You shared WHAT?! Employee File Sharing Risks and Strategies


Posted on by Dave Butcher

In year’s gone by, the majority of ad hoc file exchanges happened over email. But as file sizes continue to grow, email administrators are responding by imposing attachment size limitations on senders, recipients, or both. As a result, many employees are turning to cloud-based file-sharing tools to remain productive and share data ranging from presentations and medical images to loan documentation packages, CAD drawings, and other potentially sensitive documents. In fact, a recent Frost and Sullivan survey found that 80 percent of employees admit to using non-approved SaaS applications to get their jobs done.

Much of this activity has flown under the radar of IT. According to a recent Axway study conducted by Ponemon Institute Research, 69 percent of IT professionals are not likely to know whether employees are using unapproved and risky file sharing tools.

The survey of 621 IT professionals, found that nearly 50 percent of respondents considered public cloud sharing tools such as Dropbox, Google Docs and Box unsuitable for business use. And only 11 percent of respondents said they would be likely to know if confidential data was lost or stolen due to a data breach in the public cloud.

While the tools mentioned above provide basic security capabilities, they don’t offer the controls that would ensure regulatory compliance or support most organizations’ existing security policies. Despite risks such as exposure to malware, confidential information leaks and vulnerability to cyber attacks, employees’ quest for productivity continues to drive the Bring-Your-Own-Cloud (BYOC) trend. And this challenge is only going to get worse as most IT professionals agree that file sharing will increase over the next 24 months.

The good news is that there’s a happy medium for both the employee and the IT department. To achieve this balance, there are a couple of important steps organizations should take to securely incorporate consumer file sharing tools.

1.     Create formal, policy-based data-protection rules

It’s critical that organizations create data-protection rules that inform users about the types of information that can and cannot be readily shared externally. Simply ensuring that all employees understand and know how to comply with these rules reduces the risk of unintentional data breach or loss due to unsecured file exchange.

2.     Systematically protect data

Some commercially available file exchange solutions can automatically enforce data protection policies – based on a combination of file type, keywords in subject lines or body text, and/or destination domain. This kind of systematic method for identifying information about to exit the company can protect data by ensuring that the proper authorization and/or encryption are applied before a file can be sent. 

3.     Offer a private cloud alternative

If you find the idea of any information being exchanged through a public-cloud solution terrifying, you can explore an alternative private cloud solution that provides the same functionality without any shared infrastructure or co-mingling of files or data. For especially security-conscious organizations that want to provide employees with an easy-to-use, collaborative cloud-based file exchange capability, this is often the best option.

These are a few simple ideas that can help organizations start to think about how to safely incorporate technology that employees are already using, and will continue to use. The security issues associated with employee use of consumer file sharing tools will continue to present a challenge to IT for the foreseeable future. So when addressing this area ask yourself, what’s your organizations strategy to mitigate these threats, while enabling employee productivity?

 

Dave Butcher, Senior Solution Architect at Axway, will host a peer-to-peer session at RSA on the risks and other strategies of secure employee file sharing in the public cloud.

  • What: “You Shared WHAT?! Risks and Strategies of Securing Employee File Sharing”
  • When: Wednesday, February 26 at 8:00 a.m.  
  • Where: Moscone Center, San Francisco, California

Contributors
Dave Butcher

, Axway

unmanaged devices cloud security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs