Cloud collaboration platforms: how to avoid the pitfalls -TEISS® : Cracking Cyber Security
TEISS guest blogger, Richard Agnew, EMEA North VP at Code42 explores the challenges of cloud collaboration platforms and how to overcome them.
Do your employees store the files they create in the cloud? If your instinctive answer is, “yes — that is our company policy”, then you may need to reconsider. Employees may be required to follow best practice in theory, but human behaviour can be very different in reality.
There are clear advantages to using cloud collaboration platforms (CCPs): better workplace collaboration, higher productivity and improved customer experience. These are all good examples of the business benefits that standardising on Google Drive, Microsoft OneDrive, Box or Dropbox can offer.
In an economy where quick access to knowledge is a prerequisite for staying competitive, it is no surprise that CCP usage is on the rise. According to 451 Research, 60 percent of enterprises plan to shift IT off premise by 2019. In addition, Markets and Market Research revealed that the enterprise collaboration market size is estimated to grow from USD 26.68 Billion in 2016 to USD 49.51 Billion by 2021.
At the same time that CCP usage ramps up, concerns about cyber security in general are growing among UK businesses — especially with the General Data Protection Regulation coming into force in May 2018. With IT departments responsible for keeping an organisation’s data assets and intellectual property safe from cyber criminals, it’s not surprising that CCP is sometimes viewed with suspicion.
After all, these platforms are often used to share information between various parties, thereby increasing the potential for data leakage.
Add to that the potential for human error, and it’s easy to see why there are security concerns. To avoid creating unnecessary security risks inside your organisation, it is essential to understand how CCP usage can lead to potential points of failure and how you can overcome them.
Also of interest: Honeypots 2.0: A New Twist on Classic Deception Technologies
The way employees work
Your employees’ work and ideas are instrumental to the success of your business. But because employees are human and their behavior is often unpredictable, they don’t always safeguard their work by following data security best practices and policies to the letter. Though often overlooked, studying how your workforce gets things done is necessary in preventing data leakage.
To gain a deeper understanding of workforce habits, Code42 in partnership with customers with between 500 to 5,000+ employees, examined data storage behaviour across a sample size of 1,200 laptops. The research found that only 23 percent of the data employees generate and store on laptops and desktops is saved in tools like Google Drive, Microsoft OneDrive, Box or Dropbox.
This leaves 77 percent of data stored exclusively on employee devices (such as laptops and desktops). In terms of file count, this means just one percent of all files stored on endpoints is also being stored in CCPs.
The study then delved deeper to break down employee work habits into common user types:
- Travelers — the 30 percent of employees who store less than 25 percent of their files in CCPs;
- Innovators — the 40 percent of employees who keep 25 – 50 percent of their files in CCPs;
- Collaborators — the 20 percent of employees who have 50 – 75 percent of their files in CCPs; and
- Adopters — the 10 percent of employees who have more than 75 percent of their files in CCPs.
Unless all of these work habits are identified and understood by your IT and business leaders, you can embark on a digital transformation project or internal security policy drive that can introduce unnecessary points of failure and risk into your organisation.
Also of interest: Can the UK police tackle cybercrime?
The be-all and endpoint?
At the same time that Code42’s research findings showed that most company data resides exclusively on endpoints, it also took aim at a misperception held by IT leaders – that “nothing of value is stored on the endpoint”.
When examining employee-created files by type, the study found that 36 percent of the files employees have on their laptops and desktops include intellectual property (IP), such as programming files, images, spreadsheets, zip files, presentations, and audio and video files.
Needless to say, failure to safeguard information of this nature could lead to loss or compromise of information that would have a serious financial impact — and may even destroy a company.
Also of interest: Video interview with ethical hacker FC
The data security butterfly effect
As part of their digital transformation strategies, many IT leaders have already migrated to a CCP. After all, the benefits of allowing employees to work from any location, at any time, are difficult to overstate. By factoring in employee behavior and work habits, IT can ensure that these business benefits come with minimal risk.
The truth of the matter is that not every file created will make it to a CCP. Employees are people, after all. They like to work in ways that are familiar, comfortable and the most productive – which is why policies that contradict preferred work styles may fall on deaf ears. For this reason, an additional safety net cast over both endpoints and CCPs can play an essential role in maintaining visibility and control over IP.
Find out more about Code42 at https://www.code42.com/