The BYOD and Cloud revolution has a unique heritage in the history of IT developments because it has been driven by consumers rather than the IT department. Users have found apps and services that make their personal lives more efficient, before bringing those tools into the workplace seeking similar benefits.
And so it is that Cloud file storage services have made their way through the corporate firewall, often without any official sanction. With widespread use of consumer Cloud file storage systems common in most businesses, it may be too late to try and completely restrict access. You can however take several steps to try and improve security.
1. Standardise on a company-approved service
There are plenty of Cloud file storage services available, and without any kind of guidance your users will select whichever catches their attention. This then makes it incredibly hard to monitor which data is stored where and by whom.
Rather than banning Cloud storage services outright, your business will probably have greater success by mandating a “company approved” service. This then allows you to properly assess which of the available services best meet your data security needs. You will also find supporting a single Cloud vendor much simpler than trying to sty up-to-date with every development of the competing services.
2. Upgrade to a business-class service
Most consumer-grade Cloud storage services come without any form of data loss guarantee – if their servers crash and your hosted data is lost, you have no real recourse for compensation. Other services have questionable data scanning policies (Google) or have been subject to high profile outages (Dropbox).
Many consumer providers also offer business class that are better suited to corporate use. These services provide protections you might expect like uptime guarantees and data recovery options. Alternatively you could look at the option of a private Cloud solution which completely segregates your data from other services and subscribers.
With a business-friendly alternative in place you should find it easier to convince employees to give up their own apps and adopt the company standard.
3. Tighten security on internal data systems
Whatever your staff choose to do with your data, the responsibility for maintaining compliance with the Data Protection Act 1998 remains yours. If you do not want particular data uploaded to Cloud services, you should tighten security locally to prevent such moves.
Your business should also consider auditing data usage to ensure that it is only being accessed and used by authorised users. Audit trails help you identify security issues at source and provide the information you need to lock down leaks.
In the same way some businesses disable the use of USB flash drives, you need to consider how a workable equivalent can be applied to restrict some data from upload.
Cloud data storage provides a brilliant mechanism to keep staff productive at all times by making key data available to them any place any time. But your business needs to carefully consider the security implications of the technology if it is to properly capitalise on those benefits.
What measures does your business take in order to protect critical files on your internal network, whilst allowing for flexibility in the workplace? Has it been incorporated into your IT policy? What happens if you need to recover data from a Cloud source?