Intralinks Holdings, Inc. has published new independent research with the Ponemon Institute into the security threat caused by unsanctioned file sharing. The report, “Breaking Bad: The Risk of Unsecure File Sharing,” shows that organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and that employees routinely breach IT policies and place company data in jeopardy.
“Data leakage and loss from negligent file sharing is now just as significant a risk as data theft,” noted Larry Ponemon, chairman of the Ponemon Institute. “While most companies take steps to protect themselves from hacking and other malicious activities, this report shows that these same organisations are entirely unprepared to guard against risky and ungoverned file sharing using consumer-grade applications like Dropbox. The findings in this report are shocking, and identify the holes in document and file level security, in large part caused by their expanded use beyond the corporate firewall. The goal of senior leadership should be to provide appropriate, secure solutions and enforce policies to reduce the risk created by employees’ behaving badly.”
The research found that file sharing poses a major threat to enterprise security, and that senior managers at organisations are having difficulty setting and enforcing effective policies to safeguard against data leakage. The report concludes that many organisations are vulnerable to both data loss and non-compliance due to cloud file sharing and improper file sharing practices – and it starts from the top down. Further, it is clear that the enterprise IT department has lost control of user application decision-making, as well as of company data.
Report Findings
More than 1,000 IT security professionals from the United States, United Kingdom, and Germany were surveyed. Key findings from the report include:
· Almost half (49 percent) of respondents believe their company lacks clear visibility into employees’ use of file sharing/file sync and share applications.
· Half of respondents (51 percent) aren’t convinced their organisations have the ability to manage and control user access to sensitive documents and how they are shared.
· The majority of organisations have policies governing the use of file sharing, but policies are not being communicated to employees effectively.
· Only 54 percent of respondents say their IT department is involved in the adoption of new technologies for end users, including cloud-based services.
More sobering, approximately 61 percent of respondents confessed that they have “often or frequently” done the following:
· Accidentally forwarded files or documents to individuals not authorised to see them.
· Used their personal file-sharing/file sync-and-share apps in the workplace.
· Shared files through unencrypted email.
· Failed to delete confidential documents or files as required by policies.
Ponemon’s research concludes that these file-sharing issues are making enterprises extremely vulnerable to data loss and compliance violations. This vulnerability is heightened for regulated industries like financial services, where the risks and repercussions of data loss are more severe. The research also showed that employees are acting badly when it comes to data sharing and collaboration, routinely violating IT policy in order to get things done faster. Survey respondents indicated a lack of senior-level accountability in their organisations for developing and implementing file-sharing policies. Of senior level respondents, 44% did not believe they had the ability to manage and control user access to sensitive documents and how they are shared. Among respondents who do have that ability, their confidence in asserting it was mixed.
“The negative effects consumer-grade file sharing and collaboration platforms are having on the enterprise are clear,” said Daren Glenister, CTO at Intralinks. “CIOs need to regain control of data, and to do that they need tools designed for the enterprise with security and compliance in mind, but without sacrificing end-user ease-of-use. Shadow IT is a powerful force, and it is one that CIOs need help fighting if they are to ensure the security and compliance of critical data.”