It has been proven that cloud storage and file collaboration can introduce data leakage risks. Once sensitive files leave a protected and monitored environment, they may be subject to authorized access unless additional security measures have been applied. You put a file into a cloud content management system to be received by a contractor. The file is presumed secure as long as the file is within the cloud application.

But how secure is that cloud application? What happens to the file once it leaves the cloud application container on the contractor’s computer? What if the contractor forwards the file or loses his device? What if the shared file contains personal identifiable information or information on a customer’s project, and they may be subject to regulatory or legal restrictions?

These are a handful of the data protection and leakage risks that organizations must be able to empower their employees to understand and take control of. Companies need to establish a data protection policy or amend their existing policy that encompasses the use of sensitive information pertaining to cloud file storage and collaboration technologies. They also need to consider how to better effectuate policy and enable their employees to safeguard files leaving the firewall.

These data protection policies must be written and communicated to employees legally and in a meaningful manner to make the policy a practice. In order to facilitate writing a specific policy concerning cloud storage and collaboration technology, the company should first understand respective use cases and exposures that may exist within the organization, with regards to information being sent outside the company and shared with third parties; application hosting providers, contractors, partners and even other employees that may be in different countries.

This also requires undergoing data classification and protection mechanism definition and assessment; essentially what types of information is considered to be sensitive, regulated and/or confidential, and what methods of protection are necessary. This step is as valuable as documenting the outcome of the process that is required for compliance purposes, and this process will often identify technical control gaps.

The policy, which should be referenced within the employee handbook, should convey the required measures to classify and safeguard information that is destined for cloud storage and collaboration. Beyond a written policy, a simple data protection user guide is very effective.

The guide can express typical use case scenarios that further illustrate data protection requisites, including tables and frequently asked questions. The guide can also convey the potential risks associated with the use of unsanctioned file transport, storage and collaboration applications, as well as appropriate sharing of sensitive data with other employees, contractors, partners and customers.

The guide should express what applications, including enterprise content management and cloud storage tools, should be used, as well as the potential ramifications for the company and employees, should policies not be followed or an incident occur.

Lastly, the guide should provide the means to report issues, make recommendations and request support from human resources with regards to data protection. Beyond putting salient information in an employee handbook and reference guide, data security policies can also be reinforced with a presentation video and even by conducting departmental discussion. The more personalized the education provided to employees, the better.

Companies should also consider additional tools that employees can apply in order to better secure files they intend to share outside the firewall, such as file encryption and entitlement controls, which can close file security and collaboration gaps.

(About the author: Scott Gordon is chief operations officer at FinalCode, Inc.)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access