The Problem:
Most organisations in the UK over the last view years have taken a fairly relaxed approach to consumer-grade sync solutions. Consumer grade sync solutions like Dropbox, Box, Google Drive, Skydrive and iCloud to name the top ones.
Unfortunately a lot of IT support companies are only just ‘switching on’ to the fact that this is a huge risk and actually a security breach on your business… here’s why.
If a user using Dropbox or Google Drive, etc. on their work machine and is then syncing their files to their iPhone, tablet or laptop, it doesn’t take more than this to seriously put your company data in a vulnerable state.
Consider this, small common mishaps happen, such as an employee losing their iPhone for example, there is no lock enabled (which is very common), the password on Dropbox is saved (again very common). If picked up by someone else other than the relative employee at your company would potentially put large amounts and often critical pieces of corporate data in a compromised state.
Another example, Employee departures, voluntary or not again put your data at risk if these consumer-grade sync solutions are being used. There are loads of stories of organisations who have sacked an employee and seized their devices only to find out that user was syncing their entire work folder to a home PC with Dropbox or the like. This poses a massive problem as sacked employees don’t often return phone calls or emails, etc. And taking legal action to reclaim your compromised data is expensive.
What can you do?
Begin to weed out data leakage risk. This can be done in conjunction with your local IT services company or managed services provider or if you have internal IT staff they can begin to take measures to do this.
What we recommend?
We don’t recommend taking a hard-core ‘lock down’ methodology as this often creates an unwanted culture in the office place. What you can do is start by weeding out the most risky applications and data leakage risks. If you block such applications like Dropbox, Google Drive, Box and Skydrive at the firewall users will not return to using them.
Application management at the network level, like access controls and content filtering, should be a standard component in any managed security offering by your IT services provider.
Once these dangerous consumer-grade sync solutions are blocked at the firewall than you can begin to replace them with business-grade sync solutions that have the additional security and control features you must have.
Thanks
No comments:
Post a Comment