‘Security is your responsibility’
Employees sharing personal and private data internally and externally is a constant stress area for security teams and IT operators in today dynamic organizational set ups. The proper tools and technology are necessary to make collaboration as seamless as possible, both internally and externally without sidestepping data security.
Encouraging Collaboration While Discouraging Shadow IT
Ask any manager or any worker what they consider a crucial aspect of a healthy workplace, and you will for sure hear the word collaboration, or its synonym: team work.
And why not! Team work is essential to a happy, functional office, and increasing collaboration should always be a priority. With the advent of cloud computing and platform as a service, it gets easier to collaborate every day.
But unfortunately, there is a downside to all this. Without the proper precautions in place, an open, collaborative environment can also be an insecure one— especially where sensitive data is involved. And it’s import ant to note that sensitive data doesn’t just mean things like credit card numbers and medical data anymore. We are living in the age of the GD PR and other data protection legislation like the new California Consumer Privacy Act of 2018. Therefore, even sales spreadsheet that includes phone numbers and email addresses can cause massive compliance issues, fines, and security problems, if handled improperly.
With that said, it should be a given that IT wants to make sure everyone can collaborate effectively to get the job done as quickly and effectively as possible. But unfortunately, other departments don’t always see it this way. Too often, OT can be seen as a bottleneck for collaboration or productivity which causes employees to turn to shadow IT to achieve their goals.
For that reason, there needs to be a happy and secure balance which it comes to collaboration. End users always favor the tools they are most comfortable using. If it isn’t careful, however, these tools may pose a huge risk to the security of business data. For instance, one of the biggest menaces when it comes to shadow IT is enterprise file sync and share (EFSS).
EFSS is one of the most popular types of file sharing tools, but there is a dark side to allowing these tools to flourish in the workplace.
What Data Says About Ad Hoc File Sharing
The term “Ad Hoc” is Latin and means “for this.” The term has evolved to mean something created for the moment in an unplanned way. Left to make the decision for themselves, most end users would choose an ad hoc means of sharing data or documents with peers, customers and partners. They tend to choose the tools they are familiar with such as email, Drop box or Google Drive. They tend not to think about the potential security implications of these choices.
As an IT professional, you should be aware of the security and compliance risks associated with Ad hoc file sharing tools. You also need to make sure that the collaboration tools available to your end user s are as convenient and easy-to-use as email and EFSS.
Why Do Businesses need to Limit or Replace EFSS?
FSS tools are great. Let’s not take away how much EFSS has changed the way people collaborate and share content. It has helped bring cloud storage mainstream, but these tools were designed for personal use, and the corporate use cases were not completely understood at the time of EFSS’s conception. If you consider the security risks involved with end users sharing sensitive data via E FSS, it quickly becomes apparent that a secure alternative is required. Users must be trained to recognize the risk to the company of sharing sensitive data using tools that are not adequately secure or controlled. They then need to be offered a secure collaboration tool to use in cases where the data being shared is proprietary, confidential or controlled by industry regulations.
Ironically, if your organization decided to outright ban Drop box or Google Drive, you run the gambit of alienating employees and increasing shadow IT within your business. It’s a double-edged sword. Instead, IT team s should look to limit the use of E FSS and email to moving large non-sensitive files quickly. An example of a great EFSS use case that doesn’t compromise security is marketing materials, such as images and video. But the problem persists that IT can’t properly control and monitor data sent to outside sources via E FSS and email.
EFSS and Email are Non-Compliant
In many industries, IT teams are forced by regulatory compliance to control and report on exactly who is sharing what data with whom. You would be hard pressed to find a company that didn’t have to meet some form of regulatory compliance. Many of these organizations have already turned to Managed File Transfer as the preferred means of sharing sensitive data. And to provide a similar level of ease of use to end user s as available from tools like email, Dropbox or Google Drive, they rely on Secure Folder Sharing for secure collaboration.
Managed file transfer is a tool that allows the encrypted movement of files and folders across the wire and at rest. A proper MFT solution includes security controls for data in transit as well as visibility to document sharing activities and an audit trail showing the movement of sensitive data.
Can Managed File Transfer Support Collaboration?
So, we’ve established the security risks incurred when users collaborate without proper security precautions, but that doesn’t mean we want to curb collaboration out right. So how can you create a secure culture without tying your worker hands with restrictive policies?
The answer is a mix of employee training and finding the right tools for the job. Let’s start with the training bit. Where sensitive data is concerned, consumer -grade file-sharing solutions simply won’t do. You need a Managed File Transfer tool which can secure your data, with end-to-end encryption in transit and at rest, as well as access controls and audit trails that allow you to manage exactly who is allowed to access and transfer sensitive data.
By: Alessandro Porro, Senior Vice President, Ipswitch