A new white paper on enterprise-grade file sync and share (EFSS) solutions points to a large and growing disconnect between the data security threats that enterprises are facing and the consumer-grade tools they’re relying on to combat them.
The report highlights the fact that 81 percent of organizations are still using consumer-level file sharing systems (CFSS) even though one in three enterprises has already experienced a data leak according to recent findings from CTERA Networks.
Of course, it's worth noting that CTERA is an EFSS vendor, which contracted Osterman Research to conduct the latest research. CTERA and four other companies —AeroFS, Intralinks, Storage Made Easy and Topia Technology — co-sponsored the paper.
We Need a Bigger Boat
According to CTERA’s SVP of Marketing, Jeff Denworth, the two sets of research point to the inescapable conclusion that if an enterprise wants to keep its data safe, it needs to upgrade, not only to an enterprise-level file sharing system, but to a private EFSS controlled by its own IT department.
Does that mean that the 135 Chief Information Officers (CIOs) Osterman interviewed for its report are naively relying on CFSS solutions, just as the hapless crew in Jaws watched its rickety fishing boat reduced to rubble by the great white shark?
CFSS Isn't Dead Yet
A more complex picture involving enterprise priorities, resources and IT culture emerges from the study:
- Although C-Suite executives are aware of the security risks and compliance issues their organizations face, only 55 percent of those surveyed consider the deployment of an EFSS system within the next year to be a "moderately high" or "very high" priority.
- The remaining 45 percent report that they are yet to be convinced that adopting an EFSS should be a priority, and cite tight budgets, ignorance of vendor alternatives, lack of IT resources and conflicting messages from senior management as the leading reasons.
We’ve Seen the Enemy and It Is Us
Is one group of CIOs right and the other wrong? That depends on how the risks are defined. To assess those, it helps to take a closer look at the sharing needs and behaviors of the 13,000 workers whose organizations were evaluated by the Osterman report.
In today’s digital and mobile enterprises, those workers need to shift data of all kinds and file sizes from one person or location to another. In the absence of approved enterprise systems, they turn to consumer-grade applications such as Dropbox or YouSendIt to accomplish their tasks.
As Denworth reminds us, "It’s not that employees are inherently evil. They are using these things because they make their jobs easier. You can’t just tell them to stop using [CFSS] if you don’t offer them an alternative. You can’t just close them down and then tell workers that their jobs have just become harder."
Assessing the Threat
Denworth stresses that CFSS applications are perfectly good for the tasks they are intended for, namely the sharing of non-sensitive information or images. Where CFSS solutions fall short and EFSS protocols should take over, is when compliance and security requirements dictate the need for data lockdown and control.
When is an enterprise level of control needed? One issue that the report identifies is that most workers and even some of their bosses take a shortsighted view of which CFSS applications pose a problem.
For example, it may not even occur to workers that the following should even be considered file sharing applications:
- Consumer versions of Skype and other Internet-based telephony tools
- Consumer instant messaging tools
- Social media tools including Facebook, Twitter, Instagram, Google +, Snapchat, Tumblr, YouTube, WhatsApp and Vine, among others
- Web conferencing solutions such as FaceTime, AnyMeeting and join.me, among many others
- Personally owned smartphones, tablets, laptops and home computers that employees use to generate and store work-related content
- The growing number of cloud-based apps, mobile apps and other tools that are used for work-related purposes
Hey Dude, Where’s My Data?
The Osterman study also raises concerns about the ways in which BYOD and employee mobility are affecting data storage. The report found that 13 percent of corporate data is stored on employees’ laptops, five percent is stored on smartphones and tablets and one percent is stored on employees’ home computers.
That may represent the tip of the iceberg according to Denworth:
“I would say that even the people surveyed can only guesstimate how much information [is out there in the wild]. That’s one of the problems, [that] no one knows how much information is out there but they know it is out there. We did a survey earlier this year and about one third of [respondents] came back and said ‘we don’t know how much we have lost but we have lost some sets of data'. In fact, the word they used was leaked. That is to say, lost control of it.”
And the problem is getting worse.
Making the Case for Private EFSS
For Denworth, the case for private EFSS is clear and compelling: "The conclusion is that more and more people are looking for private file share solutions instead of going through the public cloud. Our belief is that there is one key driver to this, namely security.
When you go and ask an IT organization what is the path forward, they are almost always going to say we want to own this and we want to control it very, very tightly. And it’s the response that you would expect. The trend is to move more and more of this behind the firewall.”
(The white paper, “The Critical Need for Enterprise-Grade File Sync and Share Solutions,” is available for download. Registration is required.)