Bans fail to prevent data leakage
TeamDrive is warning about the serious security risks being run by companies that ban document and file sharing services, such as Google Drive and Dropbox, without providing an encryption-based alternative.
According to the 1,300 respondents to a survey conducted by storage firm Nasuni, one in five employees is using Dropbox. What is more worrying is that 49 percent of users ignore corporate policies and use the service regardless.
This implies that the perceived benefits of having an unmanaged, unmonitored and unsupported element in business IT overrides any sense of responsibility. TeamDrive recommends accepting the irresistible trend by embracing it within a secure and manageable system such as its own.
Departments most likely to use file synchronizing services are IT, sales, finance and engineering – the latter three being sectors likely to have access to extremely business-sensitive data. Users around these departments are just as likely to be senior management as rank and file workers.
In May 2012, IBM was so concerned about the growing use of cloud file synchronization services that it banned its staff from using Dropbox and Apple’s iCloud. It is likely that others will follow suit but the growing use of Bring Your Own Device (BYOD) strategies makes enforcement difficult, if not impossible.
Many of the services available seem to be secure because they use encryption between the user and the service but this protection is stripped away at the receiving end and the files are stored by the service provider in the clear. If a hacker, or even a rogue employee of the storage firm, gains access to a cloud drive, it could be costly if sensitive documents are being passed through the service.
Even when documents are encrypted at rest in the cloud, the providers, such as Dropbox, use a single key held in their system to unlock files as they are accessed by the document’s owners or their sanctioned colleagues.