Despite the growing security concern about the use of consumer-grade collaboration applications in the enterprise, employees continue to download and use these free applications – with or without IT’s blessing. Meanwhile, CIOs are grappling with how to support productivity for employees, wherever they choose to work — but must also ensure, first and foremost, there are no security breaches as a result of doing so. Is there a real risk involved with relying on consumer-grade file-sharing and sync solutions in the enterprise, or are CIOs overreacting?
In this slideshow, Intralinks, a global provider of beyond the firewall collaboration solutions, has identified six ways “freemium” file sharing has failed the enterprise.
Intralinks, a leading, global technology provider of beyond the firewall collaboration solutions, has grown to support strategic collaboration solutions for a wide range of industries, including financial services, life sciences, technology and manufacturing. More than 2.7 million professionals use their solutions to support mergers and acquisitions, drug discovery, and most recently enterprise collaboration with Intralinks VIA, which helps organizations take lifetime control of their most important information and frees employees to reach new levels of productivity.
Click through for six ways consumer-grade file-sharing apps fail the enterprise, as identified by Intralinks.
No controls beyond the firewall
If data can be downloaded, forwarded, printed or sent as an email attachment beyond the confines of the enterprise firewall, then it can no longer be controlled. A recent example of the damage that can be done by taking unsecured data beyond the firewall: a patient sued the University of Cincinnati Medical Center for more than $25,000 in damages after her private medical records were posted to Facebook by an employee. A file-sharing solution that doesn’t include built-in, integrated rights management (IRM) doesn’t offer the level of control required for enterprise use.
Dangerous ‘default’ user settings
One of the most appealing features of freemium file-sharing solutions is their ease of use. However, this simplicity often lulls users into a false sense of security. A major security flaw, revealed in May 2014, showed how a basic Google AdWords campaign uncovered unprotected, fully clickable URLs leading to users’ documents stored on Dropbox and Box, including mortgage applications and tax returns. The cause: Users’ default security settings had been set to “public” upon downloading and configuring Dropbox and Box.
Letting users mix business and pleasure
Allowing users to have one account that toggles between personal and corporate files is a ticking time bomb. In a Harris Interactive survey of more than 300 IT professionals, most of them with senior-level executive titles, 88 percent of respondents said allowing users to access both their personal and business file sharing accounts from the same login poses a security threat, and 81 percent said allowing users to have both their personal and business files share from the same file sharing product poses a risk.
Ignoring industry compliance mandates
For highly regulated industries such as banking and financial, life sciences and legal, the mere presence of unsanctioned freemium apps is a huge liability. Whether a business must meet the rules of Dodd-Frank, Sarbanes Oxley or HIPAA, one key question to ask before bringing any file sync and share solution into the business is, “Is this solution audit ready? Are document trails and version access available?”
Handing over customer data
Edward Snowden’s ongoing revelations about government cyber spying have left some of enterprises’ most popular tech and telecom mainstays, including Microsoft and Google, in an awkward position. For instance, file-sharing software customers now have to worry that Uncle Sam can spy on them through American-built hardware and software. Previously, these firms complied with informal information requests, according to a report in the New York Times. An enterprise-grade solution provides businesses with customer-managed keys (CMKs). This empowers organizations to be in sole control of their data – even if the Feds come knocking on the vendor’s door.
Topping the ‘enterprise least-wanted’ list
Just take a look at the change in the most commonly blacklisted apps in the workplace, and you’ll see evidence of this struggle between the consumerization of enterprise IT and the quest for data security. While Facebook, Angry Birds and Twitter once topped the corporate roster of unsanctioned apps, today, it’s Dropbox, SugarSync, Box and other file-sharing tools that give IT the most anxiety. Further, in the same Harris Interactive survey cited previously, only 51 percent of IT decision makers agreed that they would be willing to consider using a file-sharing software product that had been blacklisted by other companies.