"You’re fired!" is a line we only really expect to hear from Alan Sugar these days, and even then, only for entertainment. Yet recent research reveals that file sync and share challenges could be putting UK employees at risk of hearing these words, or at the very least, of receiving a written warning.
It’s a familiar situation for most employees working in office environments -- you have some urgent files that need to be sent to a customer or partner on a tight deadline. The files are too big to be emailed and the person administrating the FTP-Server is, of course, on holiday. Being a hands-on, solution-oriented employee who is well versed with modern technology, you decide to share the files through a cloud-based file sharing solution like Dropbox or Box. With the job done and the customer happy, you might be expecting a pat on the back as a reward not a written warning, or even worse, a letter of termination, but that is the hidden reality for most UK employees.
It sounds unlikely but as companies tighten their guidelines on public cloud usage, following a series of serious security breaches, it is becoming a necessity for companies wanting control and visibility of their data. Recent research showed that 22 percent of UK firms would instantly dismiss staff for using the public cloud for their duties while 40 percent would issue a written warning and 26 percent a verbal one.
But who is to the blame? The employee might be ignoring the potential risks of using a public cloud service (33 percent of UK companies have banned staff from using the public cloud entirely) or might simply be unaware of them -- (59 percent of UK companies have not even added guidelines to a staff manual). Conversely, the company’s IT might be at the root of the problem if it does not provide the necessary tools for employees to do their job.
The consumerization of IT has been a visible trend in recent years as consumers expect their work environment to be just as easy to use as their personal environment. Consumer file sync and share solutions such as Dropbox have become commonplace and are installed on most devices, from mobiles to laptops. Those services are very useful for sharing personal data with friends and family but are a problem for the IT department, as employees share their corporate files using their personal cloud services and don’t fully understand the risks attached. Pun intended.
Rather than firing staff or sending out written warnings, companies must do a better job warning their employees about the risks of sharing sensitive files and offer solutions that are equally easy to use, but are controlled by the IT department.
Why are public cloud services a risk when sharing data?
The vast majority (91 percent) of IT decision makers believe that sharing sensitive data in the public cloud poses some level of risk:
- Location: Dropbox and other services are using data centers around the world to physically save their user’s data. But the user does not know the location of where the data is saved. It is even likely that the data is backed up and synched at additional data centers elsewhere. In highly regulated markets, such as finance, insurance, health, and pharmaceuticals, hosting personally identifiable information on public cloud services may violate regulations. In regions with tight data sovereignty regulations, such as the EU, this means that public cloud solutions aren’t even a legally viable solution in many countries.
- Security: Dropbox and other services have very limited security features compared to enterprise file sync and share solutions and it’s impossible to know whether data has been shared with or accessed by the wrong party, which increases risk of insider threats and data theft.
- Data Loss: Public cloud services have been known to lose customer files -- or fail to back them up at all -- meaning that employees run the risk of permanently losing company files, with no way for the IT department to recover them. Even outages could mean company data on the public cloud services is not accessible at the time it is needed.
- Compliance: Many industries have compliance regulations, which dictate that certain files have limited access or remain encrypted during transfer. So, with public cloud services, there is an increased risk that employees are unknowingly violating their company’s compliance requirements.
In order to start to control which employee devices are able to sync with a corporate computer, 36 percent of businesses now have tracking tools in place to monitor their employee’s activity via these platforms. It might be tempting to use public cloud services, but the danger of getting caught is getting higher.
Can Private Cloud Solve the Problem?
File Sync and Share solutions are available to give employees the tools they need to share files securely and within their company’s compliance guidelines. However, some solutions are often complex to deploy, time-sensitive to administer and expensive, especially for SMBs on a tighter budget than enterprises. An alternative to the insecure public cloud and complex and costly EFSS solutions are private cloud solutions that offer the same features employees are used to, but with extended security. One of the advantages: the IT department knows exactly where the data is saved -- in the company’s own datacenter and within its firewall.
While Dropbox and other online file sharing tools are sufficient for sending personal files, these systems simply aren’t capable of securely managing corporate file transfers. There’s certainly a demand among employees for reliable, user-friendly file transfer options, and IT departments should look to meet this need by providing employees with a highly secure alternative, such as Managed File Transfer (MFT) solutions.
Employee behavior cannot be changed overnight. The right way to keep data safe is to give employees the work tools they need.
Private cloud solutions eliminate the temptation to use unauthorized public cloud solutions that could put sensitive business information at risk and enable companies to take full responsibility by protecting their sensitive data whilst enabling their employees to do their jobs as efficiently as possible, without running the risk of getting fired for doing their job.
Geraldine Osman, VP International Marketing at Connected Data
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Photo Credit: Africa Studio/Shutterstock