Lyft Claims Exec Lifted its Docs, Parked Them in Dropbox, and Drove Off?

The courtroom fight between Uber and its rival Lyft is a potential cautionary tale about mixing personal cloud applications with enterprise class solutions.

13 November 2014

lyft dropbox

The current courtroom fight between Uber and its rival Lyft is a potential cautionary tale about mixing personal cloud applications with enterprise class solutions. I think this example underscores just how easy it is for any company employee — or executive — to walk away with sensitive data while he or she jumps to a new job, using an online file sync and share (FSS) solution.

In this instance, Lyft claims that its former chief operating officer, Travis VanderZanden, placed some of Lyft’s “most sensitive documents” in a personal Dropbox account before he left the firm last August. In October, VanderZanden joined competitor Uber as vice president of international growth — bringing with him that key Lyft data, according to court papers, and as reported in Fortune.

We won’t know the details of what actually happened until the court case is resolved. But I will mention that VanderZanden has admitted he used Dropbox as a work platform with other employees. (This is not always a best practice, as surveys about cloud services indicate — please click here, or here.) Fortune even cites one of VanderZanden’s tweets, which states: “Like many other early employees at Lyft, I used my personal Dropbox to collaborate on files.”

High Profile Case of Data Bleed?

But if Lyft’s charge is valid, this offers us (apparently) a very-high profile example of FSS-enabled data hemorrhaging. Today, data leaks are perhaps likelier to occur then ever before. All too often, corporate employees adopt these FSS applications and services — without official approval from the information technology department.

Frequently, IT and security managers lack the ability to either monitor or police these services. This makes it relatively easy for an employee to parachute vital proprietary company data into an FSS account — and retrieve these materials later.

The invasion of cloud applications into the enterprise is a major threat, according to current research conducted by the Ponemon Institute, a security consultancy firm. In fact, Ponemon’s poll of 1,000 IT security pros revealed 49 percent of them believe their companies lack clear visibility into their employees’ deployment of file sharing applications.

Uber Protection for Your Data

We need a radically new approach to protecting valuable data. Information Rights Management (IRM) technology is one answer. Essentially, IRM makes the content itself — each document — the security perimeter. The documents are locked down through fine-grained rights management and encryption. So unless the company itself continues to grant access rights, the files are encrypted and safe. Even after access has been granted, it’s possible to “unshare” files – which might have been a potential lifesaver in the Lyft-Uber case.

Daren Glenister

Daren Glenister

Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.