Maintaining Compliance in a Demanding Work Environment
The use of ungoverned consumer-grade cloud file sharing apps risks violation of information security policies, data loss, and non-compliance.
1 December 2014
For most of us in today’s enterprise, a typical work day may consist of multiple emails, meetings (both on and off-site), ad-hoc sharing, projects with external vendors, and working on-the-go.
To be efficient, teams need to be able to share information quickly and easily. But to ensure that all information shared is protected, information technology and security teams must work to keep content secure, controlled, and compliant.
To accomplish the latter, IT teams must assess risks often and report back to compliance groups to ensure that corporate requirements are met. However, this isn’t an easy task given all of the prevalent risks — such as data theft, shadow IT, and negligent file sharing — running rampant in organizations today. Ninety percent of cloud and file sharing application usage happens without the company IT department’s approval or knowledge, says research from Gigaom.
Furthermore, employees are often negligent when it comes to data sharing and collaboration. In a separate study by the Ponemon Institute, more than 60 percent of IT and IT security practitioners said they have often or frequently:
- Used personal file sharing or file sync and share (FSS) apps in work
- Sent unencrypted emails
- Failed to delete documents as policies required
- Accidentally shared information with unauthorized individuals
The Compliance Risks of Unsecure Sharing
Further insights from the Ponemon Institute reveal that IT executives don’t have visibility into the file sharing services used by their employees, which makes managing and monitoring these applications impossible. Some of the key findings include:
- Sixty-four percent of respondents say their companies are in the dark when it comes to if their organization’s file sharing activities are in compliance with laws and regulations.
- About half are unsure or do not agree that their organizations have governance and security practices in place.
- Only 48 percent have a clear policy for the adoption and use of cloud-based file sharing and FSS applications.
- Just 56 percent train and educate employees annually on the risks of data leaks and theft.
- Fifty percent do not agree or are unsure if their organizations have the ability to manage and control user access to sensitive documents and how they are shared.
The use of consumer-grade cloud file sharing apps under the IT radar risks violation of information security policies, data loss, and non-compliance.
IT managers and security executives can avoid putting their company’s information and compliance at risk by having a stronger grip on the file sharing within their organizations.
Keeping Information Safe and Compliant
To keep your intellectual property and information safe, you need to maintain a secure sharing environment. Find an adoptable enterprise collaboration solution with a vendor that has experience working with regulated industries. The solution you pick should be able to support the following capabilities: access, retention and destruction management, future-proofing (to stay current with industry regulations), Information Rights Management (IRM), granular audit and compliance capabilities, and reporting at the file level.
If you don't already have one, you should also create a strong information security policy that's enforceable. Make sure to train staff regularly on the risks of unsecure sharing, and perform audits and assessments often to ensure compliance.
Want to learn more about how you can keep your information safe and compliant? Check out the Ponemon Institute's “Breaking Bad: The Risk of Unsecure File Sharing” report.
Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.