Are hosted cloud storage providers heading down a slippery security slope?
The Bring Your Own Device (BYOD) trend shows no sign of slowing; in fact, 38 percent of companies expect to stop providing devices to workers by 2016 according to research from Gartner. As such, some hosted cloud storage providers, such as Dropbox, are making it possible for users to manage both work and personal accounts from a single mobile device using their software. Products like these, which focus heavily on the user experience, are indeed commendable. However, they often ignore the entire IT side of the equation for data management and risk management, something that could cause serious security issues down the road.
There are security and control issues inherent in allowing "rogue users" -- users that find ways around network security policies -- to use consumer accounts at work without IT oversight, as this greatly increases corporate risk. IT must be able to centrally manage and backup all corporate information regardless of whether or not it’s synced or shared via a personal or business account.
Assuring litigation readiness and information governance is critical for most organizations. Where eDiscovery is concerned, IT must be able to quickly search all corporate data to ensure regulatory compliance, including documents and files stored and shared via consumer-oriented file sharing services. Enterprises that wish to allow the use of these services should consider enabling a software solution that can protect endpoint data, provide data access and sync across multiple devices, make the data searchable for eDiscovery and deliver fast data recovery if and when disasters strike.
While the risks associated with the use of consumer-oriented file sharing services is applicable to all industries, liabilities increase tenfold in data-sensitive industries such as legal or healthcare where additional requirements, such as HIPAA compliance, must be met.
To fully enable enterprise- class mobility and mitigate potentially catastrophic security issues, organizations should consider the following:
- Give IT control over ALL data. Understand that anything less is a compromise. Taking data out of IT’s hands makes organizations ripe for a major security issue. If companies are going to accept the risk of allowing users to use file sync and share solutions, they should consider enterprise software that ensures the business data is visible to IT and backed up.
- Mitigate corporate risk. For IT to do its job effectively, it needs to know what's out there regardless of whether data is stored within the enterprise or on consumer-oriented file-sharing services. All data must be searchable and discoverable if required by their compliance and legal teams.
As file sharing and data backup services continue to converge, mobility solutions must balance: a) self-service access and data portability for end users with b) simplified management and control for IT departments. Force fitting a consumer-focused cloud solution to an enterprise environment is a very risky scenario and quite frankly, won’t provide the data protection and security required for a sustainable successful business.
Photo Credit: Marynchenko Oleksandr /
Steven Luong is Senior Manager, Product Marketing, at CommVault. Steven has over 11 years of experience in the technology industry delivering server, storage, and information management software solutions. Steven received his bachelor’s degree in Chemical Engineering and MBA from the University of Texas at Austin.