Bring-your-own-device (BYOD) policies and an increasingly mobile workforce are putting new pressures on IT and changing the requirements for how workers want (and need) to access corporate data. With millions of users, Consumer Grade File Sync (CGFS) services like Dropbox, Google Drive and Microsoft OneDrive have become the predominant leader for mobile file access. Unfortunately, what works for family pictures and personal files does not work with corporate data files.
Consumer-grade sync services, such as Dropbox or Microsoft OneDrive, empower users to sync their work data and files with their mobile devices, laptops and home PCs, but they can be a recipe for disaster from the perspectives of data privacy, security and compliance.
Below are seven of the biggest risks that these solutions pose in a business environment.
1. Data Theft
Most of the problems with CGFS solutions emanate from a lack of oversight. Business owners are not privy to when an instance is installed, and are unable to control which employee devices can or cannot sync with a corporate PC. Use of CFGS solutions can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.
2. Data loss
Lacking visibility over the movement of files or file versions across end-points, CFGS solutions improperly backup (or do not backup at all) files that were modified on an employee device. If an end-points is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file or any version for that matter.
3. Corrupted Data
In a study by CERN, silent data corruption was observed in 1 out of every 1500 files. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most CGFS solutions don’t implement data integrity assurance systems to ensure that any bit-rot or corrupted data is replaced with a redundant copy of the original.
CGFS solutions give carte blanche power to end-users over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information that can break privacy agreements in place with clients and third parties.
5. Compliance Violations
Since CGFS solutions have loose (or non-existent) file retention and file access controls, you could be setting yourself up for a compliance violation. Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict controls over how long files are kept and who can access them.
6. Loss of Accountability
Without detailed reports and alerts over system-level activity, CGFS solutions can result in loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious admin gains access to the system, hundreds of hours of configuration time can be undone if no alerting system is in place to notify other admins of these changes.
7. Loss of File Access
Consumer-grade solutions don’t track which users and machines touched a file and at which times. This can be a big problem if you’re trying to determine the events leading up to a file’s creation, modification, or deletion. Additionally, many solutions track and associate a small set of file events which can result in a broken access trail if a file is renamed, for example.
Many companies have formal policies or discourage employees from using their own accounts. But while blacklisting common CFGS solutions may curtail the security risks in the short term, employees will ultimately find ways to get around company firewalls.
The best way for business to handle this is to deploy a company-approved application that will allow IT to control the data, yet grants employees the access and functionality they feel they need to be productive wherever they are. With an enterprise-level solution in place, you can focus on user adoption and training employees in the importance of using a compliant, secure file sync service, so they understand why you’ve adopted this product over others. By incorporating enterprise-level data syncing and sharing solutions into your overall data management strategy, you can minimize your organizations security risks without sacrificing employee productivity.