The data privacy and security risks associated with consumer grade cloud services have long been a thorn in the side of IT security professionals. Attempting to use the services they have become familiar with at home, employees open up security holes, transfer data outside the organization and introduce hidden threats.
Initially the solution was simple: block any non-enterprise software installations and firewall out the most common programs. It wasn’t complicated to do, and upper-level management was happy, convinced that email was slow because the intern was trying to download movies on his lunch-break.
Things have changed. Cloud services, including file sharing, have been democratized by consumer services like Dropbox. The C-suite has pressured IT Departments to implement BYOD policies so that they can use the smartphone and laptop of their choice. With these new devices, comes the expectation that they will have access to the consumer grade services they use at home to share files, watch videos, and stay in touch with family. The most popular consumer software and applications are widely used for a reason. They are convenient, free and boast user interfaces that even the most tech-challenged grandparent can understand.
So when the Vice President of Marketing can’t email a PSD file to proof because it is too large, they don’t phone IT for assistance. They already have a solution in mind – the same one they use at home. It is simple, it works, they already have an account and know how to use the product.
The issue of course is the security and legal risks associated with the use of some of the more popular consumer file sharing services. Risks can include:
- Data being uploaded and stored without first being encrypted
- No Service Level Agreement to guarantee uptime or retrievability of data
- Default settings that can cause users to overshare, possibly making confidential documents available to the public
These are not concerns for most consumers. The benefits of a free, easy to use file sharing service outweigh the possible loss of data or privacy. However, in the case of the Enterprise, these are very real risks.
The days of simply blocking consumer cloud services without consequence are at an end. Employees at all levels are now aware of how convienent it can be to share and collaborate on large documents, and expect to be able to do so both at home and work. IT departments must respond to this shift in stakeholder sophistication and adapt accordingly. Doing so involves three main steps:
- Educate: Regularly update employees on the risks of unsecured data and using consumer grade services and software
- Update: Let employees know explicitly which consumer grade services and software are blocked or contravene company policy. Unless explicitly highlighted, employees may not understand that they are using a service that is indeed off limits.
- Alternate: Provide secure, enterprise-grade solutions that address the reasons employees migrate to non-sanctioned cloud services in the first place. Providing an alternative – even superior – platform will help ensure that they do not simply circumvent the safeguards you have put in place.
Recognize that employees genuinely want to do their jobs. Their use of consumer cloud solutions is an attempt at being more effecient and effective. Providing a solution that can be used across the organization, instead of on an adhoc basis, is a win-win.
How is your organization managing the use of consumer software in the workplace? Let us know in the comments section below.