OK, I’ll admit it. I love cloud storage. Not huge, datacentre style stuff, just simple stuff like Dropbox. Why? Well, mostly because it makes keeping things available on all devices a lot easier, and honestly, it makes me way more productive. In fact, it makes employees as a whole way more productive. So why aren’t more organizations touting these solutions?
When it comes to cloud storage there are tons of options. Off the top of my head there’s Dropbox, iCloud, Google Drive and more recently, VMware’s project Octopus. They all essentially do the same thing, they let users connect to a cloud based folder and access files from anywhere on just about any device. It’s simple, efficient and a lifesaver when you need access to something and you have no physical access to your computer. For sales people this means they can store a corporate presentation and access it on a tablet at the customer site instead of lugging around a laptop. But ofcourse, there are lots of great reasons that companies loathe it just as much as they love it. You guessed it, security.
There are really 2 key issues when it comes to cloud storage: DLP and ownership. From a DLP perspective, unless you properly control your documents from a corporate standpoint (ie put in the right permission controls and access controls) it really makes leaking corporate data as easy as using a USB stick. It’s actually easier since you can transfer documents instantly to anyone with access to your cloud folder. It’s a nightmare for organizations who haven’t implemented the right access controls.
From an ownership perspective, there is a lot of debate around who actually owns the data stored in cloud folders. While users will argue that they own the data and thus have sole control over it, there really is an argument saying that the cloud provider owns it as it uses their technology. Additionally, can you really be sure that they aren’t accessing your data unknowingly and making copies?
The truth is that as a user we have to take these things with a grain of salt.
If you’re smart, don’t store key personal documents in these cloud folders. Common sense should rule here. And you also don’t want to put your corporate documents that contain sensitive information unless you want to run the risk of being the next victim of DLP.