A lot of senior managers have no idea about their data storage
After a conducted survey it looks like 67% of respondents told that senior management in their companies either don’t know where all company data is or are not sure, according to Varonis.
More than that, 74% of companies told that they do not have a written process for tracking which files have been placed on third party cloud digital services or storage services.
With all the Bring Your Own Device (BYOD) fuss – particularly mobile and tablet devices – and file sync services hitting they sky, a lot of organizations are vulnerable to a wave of potential devastation. Files kept on third party cloud services can be lost, misplaced, accessed by unauthorized people or leave the company with the employee, causing data privacy and compliance issues.
Unfortunately from those companies that are allowing cloud-based file synchronization services, only 9% of respondents’ companies have a process for authorizing and reviewing access to cloud repositories in place, with another 23% still developing their access policies.
The rest of 68% either got no plans in place that they are aware of, or go on without formal processes for granting and reviewing access. Without control over access, or knowledge of where potentially sensitive organizational data resides, data is virtually ‘up for grabs’.
If we are to take into consideration the risks and operational implications of taking the data into a cloud environment, it is hardly surprising that 78% of those surveyed would prefer to use their existing permissions and storage if they were able to provide collaboration and file synchronization services similar to those available in the cloud.
Equally, the majority of respondents (57%) reported that BYOD would be more attractive for their organization if they could provide secure access to their internal file shares for collaboration.
“The results clearly show a lack of control by those organizations that have adopted cloud file sync services”, said David Gibson, VP of Strategy at Varonis. “The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations to develop a conscious strategy to ensure secure collaboration as quickly as possible.”
David Gibson’s tips for a secure environment are:
- Create an inventory of your most used collaboration platforms to get an overview where data lives, who has access to it, and who is using it.
- Identify data owners for each data set and have owners perform a preliminary entitlement review to see if data is stored in the right place and if the right people have access to it.
- Remediate any exposures, such as data that is accessible to too many people or regulated/sensitive content that is stored in the wrong place.
- Monitor access to all data – this will help easily identity data owners and identify unused data and abuse.
- Put a process into place that provides secure collaboration for remote employees – including synchronization, mobile device support and extranet functionality – that works within the existing enterprise servers and infrastructure.