If a tree falls in a forest, and no one hears it, does it make a sound? Or the file sharing equivalent – if an employee uses a free personal file sharing account, and IT doesn’t know about it, does it still present a security risk? You bet it does.
This week’s CIO UK article entitled CIOs: Break security rules to make them better raises an important point that IT needs to get involved with the applications and devices that employees are bringing into the workplace in order to improve security.
IT experimentation with consumer oriented services lets IT see the type of services that employees are looking for but also gives IT firsthand knowledge and experience of the alarming security implications.
Anyone who has signed up for a free dropbox type of account knows how convenient it is for syncing files. At the same time anyone with a sense of information security gets this niggling feeling that something isn’t quite right about the ease of moving files out of the organization.
So if employees are using free personal file sharing accounts for enterprise use and IT doesn’t know about it, does it create a data security and compliance risk? You bet it does. In fact an informal survey of IT folks indicates that in most organizations IT does know that employees are using a variety of free personal file sharing apps.
So what’s a good approach for IT to deal with this? A good first step would be to signup for a free file sharing account and see firsthand not only how easy it is to use but also how easy it is to abuse. Then make it a priority to deploy an enterprise solution for secure file sharing that makes everyone happy. Let us suggest Accellion.