Who Decides What File Sharing Apps Enter Your Network?
According to recent research, it appears that in many companies, the IT department is losing control over what cloud and file sharing apps are deployed.
25 November 2014
It appears that in many companies, the traditional information technology department is losing control over what cloud and other solutions are deployed inside the organization. In fact, many IT execs can’t even see, let alone manage, the file sharing and collaboration solutions proliferating in their own networks.
That was among the findings of recent groundbreaking research from the Ponemon Institute, a security consultancy. The survey, which polled 1,000-plus IT security pros, revealed that:
- Just 54 percent of respondents said their IT departments are involved in adopting new end user technologies (including cloud services).
- More than 26 percent of business applications are being used without IT’s approval or knowledge.
- Only 46 percent of respondents believe the chief information security officer (CISO) and chief information officer (CIO) have ultimate authority and responsibility for securing document collaboration and file sharing activities.
The use of unsanctioned consumer-grade cloud file sharing apps in the enterprise increases the chance of data leakage. It also increases the risk that the company will violate information security policies, and possibly even the legal regulations around information governance.
CIOs and CISOs Losing Grip on Enterprise File Sharing?
Traditionally, IT managers devoted their resources to fighting external threats. However, with the widespread employee adoption of consumer file sync and share (FSS) solutions, the risks are, more than ever, internal, as well. “Data leakage and loss from negligent file sharing is now just as significant a risk as data theft,” stated Larry Ponemon, chairman of the Ponemon Institute.
The Ponemon report is in line with other recent research into the cloud and file sharing habits of organizations. The growth of “shadow IT” (solutions that employees adopt without official IT approval) is a serious threat. In fact, Gigaom research indicated:
- Ninety percent of cloud application usage happens without the company IT department’s approval or knowledge
- Forty-six percent of senior IT professionals believe that data leakage within their companies was caused by ungoverned file sharing applications
Restoring IT Order to the Enterprise
As we can see, frequently, business end users who want to quickly deploy cloud solutions will bypass the CIO and CISO to do so. The way to stop this is to introduce secure, approved solutions that improve user productivity and can be rapidly adopted.
As Ponemon states: “The goal of senior leadership should be to provide appropriate, secure solutions and enforce policies to reduce the risk created by employees’ behaving badly.” Additionally, organizations should create, educate, and enforce information security policies within their organization to uphold security.
Ready to secure your corporate enterprise? There are some good suggestions on how to start here.
Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.