By Hormazd Romer, Senior Director, Product Marketing, Accellion
A new study by the Ponemon Institute, The Insider Threat of Bring Your Own Cloud (BYOC), analyzes the risks of enterprise employees using cloud services without the permission or oversight of the IT department—a practice that the study’s author calls “Bring Your Own Cloud (BYOC).”
The study findings highlight the risks of insiders’ accidentally or intentionally disclosing confidential data through unmonitored public clouds. Here are just some of the findings, which are based on responses from 400 IT and/or security practitioners:
- 62 percent of respondents reported they knew of employees using their own private accounts for public-cloud services such as Dropbox, Google Docs, and Evernote in the workplace yet only 26 percent of respondents said this practice was permitted.
- 55 percent of respondents say the risks posed by BYOC are increasing, and that BYOC affects data security risks overall. What are these risks? According to the study, they include “the loss or theft of intellectual property, compliance violations and regulatory actions and loss of control over end user actions.”
- 85 percent of respondents say BYOC makes it harder to manage access governance and privileged access to sensitive and confidential data.
The scariest finding is probably this one: “Most respondents say they are not confident or have no confidence that they could stop or prevent data loss in the BYOC environment. The primary reason could be attributed to the lack of BYOC security measures and difficulty in addressing the insider threat to data in the cloud.”
Since most enterprises do not officially support BYOC and since most IT workers recognize that BYOC is risky, why is BYOC allowed to be so prevalent?
According to the survey, employees using BYOC services are more productive. This makes sense, as popular services like Dropbox, Evernote and other file sharing services do address the productivity needs of today’s mobile-first workforce. However, they do so in a risky, unmonitored, and decentralized way that leaves IT and security teams on the sidelines.
To benefit from the productivity of a BYOC-style workforce without incurring the risks of unmonitored cloud usage, enterprise IT teams should step forward and offer their own solutions for file sync and sharing, group editing, and other common collaboration tasks. By offering a secure alternative to BYOC, enterprises can keep data safe while offering employees solutions for increasing productivity.