Cloud-based digital document archive services such as Dropbox and Yousendit! have infiltrated U.S. companies in a big way and the result is a huge security hole.
Of the 622 IT and IT security executives polled by the Ponemon Institute (19% of whom are in financial services), 60% said employees within their organization frequently or very frequently move large files containing business confidential information to such Internet-based file-sharing apps without asking permission. A little more than half - 51% acknowledge this activity could result in the leakage of confidential information.
A study conducted recently by Palo Alto Networks had similar results. The research looked at the use of such software at 2,036 organizations between November 2011 and May 2012 and found an average of 13 different browser-based file sharing documents on each network.
"The take-up rate of these technologies in the workplace is enormous," says Larry Ponemon, chairman of the research group. "These file sharing and file transfer technologies are very convenient. It's not that people are doing it because they're trying to steal data, but they lead to a big problem if companies aren't aware of it and don't implement security over it."
Such services let employees move data and files to a cloud service and later retrieve them from their mobile phones, tablets or home computer. "That kind of movement of documents to the cloud can create a vulnerability, partially because the company's IT and security people may be completely out of touch with the end user and not even know that those risky documents are floating out there," Ponemon says. "We found that an eye-opener. The world of cloud and the convenience of it creates a security nightmare."
The good news is that IT practitioners in general are aware of the danger, the study found. A third (33%) of respondents don't believe their organization's confidential and sensitive documents -such as product designs, marketing plans and merger documents - are fully secured. Almost two-thirds (65%) believe there is a risk these documents could end up in the hands of unauthorized parties, even competitors.
