Back in the good old “take it or leave it” days when office technology was limited to whatever the IT department could scrap together, the biggest concern most employers had about leaks in enterprise data came from the risk of a corporate spy piggy-backing into a secure site and stealing whatever information they could lay their hands on. Today, the advent of the cloud and the proliferation of inexpensive hand-held mobile devices has changed everything. And corporate security personnel are scrambling for ways to make sure these little avenues of convenience aren’t opening up gaping security holes.
BYOD is Risky Business
With the boom in popularity of BYOD (Bring Your Own Device), many companies are gravitating toward the kind of convenience that will, if all goes according to plan, increase workplace productivity. BYOD accomplishes this by allowing employees to access proprietary work files and programs while they’re away from the office, increasing the likelihood that they’ll use personal time to wrap up time consuming work projects. All’s usually fine and dandy until an employee leaves the company. Then – and usually only then – do companies have to face the very real question: Now what?
What Happens When an Employee Leaves the Company?
Whether it’s a willing exit or a forced termination doesn’t make much of a difference. Corporations eager to safeguard their private information from existing employees do so by establishing guidelines that effectively render the unauthorized sharing or outright theft of proprietary data a fireable offense. But what about employees who have already left or are in the process of leaving, who no longer have any stake in their job and who might be moved to share a company’s private information for profit – or even worse, malice?
The reality is that these days, just because someone’s no longer allowed on premises doesn’t mean they can’t still can’t create a whirlwind of problems by accessing files remotely. This is a simple enough problem to solve when the equipment used to access corporate data belongs to the company, but in a BYOD culture that likelihood is becoming increasingly slim. Today, lots of corporations deploy free programs like Dropbox and Google Drive (Google Docs) to optimize cloud functionality without incurring the kind of cost that the creation of an in-house storage software platform would bring. It looks great on a year-end budget report, but can cause some quite unwelcome issues if the stuff hits the proverbial fan.
The Problem with Freeware
Recent security glitches in the widely used file sharing program Dropbox are serving as warning signs that corporations either need to develop their own document sharing platforms, or only use those that have a long proven track record of drum-tight security. In 2011, a public disclosure by Dropbox informed its legions of users that for a brief period of four hours, all of its user files were accidentally made available for anyone to access without the use of a password. The result? Chief decision makers the world over decided to “drop” that box like a hot potato. That’s just fine as far as Dropbox is concerned. After all, they don’t tout themselves as an enterprise storage solution. Even alternatives to Dropbox, like Google Drive and the iCloud, aren’t widely considered the best platforms for enterprise use.
The Drawbacks of Google Drive
If you want a good idea of why Google Drive may not be the best choice for enterprise cloud storage, you need look no further than the terms of service, which say: “When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.” If you’re not hearing alarm bells going off, you could be deaf.
The Drawbacks of the Apple iCloud
Not even the universally admired Apple offers what enterprises might view as an optimum platform for cloud storage and easy BYOD use. For one, it’s got minimal collaborative capabilities unless everyone in the workplace is on the Apple bandwagon. The iCloud doesn’t work with non-Apple devices and to make matters even more complicated, it requires all users to have matching operating systems. All in all, Apple’s iCloud is an experience that’s ideally suited for individuals, not businesses – let alone, large corporations.
Business Not In Charge
The enterprise doesn’t event need to formally deploy and adopt these popular cloud services to be at risk. Users might set up an informal Dropbox at work for quick and easy access while away. Who in IT has eyes on that? Beyond cloud storage, users can also easily auto-forward Exchange email to a Gmail or personal email account, with messages and any sensitive document attachments that will be accessible long after the employee leaves.
Of Catchy Tunes and Perfect Worlds
In a perfect world, nobody would ever have to worry about a former employee doing anything untoward with information they might still have access to by way of their work-connected mobile device. But as Huey Lewis once astutely pointed out, “Ain’t no livin’ in a perfect world.” Wise words indeed. This especially catchy truism leaves corporations in charge of developing policies and procedures that guard their enterprise data jealously, regardless of what platform it’s housed on.
Ultimately, what that means is exercising tight controls over who has what level of access, keeping meticulously updated records of that information, and taking immediate steps to revoke access to all shared cloud platforms before the employee’s even walked out the door for the final time.