Should Your Company Just Say “No” To Dropbox?
*** Begin Quote ***
As the business world increasingly turns to mobile devices and cloud-based file-sharing services to store or collaborate on important documents, the amount of information that’s falling into the wrong hands keeps climbing.
The numbers tell the tale: 90% of organizations had a leak of sensitive or confidential information over the past year. That’s one of the take-aways from a new study from security analysts at the Ponemon Institute.
Dropbox Is Useful – And That’s The Problem
Services like Dropbox, Bitcasa, YouSendIt and others are useful and efficient ways to get documents and files from one worker to another, especially in this age of mobile devices and distributed workforces. Plus, they’re cheap (or free) and easy for individual workers or small departments to set up.
But increasing use of these tools in the workplace, even for legitimate business reasons such as collaboration, puts a lot of private information at risk. And companies are starting to notice.
How bad is the situation? According to the Ponemon study, 60% of organizations have employees who frequently or very frequently put confidential files on services like Dropbox without permission. And just about that same percentage (59%) reported that what controls they do have in place were ineffective at managing who has access to sensitive files.
*** and ***
Some companies are already reacting with strong policies regulating use of such file-sharing services. IBM, for instance, has banned employee access to services like Dropbox and iCloud. Even the iPhone’s Siri is turned off for fear that sensitive information could be discovered from search query data stored at Apple.
This might be going too far for many companies. Especially if they don’t provide some sort of alternative. IBM has its own custom-built solution for file sharing, but many smaller operations can’t afford such measures.
*** End quote ***
Sure, that’s going to stop the practice.
Every hear of encryption.
Sensitive file? Run it thru PKZIP.
Use LASTPASS to select a 97 character password to encrypt it.
IMHO the rule should be if you can’t able it; you can’t ban it.
Bans don’t work.
“Drugs in Prison”!
The human being is the world’s best “rat” in terms of adaptability and maze solving.
Tell some one they can’t in an obnoxious enough fashion, and they will spend every waking hour proving you’re wrong.
Enable the behavior in a secure fashion.
Security should never say “no”; they should say “yes, and here’ s how to do it”.