Cloud collaboration, online storage, other cloud services and Bring Your Own Device (BYOD) adoption have all contributed to increased productivity and lower IT costs for most small businesses. Over half of companies surveyed now store data at a third party site and only a fraction of them have considered and vetted the cloud vendor’s security posture or even have cybersecurity policies in place themselves.Today’s workforce is increasingly connected, and as everything and everyone becomes connected, then everything attached to the Internet of Things becomes vulnerable. The workforce demands and requires a means to share and collaborate, making it incumbent upon any business to provide a r secure means for employees to share and collaborate. Failure to provide them with a secure means, and failure to have in place clear and effective policies almost guarantees that employees will devise their own solutions via shadow IT which in most cases will be insecure.
Traditional email, while effective for sharing documents and files has been and still is often limited to attachment sizes. Cloud collaboration services provide an alternate means of sharing larger files such as documents and multi-media presentations, although have the risk that outsiders learning the link to the cloud share can gain access to the documents. While the transport and storage of files is usually encrypted by the vendor, businesses have little if any control over the encryption and regardless of encryption at the storage level, a link is all someone needs to access the data.
Services such as Microsoft’s Overdrive, Google Drive and Dropbox are all great out of the box solutions for personal and non-sensitive documents. A business on the other hand should consider enterprise level features of these services in order to reduce the risk of sensitive documents being seen and obtained by those not authorized to have access.
Data Loss Prevention, (DLP) is an important part of any business security strategy. Fortunately, all of the aforementioned cloud providers do integrate with DLP solutions when subscribing to their enterprise level services. The links below provide some information for further reading on the DLP options available with each of the listed vendors:
The takeaways here for any small business are:
- Provide collaboration and sharing tools or employees will invent their own solutions
- Create and communicate effective security policies for employees to follow
- Train the workforce on secure sharing methods
- Consider DLP to secure access to and leakage from data stored in the cloud.