Control over data use is inexorably slipping the surly bonds of IT policies: A new survey shows that one in five employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company.
According to SailPoint’s 7th Annual Market Pulse Survey, the use of cloud applications to share mission-critical information is absolutely becoming a norm, but IT policies have failed to keep up. There’s a “clear disconnect,” the company said, between cloud usage across the business and existing IT controls, with an alarming 66% of users able to access those cloud storage applications after leaving their last job.
With only 28% of survey respondents stating that corporate policies pay close attention to who is granted access to mission-critical software-as-a-service (SaaS) apps, the survey showcases the complex challenge companies face when trying to manage applications outside of IT’s control, as well as the risk of massive security breaches and internal theft faced by companies.
And, despite the fact that 60% of employees stated they were aware that their employer strictly forbids taking intellectual property after leaving the company, one in four admitted they would take copies of corporate data with them anyway.
So what’s the upshot of all of this? It’s clear, for one thing, that 2015 will not be likely to see fewer data breach incidents.
“The survey results are an eye opener of how cloud applications have made it easy for employees to take information with them when they leave a company,” said Kevin Cunningham, president and founder of SailPoint, in a statement. “With almost 20% of employees purchasing a cloud application for work without involving the IT departments, combined with the ability for employees to use consumer cloud apps for work activities, it’s virtually impossible to manage access to applications and the sharing of mission-critical data. In order to establish control over this ‘bring your own app’ phenomenon, it’s critical to provide specific incentives for end users to follow corporate policy such as offering users a seamless login experience in exchange for using a central access control framework.”
Steve Durbin, managing director of the Information Security Forum, noted that the criminals are meanwhile ramping up their focus on third-party suppliers—so cloud-based sharing across the supply chain becomes of more concern.
“A range of valuable and sensitive information is often shared with suppliers, and when that information is shared, direct control is lost,” Durbin told Infosecurity. “This leads to an increased risk of its confidentiality, integrity or availability being compromised. Over the next year, third party providers will continue to come under pressure from targeted attacks and are unlikely to be able to provide assurance of data confidentiality, integrity and/or availability.”