IT: Have Visibility into Employee File Sharing? If not, You’re at Risk  

New research confirms that organizations have poor visibility into which file sharing applications are being used in the enterprise to share information.

20 October 2014


In the enterprise, the way work is done has shifted dramatically. Employees are using multiple devices, working remotely, and sharing critical information beyond the firewall. To complete projects quickly, employees may, all too often, hastily use consumer-grade file sharing tools. And in many instances, the IT department is unaware that this is happening.

Just like malicious activity (such as cyber-attacks) may cause data leakage, insecure file sharing and collaboration is a major threat, too. And the rise of shadow IT, coupled with an increasingly regulatory environment, has deeply impacted information security and governance.

The truth is, many organizations today can’t see which file sharing applications are being used to store and share sensitive business information.

Are You in Danger?

New research, fielded by the Ponemon Institute, illustrates the connection between organizational and individual employee behavior when using consumer file sharing applications. (Ponemon surveyed more than 1,000 IT security professionals from the United States, United Kingdom and Germany; most respondents are supervisors or above.)

Analysts evaluated the security threat from unsanctioned file sharing, and their research shows that business leaders are not responding to the in-house risk of ungoverned file sharing practices.

Major Security Gaps in the Enterprise

The research reveals that file sharing issues make enterprises vulnerable to data loss and compliance violations. Additionally, the research confirms that employees are behaving badly and often violating IT or regulatory policies get work completed faster.

Here are a few of the startling findings:

  • Forty-nine percent of respondents do not agree or are unsure they have clear visibility into employees’ use of file sharing/file sync and share applications.
  • Half of respondents do not agree or are unsure their organizations have the ability to manage and control user access to sensitive documents and how they are shared.
  • The majority of organizations have policies governing the use of file sharing, but policies are not being communicated to employees effectively.

More alarming, approximately 61 percent of respondents confessed that they have “often or frequently” done the following:

  • Shared files through unencrypted email
  • Did not delete confidential documents or files as required by policies.
  • Accidentally forwarded files or documents to individuals not authorized to see them.
  • Used their personal file-sharing/file sync-and-share apps in the workplace.

The findings of this research show that companies today have few provisions in place to protect data.

Information security leaders need to regain control of their information. To reduce the risk of data loss and keep information compliant, organizations need to effectively establish and enforce policies, processes, governance, and technology solutions to reduce the risk of inadequate file sharing practices. The report written by the Ponemon Institute, “Breaking Bad: The Risk of Insecure File Sharing” will be available for download soon. Stay tuned to our blog for more highlights and guidelines for how to protect your information.