Thursday, 30 October 2014

Data Breaches: Think Before You Share That File

It’s hard to read through the news nowadays without stumbling upon some type of data breach or leak. Recently, Apple’s iCloud service has been in the limelight, following the theft and distribution of celebrities’ private photos.

Apple is not alone. Other file-sync-and-share providers, such as Box and Dropbox, have made headlines for their inadvertent data leaks. These events shine a light on some of these file-sync-and-share services’ shortcomings and beg the question of whether enterprises should be allowing such services in their business operations at all.

Despite those concerns, enterprises are, in fact, using these services, and adoption is on the rise. According to Forrester, approximately 25 percent of the global information workforce use file-sync-and-share services, and this number is up significantly from the figure of 5 percent in 2010. Increasingly, users are turning to cloud-based and mobile file-sync-and-share services, and a large percentage of these tools are not deployed by corporate IT departments.

According to Osterman Research, workers are using these non-approved services to get functionality that is not available in corporate IT-approved services. In fact, a recent Ovum survey of more than 5,000 full-time employees found that unmanaged consumer services are the most commonly used file-sync-and-share services within the enterprise, with 89 percent of respondents admitting to using consumer services. Furthermore, only 9 percent of respondents claimed to be happy with the commercial tools offered by their companies.

With low satisfaction rates like these, it is not hard to understand why users are turning to consumer products. However, the risks may very well outweigh the benefits. As employees implement these services, they are creating security concerns for their data and their businesses.

1. Deficient security and privacy capabilities

Sharing your vacation and wedding photos through a consumer-grade file-sync-and-share service is a far cry from trusting these services with your confidential business assets. The security concerns go beyond just the technology itself and also involve the people using the solutions. Users don’t need to have malicious intentions to cause concern; problems can sometimes be triggered by human error. When an employee uses these consumer-grade services, he gains ownership of the files through his personal account.

A Ponemon Institute study of more than 3,300 office workers in seven countries revealed that 37 percent of respondents used cloud-based file-sharing apps, such as Dropbox of Google Drive, in their places of work. A large percentage of these employees admitted to sharing confidential business information through file-sharing apps without the permission of their employers, putting crucial and classified information at risk.

2. Lack of corporate governance and control over business assets

Organizations’ lack of governance and control over the access rights for the data stored by these services puts businesses at further risk. To put it into perspective, think about what happens when an employee who shared business information via his personal file-sharing account leaves your company. That employee essentially takes precious and confidential assets out of your business’ jurisdiction and potentially into the hands of your competitors and others who could hurt your business.

3. Data locality vis-à-vis government probing

Another high-profile business concern is government control of data. Recent news, such as the U.S. government case against Microsoft, reveals that governments around the world can acquire and control certain data. Data residency and the location of the companies providing the hosting services are crucial elements when it comes to government sovereignty of data. For example, governments in some countries, such as Indonesia, have policies in place that allow them to access data that crosses into their countries’ borders. In order to avoid the government’s prying eyes on your business data, you must evaluate the locations of companies’ headquarters, as well as their data storage locations, and their security and privacy policies before implementing their file-sharing services.

4. The creation of data silos

In addition to security concerns, consumer file-sync-and-share services can also create productivity issues. As previously mentioned, many of these consumer-grade file-sync-and-share services are intuitive, making them easy options for employees to adopt. However, this can quickly lead to the formation of data silos, as some team members use Dropbox, while others use Google Drive, and some use multiple services. For example, in the Ovum survey mentioned above, of the respondents who stated they were using enterprise file-sync-and-share services, 29 percent of them are using three or more different products to get their work done. What starts as an easy way to share documents and collaborate turns into the opposite, with multiple data silos, creating a stumbling block for productivity — and compliance.

The directive is clear: businesses must replace the multitude of consumer services employees are leveraging with solutions that offer the simplicity and usability of familiar products, but with the security that businesses need to keep their assets safe.  

Source:
net-security.org