In my previous blog article last month I discussed the a recent DropBox hack and the potential damage that could pose to a company, who’s business users use DropBox to share sensitive corporate data without IT knowing about it (Shadow IT ring a bell??). Straight away people were worried - they asked is Dropbox safe? They were starting to look at Dropbox competitors.And now only a month later we hear about another misuse of DropBox for storing sensitive corporate data. This time it has even resulted in litigation, with Lyft filing a complaint against its former COO Travis VanderZanden for downloading a number of confidential company documents to his personal Dropbox account.
Now, no one is blaming DropBox here, Lyft isn’t, it’s not their fault an employee uploaded confidential documents to the cloud. But how can we control what is uploaded into DropBox, or Box.com, or any other cloud FSS solution? Trust, but Verify and Govern!
Given the chance business users WILL use cloud FSS solutions and just blocking access to it won’t cut it. Business users will figure out “workarounds”. Replacing it with alternative non “consumer” solutions also won’t work, since users want to use what is simple and what they are used to. At the end of the day people just want to be assured that Dropbox is safe for confidential files.
We need a paradigm shift, to start thinking differently, and instead of blocking access to cloud FSS solutions or replacing them, why not enable them? Allow access to them, but in a manageable, secure and fully auditable way?
This way every one wins –
The business users continue using their cloud FSS solution of choice
IT has happy employees and full visibility and control of traffic to and from cloud FSS solutions.