With organisations allowing their employees to work from home more and more frequently, the need for users to access content from various platforms at all times is growing, writes Todd Partridge, pictured, director of product marketing at Intralinks, a secure document sharing product company.
Some organisations have been looking towards consumer file sync and share (CFSS) solutions to tackle this problem. However, while unlimited basic cloud storage solutions can seem highly appealing at first their use can significantly increase corporate risk, legal costs and put a significant proportion of corporate content outside the control of IT and others charged with managing it. In other words, they lack key security features and file sharing functionalities required by businesses worldwide to operate effectively and be compliant.
Osterman Research recently conducted a study into this issue entitled ‘The Critical Need for Enterprise-Grade File Sync and Share Solutions’ commissioned by Intralinks. The study looked at how to mitigate this risk and lower the cost of managing corporate information, focusing on enterprise-grade file sync and share (EFSS) solutions as a replacement for CFSS systems.
Email, still the sharing method of choice
Organisations are slowly integrating a wider range of platforms and technologies to share their information. However, email still remains the most commonly used platform.
While email is an easy way for users to share files, it creates a number of functional problems in the context of managing IT infrastructure as a whole.
Sending large files or attachments can negatively impact network bandwidth during peaks. Senders’ and recipients’ mailboxes can also grow quickly as a result of storing sent and received files, forcing people to spend too much time on mailbox management. Moreover, large mailboxes often result in long periods of downtime in the event an email server has to be restored.
Where are we storing corporate data?
The variety of personally owned smartphones, tablets, laptops and home computers that employees use to generate and store work-related content is one of the main causes of the security-related problems. It means organisations are losing control over their content.
According to the Osterman study, 13 percent of corporate data is located in employees laptops, five percent in smartphones and tablets and one percent on employees home computers.
Some employees use CFSS solutions to get around the problem of having documents stored on so many different devices. This means the audit trail can easily be lost, adding a serious new risk to the corporate environment. As there is no record of where, when or how data has been shared, it can result in higher risks for spoliation of evidence, more difficulty in satisfying regulatory obligations and more difficulty in managing how long content is retained. The problem is magnified when employees leave a company as much of this data can simply be lost to the organisation forever.
With a variety of these employee-managed tools installed without the blessing of IT, the concept of “shadow IT” is emerging. CFSS are a big component and cause of this problem. While CFSS vendors are not directly at fault, leading providers still represent a high value target for hackers because of the enormous quantities of data that they store.
Secure information exchange tools like EFSS can partly solve this problem because they allow files to be shared in a secure way. The use of links that can be set to expire and have to be accessed using a password help ensure content is much less accessible than through attachments. These links can also track downloads and shares, enabling organisations to take back control of corporate content. The Osterman study found that a significant amount of organisations agree on this point that data should be fully encrypted between endpoints. In fact, 55 percent consider it of “moderate” to “very high” priority to replace CFSS tools for a more secure option over the next 12 months.
While CFSS tools may seem useful on the surface, they introduce significant legal, regulatory and other risks to an organisation. Secure information exchange tools can dramatically lower corporate risk by keeping information under the control of IT and by ensuring that all data is managed in accordance with corporate policies and the systems designed to enforce these.
