In a digital, cloud-collaboration world, it’s hard to know for sure who can access your data. Make no mistake; cloud collaboration has distinct benefits. It allows you to provide your remote employees and distributed teams with the tools they need to work together much more cost-effectively than if you attempted to provide those capabilities using your own infrastructure. Cloud collaboration platforms are also scalable – another advantage over using on-premises infrastructure.
Cloud platforms, such as Google Workspace and Microsoft 365, also offer your teams built-in organization and consistency so that they can work more productively. These platforms give your employees tools to create documents, spreadsheets, and slides, communicate with messaging and email, meet virtually, and securely store their work so the data they need is accessible.
And, yes, cloud collaboration platforms have built-in security features. For example, collaborators can keep documents private, share them only with people inside an organization, and limit whether collaborators can change or upload data vs. only view and comment.
However, data loss prevention continues to be a challenge. No matter how many data loss prevention features a platform includes, there will always be a risk factor that software can’t control: The fact that people use it.
If employees never made a mistake, data would be rather secure – but it’s important to live in the real world. People get distracted. They can work too fast to pay attention to details, and sometimes, they just do the wrong thing.
It wasn’t as much of an issue when all of your data was collected, generated and used on a local network and stored in an on-premises data center. If someone asked you then where your data was, you could point at servers and add that it was also backed up and stored off-premises. Of course, employees still made file-sharing errors, but they occurred within the perimeter of your network, and the damage was usually much easier to mitigate.
In today’s work-anywhere culture, however, collaborators using a cloud solution can share files with team members in the same building – or halfway around the world. Your employees creating and sharing documents and files have the power to ensure only authorized people can access sensitive information or to put it (and your business) at risk.
Here are a few examples of where your data may be after an employee makes a file-sharing mistake.
In these scenarios, the answer to the question of where your data is at the end of the day is unsettling at best.
As a business leader, you’ve probably developed some tolerance for errors, but file-sharing mistakes that put company data at risk is one you need to address. The 2021 Verizon Data Breach Investigations Report states that about one-fifth of all data breaches can be traced to “miscellaneous errors.” In addition, research for Ponemon’s 2020 Cost of Insider Threats Global Report found that the average cost associated with data breaches caused by employee mistakes is $370K.
Those statistics prove that employee mistakes that lead to data breaches aren’t something you can brush off or chalk up to “the cost of doing business.” When you decide to build a strong data protection policy and create a system of transparency and accountability, you’ll see that manual methods are inadequate. Your management team can’t watch over each employee’s shoulder to ensure they aren’t sharing data with the wrong people or granting liberal permissions that put data at risk.
A more practical – and effective strategy – is to deploy an intelligent data loss prevention (DLP) solution specifically developed to protect data in cloud collaboration platforms. An intelligent solution will continuously monitor your data in the cloud, differentiate between sensitive files and those that can be shared without consequence, and alert you when data is at risk.
When you use this technology in combination with well-trained teams aware of file-sharing mistakes and how to avoid them, you can answer questions about where your data is — and know for sure it hasn’t been exfiltrated or shared with the wrong people.