Almost half of the more than 1,000 information security professionals polled in the UK, Germany and US believe their company lacks clear visibility of staff-use file-sharing or file sync-and-share applications.
Just over half said they did not believe their organisations have the ability to manage and control user access to sensitive documents and how they are shared, according to the study report.
While the study showed most organisations have policies governing the use of file sharing, policies are not being communicated to employees effectively.
More on file sharing
- File sharing frequently paired with endpoint backup products
- Connected Data Transporter moves file sharing to private cloud
- Secure enterprise file sharing with EFSS
- BitTorrent boosts Sync's security for sharing NAS files
- Dropbox file sharing: New security, integration features for businesses
- Security, control persist as file sync-and-share challenges
- Data protection software for file sync-and-share unlocks opportunities
- Consumer file-sharing platforms guilty of disturbing the peace
- What should I look for in an enterprise file sync-and-share app?
- Deploying cloud file-sharing services: Five steps to success
Only 54% respondents said their IT department is involved in the adoption of new technologies for users, including cloud-based services.
The research also showed employees are acting badly when it comes to data sharing and collaboration, routinely violating IT policy to get things done faster.
Six in 10 respondents also admitted they had often or frequently accidentally forwarded files to individuals not authorised to see them, used their personal file-sharing or file sync-and-share apps in the workplace, shared files through unencrypted email, or failed to delete confidential documents or files as required by security policies.
However, survey respondents indicated a lack of senior-level accountability in their organisations for developing and implementing file-sharing policies.
Of senior level respondents, 44% did not believe they had the ability to manage and control user access to sensitive documents and how they are shared.
Chairman of the Ponemon Institute Larry Ponemon said data leakage and loss from negligent file sharing is now just as much a risk as data theft.
“While most companies take steps to protect themselves from hacking and other malicious activities, this report shows these same organisations are entirely unprepared to guard against risky and ungoverned file sharing using consumer-grade applications like Dropbox,” he said.
Ponemon described the study’s findings as shocking and said they identify the holes in document and file-level security mainly caused by their expanded use beyond the corporate firewall.
“The goal of senior leadership should be to provide appropriate, secure systems and enforce policies to reduce the risk created by employees behaving badly,” he said.
Organisations struggling to enforce effective security policies
The research showed file sharing poses a major threat to enterprise security, and senior managers at organisations are having difficulty setting and enforcing effective policies to safeguard against data leakage.
According to the report, enterprise IT departments have lost control of user application decision-making, as well as company data.
CIOs need to regain control of data, and to do that they need tools designed for the enterprise with security and compliance in mind
Daren Glenister, Intralinks
The report concludes many organisations are vulnerable to both data loss and non-compliance due to cloud file sharing and improper file-sharing practices.
This vulnerability is heightened for regulated industries like financial services, where the risks and repercussions of data loss are more severe, the report said.
Intralinks chief technology officer Daren Glenister said the negative effects of consumer-grade file sharing and collaboration platforms on the enterprise are clear.
“CIOs need to regain control of data, and to do that they need tools designed for the enterprise with security and compliance in mind, but without sacrificing ease-of-use,” he said.
According to Glenister, shadow IT is a powerful force CIOs need help in countering if they are to ensure the security and compliance of critical data.
In comparing the three countries polled, German respondents achieved a higher effectiveness rating in stopping the misuse of file-sharing tools than respondents in the UK and US.
The extrapolated average rating for German respondents on a 10-point effectiveness scale is 6.08. In contrast, UK respondents had an average rating of 5.44 – which is below the mean of 5.5.
German respondents also said their companies achieve a higher of level of safety than UK and US companies with respect to file sharing.
Further, the extrapolated average rating for German respondents on a 10-point safety scale is 6.22. In contrast, UK respondents had an average rating of 5.24 – which is below the mean of 5.5.