CEO and Founder of SysCloud, Vijay was previously a Marketing Executive for the RAID division at LSI Logic K.K.
It’s never been easier to share information on the Web, and the workflows and habits formed through the use of consumer applications has led users to expect the same ease of use and control over data in their professions.
From the versatile collaboration options of Google Drive (which has surpassed 190 million monthly active users) to the ease of sending files via Dropbox to niche collaboration tools for the enterprise, there are a plethora of sharing tools that fit the needs of nearly every user.
However, modern collaboration within the enterprise is a double-edged sword. As sharing data gets easier, users subject themselves to greater information security risks. Organizations, from small businesses to global enterprises, are particularly susceptible to these security crises, as demonstrated by the multitude of high-profile information hacks and data compromises in the past few months alone. This vulnerability isn’t limited to malicious, Target-sized attacks - something as simple as an accidental typo on an email address can lead to major complications due to the unintentional disclosure of sensitive information.
So, when do the risks of sharing information over the Web outweigh the costs? Before examining what companies can do to prevent collaboration security breaches, it’s important to understand the advantages and potential pitfalls of data sharing in organizations.
The Good, The Bad, The Ugly
The largest benefit to data sharing is frictionless collaboration, and this seamless sharing has obvious advantages for organizations. Data sharing and access has become frictionless through streamlined workflows that let users make broad changes and share folders of documents instantly. This efficiency of cloud-based collaboration suites has lead to increased productivity by employees and accelerated the ability to leverage tools globally from any device. Files stored on Google Drive, for example, can be accessed from phones, tablets, personal laptops and work desktops under a single sign-in.
However, this advantage is also collaboration’s biggest downfall. With an abundance of devices used both inside and outside the workplace, the task of securing data has become more difficult. Individuals are surrounded by consumer apps they use in their personal lives which are highly focused on connecting and sharing with friends, family and the public. These applications put total control in the hands of the user through interfaces that prominently display the ability to connect and share, and users expect access to these same applications in the workplace (often without regard to security standards). Combined with the ability to BYOD, organizational networks are potentially exposed to a multitude of external threats.
Aside from device risks, the online component file sharing afforded by frictionless collaboration also poses a problem for organizations. Collaboration tools have put the control to make broad changes to data access and the deletion of documents in the hands of users, placing a data exposure or loss just a click away. Features like type ahead search, which makes it easy to add accounts to a sharing list or suggestions on who should be included on an email, only increase the likelihood of accidental changes being made or that data breaches and loss will accidentally occur.
What Organizations Can Do?
So, what can businesses do? The seemingly obvious answer is to shut down external collaboration and place strict controls on data sharing within an organization. However, the efficiency of collaboration cannot happen in a walled garden, users have legitimate needs to share data with clients, vendors and partners which is critical to business operations.
Additionally, this approach often backfires and creates “shadow IT” services, or information technology services that operate outside the oversight of an organization. Though this gives users the free reign they often crave, shadow IT isn’t subject to the same organizational security standards and can undermine the organization’s existing security measures.
Despite external threats, collaboration is necessary in today’s work environment and there are steps businesses can take to minimize security risks. These include:
Education. Outline collaboration policies and ensure all users are educated on the organization’s policies, proper sharing processes and authorized tools for use.
Classification. Classify data into multiple types, including sensitive and confidential, internal and public. Based on this classification, advise users which documents are appropriate to share both inside and outside the organization.
Application Evaluation. Evaluate applications to ensure they provide a security framework for collaboration and sharing at an administrator level that allows for granular level control and auditing. To meet internal security policies and compliance requirements third-party applications should be integrated to overlay and fill any gaps to meet an organization's specific collaboration policies.
Control Without Interference. Security controls are needed that are easily manageable, operate without slowing down users or changing the way they work, and provide enforcement of policies automatically without unnecessary intervention.
Each organization has its own unique needs, so there is no set formula for the amount of collaboration controls or the “right” education program. The most important component of any collaboration program is thorough user education with organizational safeguards, including third-party apps. With this in mind, and the proper tools and infrastructure in place, executives and IT leaders can have peace of mind in regard to data security while still giving users the benefits of online collaboration and sharing.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission processfor information on participating. View previously published Industry Perspectives in our Knowledge Library.