In a recent survey by Dimensional Research, one issue became abundantly clear: employees perceive an exclusive divide between secure communication and convenient communication. Of the surveyed team members, 24 percent reported knowingly violating data security protocols at work, such as accessing confidential files on public Wi-Fi, because they “just wanted to get their job done.”
Employees preferred productivity to security, even when trained in data handling protocols. The issue does not limit itself to one industry: compromising actions were reported in the financial services, education and healthcare industries, as well as in government organizations. Overall, 72 percent of employees reported they were willing to share “sensitive, confidential, or regulated information.”
In an environment where employees view information security as a burden and administrators view it as a necessity, how should companies keep control over data as public sharing platforms, like Google Drive, and personal smart devices proliferate? Government agencies and enterprises can use three best practices to implement cloud collaboration solutions without losing efficiency.
1 – Maintain Awareness of Personal Device and Public Platform Use
Anytime a confidential file is moved onto a personal device, commonly referred to as Shadow IT, the data moves outside of the IT department’s control. Worse, personal devices often do not have the same security credentials as workplace systems, leaving data ranging from customer financial records to patient health information vulnerable.
The physical vulnerabilities of personal devices are only compounded by the virtual vulnerabilities of public platforms. The same survey found that nearly half of employees use personal email accounts for confidential business communications, and similar numbers admit to using public cloud services like Dropbox to share files. Like personal devices, public accounts and thin client applications may not have as thorough authentication and authorization protocols, and security administrators have just as little oversight of these accounts.
2 – Manage the Risks and Rewards
Clearly, employees value the efficiency of cloud collaboration, or why take the risk of compliance violations and data breaches? In the law enforcement community, Criminal Justice Information (CJI) allows officers in the field to share data with office-based staff, enabling them to handle a higher volume of cases faster and with better results. However, the benefits gained by using information-sharing programs like CJI can also be counteracted by data breaches, which may compromise investigations and put individuals at risk.
In addition, new technologies can also require rigorous training and support staffs, reinforcing the notion that security will always sacrifice convenience and, moreover, efficiency. To mitigate pitfalls, the FBI has led the way since 1998 with the Criminal Justice Information Systems Security Policy, which adapts and updates CJI sharing procedures as threats and challenges arise.
3 – Implement Cloud Solutions that Integrate Security into Sharing
To avoid the cycle of employees turning to Shadow IT and other risky methods to circumvent burdensome confidentiality procedures, a new way forward is needed. Public cloud platforms like Dropbox, Google Drive and Windows File Shares have made collaboration popular outside of the workplace, and, as seen in recent trends, these practices will enter the office with or without administrator approval.
Private cloud solutions can capture the convenience of these thin clients while maintaining control over files and user permissions within agencies’ servers. Click here to learn more about FedRAMP-accredited private cloud solutions that will give employees the convenience and efficiency they seek while giving administrators peace of mind, or visit Accellion at the DoDIIS Worldwide Conference in St. Louis on August 13-16 at our booth #436 at the Carahsoft Partner Pavilion.