The reality is that employees could be putting their careers in jeopardy by using public cloud services at work. Recent research has revealed that challenges accessing and sharing information via mobile devices has resulted in unsanctioned use of the public cloud in the workplace. This is not only putting company data at risk, but employees could be breaching company policies and putting their own career on the line.
It’s a familiar situation for most employees working in office environments - you have some urgent files that need to be sent to a customer or partner on a tight deadline. The files are too big to be emailed and the person administrating the FTP-Server is, of course, on holiday. Being a hands-on, solution-oriented employee who is well versed with modern technology, you decide to share the files through a cloud-based file sharing solution like Dropbox or Box. With the job done and the customer happy, you might be expecting a pat on the back as a reward not a written warning, or even worse, a letter of termination, but that is the hidden reality for most UK employees.
It sounds unlikely but as companies tighten their guidelines on public cloud usage, following a series of serious security breaches, it is becoming a necessity for companies wanting control and visibility of their data. Recent research showed that 22 % of UK firms would instantly dismiss staff for using the public cloud for their duties while 40 % would issue a written warning and 26% a verbal one. But who is to the blame? The employee might be ignoring the potential risks of using a public cloud service (33% of UK companies have banned staff from using the public cloud entirely) or might simply be unaware of them - (59% of UK companies have not even added guidelines to a staff manual). Conversely, the company’s IT might be at the root of the problem if it does not provide the necessary tools for employees to do their job.
The ‘consumerisation of IT’ has been a visible trend in recent years as consumers expect their work environment to be just as easy to use as their personal environment. Consumer file sync and share solutions such as Dropbox have become commonplace and are installed on most devices, from mobiles to laptops. Those services are very useful for sharing personal data with friends and family but are a problem for the IT department, as employees share their corporate files using their personal cloud services and don’t fully understand the risks attached. Pun intended. Rather than firing staff or sending out written warnings, companies must do a better job warning their employees about the risks of sharing sensitive files and offer solutions that are equally easy to use, but are controlled by the IT department.
Why are public cloud services a risk when sharing data?
The vast majority (91%) of IT decision makers believe that sharing sensitive data in the public cloud poses some level of risk:
- Location: Dropbox and other services are using data centres around the world to physically save their user’s data. But the user does not know the location of where the data is saved. It is even likely that the data is backed up and synched at additional data centres elsewhere. In highly regulated markets, such as finance, insurance, health, and pharmaceuticals, hosting personally identifiable information on public cloud services may violate regulations. In regions with tight data sovereignty regulations, such as the EU, this means that public cloud solutions aren’t even a legally viable solution in many countries.
- Security: Dropbox and other services have very limited security features compared to enterprise file sync and share solutions and it’s impossible to know whether data has been shared with or accessed by the wrong party, which increases risk of insider threats and data theft.
- Data Loss: Public cloud services have been known to lose customer files – or fail to back them up at all – meaning that employees run the risk of permanently losing company files, with no way for the IT department to recover them. Even outages could mean company data on the public cloud services is not accessible at the time it is needed.
- Compliance: Many industries have compliance regulations, which dictate that certain files have limited access or remain encrypted during transfer. So, with public cloud services, there is an increased risk that employees are unknowingly violating their company’s compliance requirements.
How to solve the problem
File Sync and Share solutions are available to give employees the tools they need to share files securely and within their company’s compliance guidelines. However, some solutions are often complex to deploy, time-sensitive to administer and expensive, especially for SMBs on a tighter budget than enterprises. An alternative to the unsecure public cloud and complex and costly EFSS solutions are private cloud solutions that offer the same features employees are used to, but with extended security. One of the advantages: The IT department knows exactly where the data is saved - in the company’s own datacentre and within its firewall.
While Dropbox and other online file sharing tools are sufficient for sending personal files, these systems simply aren’t capable of securely managing corporate file transfers. There’s certainly a demand among employees for reliable, user-friendly file transfer options, and IT departments should look to meet this need by providing employees with a highly secure alternative, such as Managed File Transfer (MFT) solutions.
Employee behaviour cannot be changed overnight. The right way to keep data safe is to give employees the work tools they need. By investing in private cloud solutions, organisations are able to reduce the risk of putting sensitive business data on unauthorised public platforms, thereby ensuring the protection of the company’s important information. The use of private cloud will still allow employees to carry out their jobs effectively offering the same benefits of popular public cloud services, whilst preventing them from breaching company polices and getting fired.
By Geraldine Osman, VP International Marketing, Connected Data