The increasing use of mobile devices in the workplace is a key driver behind the adoption of online file-sharing (OFS) and collaboration solutions. In fact, a study conducted by the Enterprise Strategy Group found that, after CRM and e-mail, online file sharing and collaboration ranked as the third most frequent SaaS application in the enterprise.
A recent search for “cloud file sharing” on the Apple App Store yielded 196 results, ranging from ADrive Mobile to Zip Cloud. In addition to the myriad of choices, many of these apps offer users a free service that allows them to store and share 2 GB or more of content before a paid upgrade is required.
This convenience doesn’t come without a catch, however. The digital forensics and security services company, Stroz Friedberg, published a survey that found that nearly 87% of senior managers in the United States share corporate data via personal email and cloud file sharing accounts. When these workers terminate their employment, the sensitive data stored in their “personal clouds” goes with them. And, that’s just the beginning of the potential security threats that consumer cloud apps bring to the work place.
The best way to protect your customers from these threats is through education. One of the best articles I’ve come across on this topic was written by Intronis VP of Sales Rob Merklinger, titled “How to Sell Against Consumer-Grade Technologies.”
Following are the topics (bolded) he mentions in his article along with my comments:
- Lack of Security. Sure, many freemium collaboration services have some security (e.g. password protection), but business grade solutions have a greater quantity of security features (e.g. two-factor authentication) as well as more granular security, such as enabling file and folder password protection and defining more specific access controls for collaborators.
- Reliability and Regulations. If you’re talking to a customer in healthcare, banking and finance, or legal, start with this point. Consumer offerings don’t brag about compliance with HIPAA, Sarbanes-Oxley, or PCI DSS for a reason — they’re not designed to comply with such standards. Also, reliability (which is arguably a separate point) is an important differentiator, especially when you’re talking about freemium cloud backup solutions and data recoverability. A discussion with your customer about their RTO (recovery time objective) and RPO (recovery point objective) requirements should help clarify the differences between consumer-grade and business-grade offerings.
- Anytime, Anywhere Access. It’s not that consumer-grade collaboration solutions don’t allow you to access documents from lots of devices and from multiple computing platforms. The big differentiator is that business-grade solutions allow you to edit documents from any device without requiring the user to first download the document to a desktop.
- Manageability Matters. Merklinger says it best with this one:
“With consumer-grade your options are few when it comes to customization of the service and manageability. With a business-grade solution you can set device policies that can, for example, wipe the data in the event of a breach and pinpoint who accessed what and when.”
Microsoft is another company that’s shown that it understands the added security and privacy concerns of businesses. At its website, it recently created several “Top 10 lists,” including one titled, “Top 10 security and privacy features of Office 365,” which concurs with the points made in the earlier referenced article and addresses additional concerns IT solution providers should keep in mind such as where cloud data is stored (#7 on the list).
When considering the gamut of cyber threats your customers face, it’s easy to overlook personal file sharing and collaboration apps. Unlike malware threats like CrytoLocker, for example, that can quickly cause major productivity and financial losses, personal file sharing and collaboration apps are more akin to a slow-growing tumor that starts out as little more than a small annoyance. Left unchecked, however, this security Achilles Heel, like a tumor, will almost certainly lead to much more serious issues down the road that become more costly and difficult to treat as time goes on.