Despite clear IT security policies, convenience drives employees to routinely use personal online file sharing solutions for confidential data. What advice would you give to those managing the security of these networks?
The first advice we would offer is to not ignore the problem or underestimate the potential risks. If the organization has internal security or proprietary information policies, it is a good idea to spell out the company policy regarding the use of unauthorized cloud services and consequences to the employee.
Other than making it very clear to such employees that placing company confidential data on unapproved cloud services is a very serious violation of company policies, the only practical solution is to offer employees an equally - if not substantially better - service with more convenience, reliability, and ease of use. There's no excuse for not taking the steps to assess what end-users expect from a file sharing and sync service, evaluating available solutions, making sure the solution also meets the needs of the IT, Security, and Compliance functions of the organization, and rolling it out as fast as possible.
As a part of the needs assessments process, the main objective should be to get to the root of the behavior - is the worker in the office or on the road, is sharing being done with internal workers or clients and partners outside the organization, what types of share and access rights are needed, are there other business specific use cases that should be understood?
There are plenty of security file sharing options available, but users tend to use what they know, regardless of how secure it is. How can the security industry change their way of thinking and make security a priority?
It is not enough to give users something only as good as what they're already comfortable with, they have to be enticed with a service that is substantially better. Better could mean much improved performance (lower latency, higher speed), much better reliability (data is guaranteed never to be lost and easily recovered if deleted intentionally of accidentally), much better availability (service is never down), much higher capacity (terabytes of storage allocation rather than gigabytes), much easier to use, and much more powerful features - such as off-line access, in-app editing of documents on mobile devices, and a great sharing and collaboration experience.
Users understand the competitive advantages of these benefits easily - saves them time, makes them more responsive, minimizes or eliminates mistakes - makes them more productive all around. Many workers are not only competing with people outside their own organizations but also with their peers and others inside their companies - the mantra “adapt or perish” is more true today than ever.