Is BYO cloud a threat to your business?
It’s 9am, do you know where your important business files are? You might think they’re tucked away safe and sound on your desktop PCs, residing on your office server or perhaps stored securely in your business-grade cloud service. But where else have they been copied? Who is keeping these copies safe from prying eyes?
Free consumer-grade cloud services like Dropbox, Google Drive, Microsoft’s SkyDrive and Apple’s iCloud are spreading like weeds through businesses of all sizes as staff continue to mix their personal and professional lives.
These cloud services are specifically designed to bypass firewalls and other restrictions, to make it easy to access your data from anywhere. When a service like Dropbox makes it so easy to access your personal documents on the go, and provides a handy backup should disaster strike, it’s little wonder that people want to bring that same kind of flexibility into the workplace.
If your staff are bringing their own devices into the office, or accessing their personal cloud from work machines, are they inadvertently uploading business data to the cloud? Or are they doing it deliberately, to make it easier to get things done while they’re away from their desk?
It’s probably not with malicious intent; they’re simply looking for the best tools for the job. But their security concerns now become your security concerns.
If staff take a haphazard approach to their personal online security, their use of cloud services could be putting your business data at risk. Do they lock their devices with a passcode? How strong is their cloud password? Do they use two-factor authentication? Who else has access to their cloud storage?
Which other services are linked to their cloud account? How many devices do they leave lying around their home with unfettered access to your sensitive business data?
Staff might not be too concerned about their family photos and other personal files falling into the wrong hands, but it’s a different story once your financial records, customer contact lists, sales reports and business leads are mixed in among their holiday happy snaps.
One of the easiest ways for hackers to target sensitive business data is through employees who are lax regarding their personal online security. Industrial espionage doesn’t just happen in the movies – what would it mean for your business if these files fell into the hands of your biggest competitor?
There are other consequences for your data falling into the wrong hands. Changes to Australian privacy law, under the new Australian Privacy Principles, could hold your business responsible if sensitive customer information falls into the wrong hands. This includes privacy breaches caused by Australian and offshore cloud services storing your data. So it’s important to know exactly where customer data is stored and if the provider complies with privacy regulations.
The knee-jerk reaction to these potential threats is to introduce a blanket ban on using personal cloud services at work, but it would be difficult to enforce and could be counter-productive.
Where there’s a will there’s a will there’s a way, especially when staff are finding legitimate productivity gains from using the cloud. They may just go to further lengths to hide their activities.
A better approach might be to embrace the cloud where appropriate and look for business-grade alternatives to the cloud services which staff have been using on an ad hoc basis. If these services really are making it easier for people to do their job then it shouldn’t be too hard to make a business case for migrating them to a paid business-grade service with appropriate levels of security.
If your sensitive business data is in the cloud, it’s important to know exactly where it is and who can get their hands on it.