Encrypting data on your own might be the smartest move.
For those of you old enough to remember the TV comedy series “Get Smart” featuring a spy that used his shoe for a phone, the good guys belonged to an agency called “Control,” and the bad guys were affiliated with “Chaos.” This month “Get Smart” celebrates its 50th anniversary, yet CIOs continue to struggle in a seemingly never-ending battle to restore control in a chaotic, cloudy world in which data security is less than transparent.
Much like the BYOD trend, the use of cloud-based services for sharing files is widespread and it’s likely that if you’re a CIO, your employees are already using them, whether they are officially sanctioned or not. Dropbox has led the charge to offer cross-platform file syncing for your personal files, and all the major players have followed suit, from Google (Google Drive), to Microsoft (SkyDrive), to Apple (iCloud). There’s also Box, Sugarsync, and many others. For consumers, they are perfect, providing easy instant access to photos and documents from any device. That familiarity and accessibility is why they’ve crept into the enterprise.
If you don’t take immediate action to regain control over your assets, then there’s a real risk you’re going to lose data. According to an article from Business Cloud News, a recent survey conducted by Fruition Partners of 100 CIOs found that 90% believe unsanctioned use of cloud services has created long-term security risks.
The solution to regaining control over IT is relatively simple, enterprises just need to adopt newer technologies and services so their employees don’t feel the need to use outside sources. If employees had a company-wide, cloud-based file-sharing service they could use just as easily as Dropbox then they would use it, and IT would have no worries that the information wasn’t secure and in their control.
Many CIOs see the need to bridge their internal communications people with their managed services provider (or MSSPs) on how best to educate employees about cloud services limitations, so that upper management feels confident about using cloud services in the first place. Before contracting with an MSP, make sure you ‘get smart’ and ask these questions:
- What kind of authentication do they use? Your files may be encrypted in transit, but all too often they are decrypted when they arrive and stored on the cloud server.
- Have they ever had a security breach?
- Is there any provision for client-side encryption?
- What about compliance? Is the MSP living up to the standards that your industry or your clients demand?
- What kind of disaster recovery policy does the MSP have? What is their level of commitment to keeping your files safe? How soon could you access a backup if there was a problem? Would there be any data loss? Where are your files physically stored?
When an enterprise selects a cloud solution it’s paramount to ensure that the enterprise has in-house controls, so you know exactly where your data is and who has access to it at all times. Make sure that you know what your cloud service partners can commit to. Don’t assume that your data is safe when you can’t even say exactly where it is.
- How do you manage user access and set the right permissions for staff?
- Is there any consideration of version control to prevent documents being overwritten, or to deal with simultaneous updates?
- Can you prevent employees from leaking data, or taking it with them when they leave?
And, speaking of ensuring that you do all within your own control to keep your data safe, protect your sensitive data with strong encryption before transferring it into the cloud. Some storage providers may offer server-side encryption, but encrypting your data on your own might be wiser. Control today, avoids chaos tomorrow.
This article was recently published in Network World.