Digital transformation is changing the face of business. All business. As part of this shift, many IT leaders have decided to use their cloud collaboration tools for data protection and recovery—tools like Google Drive, Microsoft OneDrive, Box and Dropbox. According to a 2017 Intel Security Study, 74 percent of businesses now store some sensitive information in the cloud. And according to a Code42 customer survey, 67 percent of companies have data in three or more cloud storage services.
While a cloud-focused future is clearly the goal, there is still a considerable amount of data being saved to the endpoint. In fact, Code42’s 2017 CTRL-Z Study revealed that IT decision makers believe that as much as 60 percent of corporate information lives on user laptops. Over the course of our three-part blog series, we explore the critical role human behavior plays in how data is stored and protected as your business moves to the cloud.
Part 3: The consequences of the digital transformation/human behavior disconnect
Tools like Google Drive, Microsoft OneDrive, Box and Dropbox definitely have a role to play in a digital transformation strategy. They are great for sharing files, improving workflows, simplifying collaboration for team projects and enabling productivity. However, businesses need to be aware of the challenges posed by relying on them to safeguard and protect company data.
While employees might use these tools to share a specific file, Code42’s 2017 CTRL-Z study found that not every file makes it to an officially sanctioned cloud platform. For example, employees may have files on endpoints that they never intend to share with coworkers; or they may create multiple versions of a file before they are ready to share or collaborate. The final version gets uploaded to the company cloud, but the previous five versions that only exist on the user’s endpoint may be no less valuable to the business. This is why exclusively using a cloud file sharing or collaboration tool for data protection and recovery leaves companies exposed to a variety of harmful business situations, including:
- Data loss, when an employee deletes a shared file that collaborators can no longer access.
- Theft, when data moves from laptop to thumb drive to personal cloud storage.
- Breach, when malware or ransomware infects one laptop and propagates across a cloud system.
- Non-compliance, should they lose track of where all regulated information resides.
- Lost productivity, when collecting and preserving files for legal becomes manual.
As I mentioned in the first part of this series, employees are, at the end of the day, human. Humans tend to work in ways that make them feel the most productive and satisfied. You will always have employees who ignore policies that slow them down; this is true from your C-level executives all the way down to your most junior employees. And as I covered in the second part of this series, you’ll never have one policy that works for all of your employees, because there are four distinct types of users today when it comes to data storage.
In short, organizations need to recognize and accept that employees don’t create, share and store their work the way companies expect. Asking them to back up their files to cloud platforms is just as unrealistic as asking them to back up to file servers.
So, what can be done to overcome this gap between human behavior and your digital transformation? First, your organization needs to accept a few statements as true:
- The files your employees create and store have value to the business.
- The majority of employee files today still live on endpoints, despite what your policies may state.
- Failing to protect every file from loss creates risks to productivity, security and compliance.
To ensure the best protection for your data, your security solution should not require intervention from users. If the solution requires action from employees to protect their files, you’ll wind up with critical data that’s unprotected. Your solution must cover all files on all endpoints and back up at regular intervals, so if a data loss incident does occur, the endpoint can be rolled back to a restore point before the event happened. The solution should offer separate archives for every user, so your organization’s data can’t be accessed if one user’s account is somehow breached. Finally, your solution should offer visibility into how the files in your organization move, whether they travel to removable media or to the cloud storage you’re using for collaboration. With data-level visibility, you can be sure every critical file in your organization is completely protected.
According to 451 Research, “60 percent of enterprises plan to shift IT off-premises by 2019, driven by digital transformation.” An important and sometimes overlooked consideration in making this shift is studying the workforce and how employees get work done. After all, employees are the ones creating the very ideas that are driving success in your organization. Are you using the right tools to make sure those ideas are being protected?
The Risks to Intellectual Property Stored on Endpoints