Consumer-grade file syncing services (CGFS) are prevalent, providing much needed access to our data. Many of us use some version of this service, such as Dropbox, every day to store and access Word docs, spreadsheets, and presentations, for instance. CGFS services evolve regularly to offer more storage, more security, and better backup and recovery support. However, not all CGFS solutions are appropriate for enterprise use, as they can present data security risks.
As you’re choosing a solution, you’ll notice options for business, as well as free or freemium versions. Although tempting, the freemium options are not recommended for business use because they don’t meet basic security standards. However, not all business versions of CGFS are appropriate for your data needs—they may only be suitable for certain aspects of your operations—especially if your organization handles sensitive data. Use your data classification policy to map your data to the correct file sync service.
Adoption and increased confidence in cloud computing in the workplace have brought new challenges and risks to CGFS usage. Let’s discuss several preventable risks related to data security in file sync services:
- Criminal data theft. Employees create opportunities for cybercriminals when they use different CGFS services and fail to lock down their individual devices and applications with strong passwords, or when they fail to configure public Wi-Fi restrictions. Criminals are easily able to use the information to gain access to your enterprise network. Lack of oversight, coupled with improper device syncing to a corporate PC, cause vulnerabilities.
- Unexpected losses. CGFS solutions appeal to the individual user. However, teams or departments also choose to use CGFS for file sharing. Businesses struggle to control file or folder access, upload, and backup activities across a range of products, devices, and setups. So, an end user’s careless action or a glitch in the system can result in permanent data loss. Should an employee lose a device, he or she may not be able to conduct a remote wipe for data security. In addition to the loss of data and devices, users who fail to employ naming conventions, folder organization, and secure backup practices can lose access to their files. The IT department isn’t always able to trace the steps back to a problem and restore lost access or data.
- Legal action. Entire teams of corporate attorneys focus their practices on data privacy laws today, and the laws are constantly changing. The use of CGFS products in the workplace can serve as a breach of contract or privacy agreement that may infringe on the rights of third-party partners and vendors, clients, or even the business itself.
- Regulatory compliance violations. Every CGFS solution offers different levels of security and support. Some may comply with most security standards, while others provide only basic security precautions. However, for companies who manage sensitive information—medical records or credit card holders’ information—compliance with rigorous regulations is mandatory, and those security requirements may exceed the CGFS security standards. If the CGFS service provider or the end user suffers a data breach, the company could face serious penalties. For example, under HIPAA regulations, failing to maintain an accurate data log for the CGFS solution constitutes a violation. Without in-house policies on file sharing and syncing, companies can create compliance risks.
- Data corruption. All data sharing, syncing, and storage solutions are prone to data corruption. Enterprise-level file management solutions prioritize data recovery and corruption identification. CGFS solutions, on the other hand, rarely provide support for corrupted data. Small glitches in the system can render files permanently unusable.
- Ambiguous accountability. Whether a company allows employees to use their own solutions or employs a CGFS solution as an organization-wide tool, it loses clear lines of accountability. Most CGFS solution admins do not retain complete control over the product or the data. In the event of a breach or a malicious attack, the business cannot track user account changes, password management, or data transmissions. Furthermore, the attack may go unnoticed for a time if the service does not support administrative change alerts.
These six file sync service security risks are serious, but manageable. With the right approach, every organization can embrace file syncing and sharing services without compromising data privacy and security.
Find an Enterprise-Level File Sync Service
Blacklisting all consumer-driven file sync services can reduce many risks associated with file syncing, but you’re better off developing a solution that supports employee productivity and protects data privacy. (Blacklisting can also result in shadow IT issues because your team doesn’t have the tools they need.) Look for qualities such as secure mobile access, multi-tier authentication, encryption for data in transit and at rest, compliance expertise, management support, and incident recovery practices. For example, OnRamp offers enterprise-level file sharing with a focus on regulatory compliance and security, backed by certifications and audits. Let your IT department do the heavy lifting and guide you through your formal policies that the rest of your organization can follow.
With an enterprise-level solution in place, you can focus on user adoption. Train employees in the importance of using a compliant, secure file sync service, so they understand why you’ve adopted this product over others. Incorporate enterprise-level data syncing and sharing solutions into an overall data management strategy to minimize security risks without sacrificing productivity.