Saying ‘No’ to Consumer File Sync and Share Tools for Business
The tools you want to use versus the tools your company provides. Here are the risks of using consumer file sync and share tools for sharing business data.
24 September 2015
The tools you want to use versus the tools your company provides. Ask nearly anyone if their company allows them to use any tool that they want to get their work done (digital or otherwise) and you will almost certainly get a resounding ‘No’ as the response.
As the average consumer has become more tech saavy over the last several years, and access to technology has become infinitely more accessible and affordable, the enterprise has seen the dawn of ‘Shadow IT.’ Corporate workers are introduced to tools in their everyday lives that help them remember all of their passwords, manage to-do lists, and share photos easily with Grandma. If these tools are easy, cheap, and ‘get the job done,’ some employees may look to use these consumer file sync and share tools to get their business work done as well. Even if the messages of ‘corporate policies,’ ‘officially sanctioned,’ and ‘information security’ are delivered by enterprise IT leaders, inevitably, people just want to get their job done and most will attempt to use a tool that they feel helps them do that the fastest … even if it is not ‘IT Approved.’
Many workers don’t understand, if consumer/freemium tools are good enough for their personal information then surely they must be ok for their business? An article from Business Insider, “China's slow internet may be to blame for the biggest hack in the history of Apple's App Store” recently reminded me of the importance of the CISO’s and CIO’s continuing need to bridge the gap between productivity and information security. Contrary to what many employees may think, IT is not always denying requests to approve new tools merely due to budget constraints or ‘just because.’ When it comes to selecting a software tool for the enterprise, one of the key factors should be vetting the vendors themselves.
Here are just a few questions to consider when vetting vendors:
- What are the vendors own security practices around software development?
- What screening techniques do they use during their hiring process?
- Does the vendor have a dedicated security and quality control team in-house?
Most enterprise class software vendors today have positive and thorough answers for these questions. The same cannot necessarily be said for the multitude of freemium apps one may find in their favorite consumer app store. Had a company like WeChat, one of the apps negatively impacted by the attack referenced in the above article, had more stringent development processes in place, their customers may not be at risk today. Then again, consider their target market … WeChat has written an app with the goal of allowing users to, “… chat with your friends instantly via voice messages, texts, or images. You can also create group chats to chat with several friends together.” Given their focus on consumers and their friends, should anyone expect them to be putting their software through the same rigors as the Chief Information Security Officer of a Global 1000 corporation?
When you work in the enterprise IT space, it’s sometimes hard to imagine that these types of consumer tools, such as a chat app, are actually used for business. I had the privilege of visiting with some customers in Japan earlier this year, some of the world’s largest financial institutions. I was shocked to hear one senior IT director talking about their information security practices for their investment banking business comment that they often have to counsel their own customers who ask to have highly sensitive documents related to a deal sent over a consumer IM tool. These risks are real and could easily cause data loss for your company – simply because the developer of your consumer app did not have the enterprise in mind when they created it.
It’s best to work collaboratively with your company’s IT and security group. They can find tools for you that are safe, secure, and easy to use for your needs. Keep in mind the next time you see a highly rated consumer app on your phone, it may be more trouble than it’s worth.
Todd Partridge is Vice President, Product Marketing at Intralinks. He has broad industry experience in the enterprise information management (EIM) space, with deep expertise in all trends and technologies related to information governance, enterprise content management, document management, web content management, business intelligence, team collaboration, e-mail management, and enterprise records management practices. In his previous role at OpenText, Todd held several global positions ranging from sales, marketing, product management, positioning and strategy.