The growth in the use of mobile devices and cloud-based services brings many benefits, including providing workers with greater freedom to work in ways that suit them best. But they also bring many challenges to organizations regarding how corporate data is handled and stored. One particular area of growth in terms of cloud services is file sharing.
There are many options to choose from in terms of cloud file-sharing and storage services, many of which consumers can sign up for themselves and are not sanctioned for use by the organization for which they work. If employees use unsanctioned services for storing and sharing work-related information, that information is therefore out of the purview of the organization, meaning that it loses control and visibility over its data and the audit trail is lost. There is also greater risk that the information could be lost or accessed inappropriately, leading to a security breach.
According to a recent study conducted by the Association of Information and Image Management professionals (AIIM), 30% of respondents are seeing increasing use of unofficial cloud content-management and file-sharing services. However, only 5% have an official cloud-based option provided to them. In terms of policies for the use of consumer-oriented file-sharing services, 45% state that their organization has an official policy, although only 12% state that this policy is enforced. A full 37% state that their organization has no policy whatsoever. The reasons given for the use of such services are firstly the need to share content with project groups, followed by convenience, simplicity, and better mobile access.
In order to control such activity, organizations need not only to develop and enforce policies regarding the use of document-sharing services, but also educate their employees regarding the dangers of using unsanctioned services for file sharing and storing corporate information.
However, given the growing popularity of cloud-based file-sharing services, the best option is for organizations to provide their employees with a secure, centrally managed file-transfer service so that they have visibility over what information is being stored there, as well as who is accessing it.
When providing such a service to employees, there are a number of factors that should be considered. Security must be robust, providing strong authentication and access-control mechanisms, synchronization with the organization’s user directories, and including encryption for all data in transit and stored within the service. Mobile device management capabilities, such as providing the ability to remotely wipe data from devices used to access the service, are an important consideration. The service should enable policies to be determined and managed from a central management console, allowing restrictions to be placed according to context, such as restricting access from insecure networks (for example, WiFi networks offered by hotels) and requiring stronger controls for users looking to share information with those external to the organization. The central management console should also collate all information pertaining to user activity and what data is stored in the service, and this information should be made available as detailed reports and provide the necessary audit trail for compliance purposes.
The use of cloud-based file-sharing services provides many benefits for organizations, not least of which is the ability to reduce costs related to data storage. However, the use of such services can increase the risk of the organization suffering serious security breaches that could lead to financial loss and reputational damage if their use is not handled correctly. Brought fully under the control of the organization, the benefits will far outweigh the risks and will allow its employees the freedom to work in the way that suits them best.