Two thirds of senior managers do not know where all company data resides or are not sure, according to a survey about the security of cloud collaboration services.
Some 74% of organisations also do not have a process for tracking which files have been placed on third-party cloud services, according to the poll of IT workers from more than 400 organisations by governance firm Varonis.
The survey report notes that, with bring-your-own-device (BYOD) and file synch services booming, companies are vulnerable to potential devastation.
Files kept on third-party cloud provision can be lost, misplaced, accessed by unauthorised people or leave the company with the employee, causing data privacy and compliance issues, the report said.
The survey found that, of organisations that allow cloud-based file synchronisation services, only 9% have a process for authorising and reviewing access to cloud repositories, with another 23% still developing their access policies.
The remaining 68% either have no plans in place, or function without formal processes for granting and reviewing access. Without control over access, or knowledge of where potentially sensitive organisational data resides, data is "up for grabs" the report said.
Top five tips for secure collaboration
- Create an inventory of your most used collaboration platforms to get an overview where data lives, who has access to it, and who is using it;
- Identify data owners for each data set and have owners perform a preliminary entitlement review to see if data is stored in the right place and if the right people have access to it;
- Remediate any exposures, such as data that is accessible to too many people or regulated/sensitive content that is stored in the wrong place;
- Monitor access to all data – this will help easily identity data owners and identify unused data and abuse;
- Put a process into place that provides secure collaboration for remote employees - including synchronisation, mobile device support and extranet functionality – that works on existing enterprise servers and infrastructure.
Given the risk and operational implications of moving data into a cloud environment, 78% of those surveyed said they would prefer to use their existing permissions and storage if they were able to provide collaboration and file synchronisation services similar to those available in the cloud.
More than half of respondents (57%) reported that BYOD would be more attractive for their organisation if they could provide secure access to their internal file shares for collaboration.
“The results clearly show a lack of control by those organisations that have adopted cloud file sync services”, said David Gibson, vice-president of strategy at Varonis.
“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored," said Gibson.
"This should act as a wake-up call for organisations to develop a conscious strategy to ensure secure collaboration as quickly as possible."