTCloud, just use the same “Share” icon, but this time use “Share Link”:

If your data is not sensible at all, you can just “Generate” a link, and send this link to anyone who should have access to the date. It’s still suggested to “Add auto expiration” so you do not forget that you’ve the data/document shared.

If your data contains personal data or any other sensible data, please add a password. Of course, you would not add the password to the email you send the link with, but communicate the password via an alternative way. This could be: SMS, Phonecall, Chat or a different email address.

This ensures, that just forwarding the email (which could happen unintended) does not allow access to your data/documents.