Intralinks Holdings, Inc. (NYSE: IL), a leading, global SaaS provider of enterprise content management and collaboration solutions, recently published new independent research with the Ponemon Institute into the security threats caused by unsanctioned file sharing. The report, “Breaking Bad: The Risk of Unsecure File Sharing,” shows that organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees and that employees routinely breach IT policies and place company data in jeopardy.
“Data leakage and loss from negligent file sharing is now just as significant a risk as data theft,” noted Larry Ponemon, chairman of the Ponemon Institute. “While most companies take steps to protect themselves from hacking and other malicious activities, this report shows that these same organisations are entirely unprepared to guard against risky and ungoverned file sharing using consumer-grade applications like Dropbox. The findings in this report are shocking and identify the holes in document and file level security, which are in large part caused by their expanded use beyond the corporate firewall. The goal of senior leadership should be to provide appropriate, secure solutions and enforce policies to reduce the risk created by employees’ behaving badly.”
Featured Download: Social media access at work. Do your employees know the rules?
The research found that file sharing poses a major threat to enterprise security and that senior managers at organisations are having difficulty setting and enforcing effective policies to safeguard against data leakage. The report concludes that many organisations are vulnerable to both data loss and non-compliance due to cloud file sharing and improper file sharing practices. And it starts from the top down. Further, it is clear that the enterprise IT department has lost control of user application decision-making, as well as of company data.
Report Findings
More than 1,000 IT security professionals from the United States, United Kingdom, and Germany were surveyed. Key findings from the report include:
· Almost half (49 percent) of respondents believe their company lacks clear visibility into employees’ use of file sharing/file sync and share applications.
· Half of respondents (51 percent) aren’t convinced their organisations have the ability to manage and control user access to sensitive documents and how they are shared.
· The majority of organisations have policies governing the use of file sharing, but policies are not being communicated to employees effectively.
· Only 54 percent of respondents say their IT department is involved in the adoption of new technologies for end users, including cloud-based services.
More sobering, approximately 61 percent of respondents confessed that they have “often or frequently” done the following:
· Accidentally forwarded files or documents to individuals not authorised to see them.
· Used their personal file-sharing/file sync-and-share apps in the workplace.
· Shared files through unencrypted email.
· Failed to delete confidential documents or files as required by policies.
Ponemon’s research concludes that these file-sharing issues are making enterprises extremely vulnerable to data loss and compliance violations. This vulnerability is heightened for regulated industries like financial services, where the risks and repercussions of data loss are more severe. The research also showed that employees are acting badly when it comes to data sharing and collaboration, routinely violating IT policy in order to get things done faster. Survey respondents indicated a lack of senior-level accountability in their organisations for developing and implementing file-sharing policies. Of senior level respondents, 44% did not believe they had the ability to manage and control user access to sensitive documents and how they are shared. Among respondents who do have that ability, their confidence was mixed.
“The negative effects consumer-grade file sharing and collaboration platforms are having on the enterprise are clear,” said Daren Glenister, CTO at Intralinks. “CIOs need to regain control of data, and to do that they need tools designed for the enterprise with security and compliance in mind, but without sacrificing end-user ease-of-use. Shadow IT is a powerful force, and it is one that CIOs need help fighting if they are to ensure the security and compliance of critical data.”
Click here to get a free copy of the research report.
About Ponemon Institute
Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries. For more information, visit www.ponemon.org.
About Intralinks
Intralinks Holdings, Inc. (NYSE: IL) is a leading, global technology provider of inter-enterprise content management and collaboration solutions. Through innovative Software-as-a-Service solutions, Intralinks solutions are designed to enable the exchange, control and management of information between organisations securely and compliantly when working through the firewall. More than 3.1 million professionals at 99% of the Fortune 1000 companies have depended on Intralinks’ experience. With a track record of enabling high-stakes transactions and business collaborations valued at more than $23.5 trillion, Intralinks is a trusted provider of easy-to-use, enterprise strength, cloud-based collaboration solutions. For more information, visit www.intralinks.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.