There are many misconceptions about the cloud and security of corporate data stored on the cloud. One of the primary problems is that employees often use consumer cloud services (iCloud, Dropbox, Google Drive), which are not designed to store corporate data. In order to prevent a cloud-related data breach, organizations should focus on restricting the use of consumer cloud services.
According to a recent survey, more than a third of all mobile and cloud application sessions connected to Box, Dropbox, Google Apps and Salesforce. Apps are now more interconnected than ever before, many leveraging cloud services, and potentially putting corporate data at risk. According to the survey, the average company had 28 Box, 20 Dropbox, 19 Google Apps and 26 Salesforce ecosystem apps all accessing stored business data. This interconnectedness of apps and cloud services makes it difficult to secure corporate data or spot a data breach, if one were to occur.
In many cases, the use of consumer cloud services, or apps that leverage or back up to consumer cloud services, will violate corporate data security policies as well as compliance regulations. As we know, however, employees will often violate corporate policy in order to remain productive, if no viable alternative is present and/or these policies are not enforced. The recent survey reminds organizations to ensure data security policies extend beyond monitoring just the cloud service providers but also the entire ecosystem of apps that could access data held in cloud services.
The cloud has revolutionized how organizations work, so it is a balancing act between managing the risks of the cloud and losing out on efficiency gains. Organizations can try to limit the access to the information through remote endpoint security. Managing laptops, smartphones and tablets, which are portals to the cloud, can help regain some security over the data these devices retain and access.
We suggest a three-pronged approach to endpoint management to reduce the risk of cloud services:
- Policy – make it clear what are you allowed to do with your work-enabled mobile/laptop/tablet
- Education – minimize data leaks by ensuring employees are aware of the risks
- Technology – technology, ranging from two-step authentication to device management and tracking, can act as a safeguard
By tracking devices, setting up alerts for devices at risk, and allowing content to be remotely deleted, organizations can help minimize the risks of the cloud. To learn more about how Absolute can help, visit our website.