Public cloud services, such as Google Drive, present many challenges to businesses that require control and visibility over their sensitive data. Here are seven security risks your business faces if your employees are using public cloud storage services to do their jobs:
1. Data theft
One of the biggest problems with employees utilizing public cloud solutions is that there is no oversight. Business owners and IT staff could have no idea when a service like this is installed, what devices have access, what sensitive business data is saved there, and who has access to that sensitive data outside the company. That offers up a lot of weak links in the chain when it comes to securing your company’s data. If an employee is using his or her personal Dropbox account and saving company files to it, and it syncs to a mobile device, that device could be hacked, lost, or stolen. From there, who knows who could be looking at your sensitive files?
2. Data loss
The backup and restore features of public cloud solutions is not robust enough for business data. In fact, public cloud may not even back up files that were modified on an employee’s mobile device. If an end-point, such as the mobile device, is lost, so would be the most current version of the file.
3. Corrupted data
One out of every 1500 files suffer “silent data corruption”. Silent data corruption refers to when a file becomes corrupted, through a variety of causes like hardware errors or software bugs, but it doesn’t alert the typical systems to send the user warnings. In other words, in combination with poor or no backups, using public cloud could lead to complete obliteration of a file — without a backup to replace it.
Allowing your end users the power that public clouds affords them could lead to lawsuits against your business. If there is a copy of a critical business document and it’s in a user’s personal Google Drive account, for example, you could be violating privacy agreements.
5. Compliance violations
With public cloud services, there are often loose or even non-existent controls on file retention and access. Many compliance regulations require files to be retained for a specific duration and only accessed by certain individuals. For businesses who must remain compliant, it is imperative to employ strict controls.
6. Loss of accountability
Without knowledge of system-level activity, public cloud solutions can result in loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious admin were to gain access to the system, without an alerting system in place to notify other admins of these changes, hundreds of hours of configuration time could be undone.
7. Loss of file access
Public cloud services don’t track which users and machines touched a file and when. This can present a problem if you’re trying to track the events leading to a file’s creation, modification, or deletion. Any trail of events that a public cloud system would have could also be easily broken simply by renaming the file.
While many companies have formal policies or discourage employees from utilizing public cloud file sync services, there is still a disconnect. It’s important to know that employees who use their personal Dropbox, Google Drive, OneDrive, or other public cloud accounts are finding a workaround to not having resources provided to them.
If you want to keep your business files secure and under control, be sure you are giving your employees the right tools.