Blog

Risks to your Corporate Data go far beyond the Patriot Act

Nobody can doubt the value and the power that is afforded to employees with the advent of online file-sharing solutions. Simplifying access, sharing and collaborating of critical information has never been easier creating great leaps in productivity.

The downside … it is now easier for your proprietary information to fall into the wrong hands intentionally or unintentionally.

Adding to the challenge is the increasing demands that employees are placing on IT resources to have mobile access to their data and the ubiquitous need to support Bring Your Own Device (BYOD) policies to allow anywhere, anytime access to corporate data.

With the unrelenting trend of consumer applications appearing in the workplace, it becomes easy for employees to gravitate towards the use of services such as Dropbox. With over 200 million users, Dropbox is the leading vendor for online file-sharing. Dropbox is a great productbut, what works well at home for storing and sharing family pictures, is not the correct solution for your corporate data. Dropbox is easy to install and simple to use however, consumer products can present unmanageable risks in terms of security, legal exposure and, commercial loss within a business environment.

Business owners and IT professionals should consider the following:

Unauthorized loss of data

Dropbox is difficult to monitor across multiple PCs and mobile devices. As a result, business owners and IT staff are not aware of which devices have Dropbox installed and, are not in control of unmonitored devices using Dropbox that are synching critical data with Corporate PCs. As a result, Dropbox can sync, without IT approval, across multiple personal devices. These personal devices, particularly mobile devices, can get lost or stolen, dramatically increasing the chance of your data being shared with the wrong people.

Legal Implications

There are three legal exposures to online file-sharing applications, file deletion and file sharing and being offside of compliance requirements. Giving employees the untethered power to permanently delete files will likely put you off side any legal discovery and disclosure requirements. Similarly, giving employees the ability to share confidential information will almost certainly put your business offside of many confidentiality and privacy commitments that you have made to clients and other third parties.

Compliance

Most companies have digital data protection and retention policies in place. These policies are a key cornerstone in protecting your data. Ensuring that data can only be accessed by approved individuals and, that data retention policies are being complied with is critical to ensure that your business is meeting all of your compliance obligations. File access controls, sharing controls and retention setting are not well defined or are non-existent in consumer products such as Dropbox.

Many companies need to ensure that their data is kept and managed in line with legislative requirements. In Canada, HIPA, Protected B and PIPEDA are examples of how data being stored on a generally available, consumer file-sharing application will be non-compliant.

Accidental Loss of Data

The movement of files across multiple devices and multiple users is not managed well by Dropbox. It is important to realize that copying a file does not necessarily result in a copy having full integrity. The cloud offers great reliability, but files need to be checked for integrity at the time of copying to ensure that all file versions can be retrieved instantly.

File Change History

Consumer file-sharing products do not provide detailed reporting with respect to which users have accessed files, modified them, or copied them onto which machines. This removes any ability to audit processes or assess the risks to your business of data loss.

The Patriot Act

In Canada, there is a growing requirement to ensure that critical data is not stored outside of Sovereign Canada. The vast majority of consumer, cloud storage solutions, such as iCloud, Dropbox, Google Drive etc. have their data repositories in the USA or other foreign jurisdiction. This, under certain circumstances, puts your data at the potential risk of third party discovery actions.

What should you do?

Dropbox is a great product, but is woefully inadequate for use within a business or corporate environment if you care about the use, control and access of your data. Unfettered use of a non-corporate controlled file-sharing application will almost certainly lead to data loss, security breaches and non-compliance.

The management of 3rd party applications and stopping employees from installing these types of services, particularly on their own devices is close to impossible. The demand for this type of application from your employees is undeniable and as a result, businesses should offer these services with a corporate orientated product.

HBizzSync is an example of this type of application. The solution allows IT to control user access and permissions, data, monitor activities and ensure that your data is protected while at the same time, giving employees all of the flexibility they need in terms of access and functionality to help them collaborate more effectively.

Call us to show you a demonstration of how we can protect you better.

 

Paul Butcher

Leave a Reply


What Our Customers are Saying

Our server environment changes almost daily as we power down, power up and scale compute resources to meet rigorous release criteria and timelines. Optimizing this aspect of our business operations was part of what drove us to evaluate Cloud. The second part is strategic. Once the business is running on the Cloud, ZIM will leverage Cloud to make software tools available to customers as a PaaS. This is the end game.

— Celso Bressan – Manager of R&D - ZIM

The solution from HostedBizz gives us more control over our server infrastructure than we expected. We can flex our computing resources up and down based on the demand that we see from our customers

— Josh Garellek – CEO Arctic Empire

4Té were using a tape backup which was a very cumbersome methodology for all of our critical data. HostedBizz were able to replace this whole process with an automated worry-free backup process into their secure Canadian cloud infrastructure

— Tammy Green - Systems Manager 4Té Inc

Bold Radius is a custom software development, training and consulting firm. Bold Radius needed bullet proof elastic computing. We needed the ability to spin up and tear down servers and to dynamically change server resources on the fly. Hostedbizz delivers this to us and our clients and we can control all of our services through their simple to use portal.

— Mike Kelland - President & CEO, Bold Radius

Connect with HostedBizz and become an authorized reseller for Cloud IT solutions.

Sales and General Inquiries

Service and Support