Employee use of cloud services puts business data at risk
UK companies are placing themselves at risk of cyberattacks and data breaches as a result of rampant use of cloud storage services and unclear or non-existent corporate policies.
The survey, conducted by CensusWide, of 1,000 office workers in organisations of 50 or more employees revealed widespread, and often unilateral employee use of cloud storage services could be leaving businesses with poor visibility of where their data is stored, placing potentially confidential data at risk.
Over 41 percent of employees use cloud storage services at least once a week. Despite this widespread adoption by workers across the UK, just 35 percent of employees used a company sanctioned service, whilst 43 percent were unaware of their employer’s policy on the use of these services. In addition, of those that use cloud storage at least once a week, 1 in 10 have no confidence in the security of their data.
Darin Welfare, EMEA VP at WinMagic, said: “This survey highlights the challenge businesses face when managing data security in the cloud. IT teams have had to cede a level of control as employees have greater access to services outside corporate control and this research indicates that IT must take additional steps to protect and control company data in this new technology landscape. The wide range of employee adoption of these services also means an additional layer of complexity when devising corporate policies and education programs for the use of cloud storage services.”
Employees are increasingly accessing work documents and services outside the office, particularly among regular users of cloud storage. The survey revealed 70 percent of employees who use cloud storage at least once a week will also use work equipment at home at least once a week, significantly higher than the UK average of 47 percent.
There’s a clear disparity between employee use of cloud services and company IT policy, which suggests that businesses must increase focus on devising clearer security policies and better staff training programs in order to minimise the risk for the business.
Darin Welfare added: “One of the key steps that any organization can take to mitigate the risk from the widespread use of unsanctioned cloud services is to ensure that all company data is encrypted before employees have the opportunity to upload to the cloud. In the eventuality that the cloud vendor does not adequately put in place control mechanisms and procedures to ensure security across their infrastructure, sensitive and valuable corporate data is still encrypted and cannot be accessed and understood beyond those who have the right to. This approach provides the company with the assurance that the IT team is in control of the key and management of all company data before any employees turn to cloud storage services.”
The survey also revealed:
- Half (50%) of respondents use personal equipment to access work information and services at least once a week
- 47 percent of employees use company-issued equipment at home at least once a week.
Darin Welfare concluded: “This survey should serve as a wake-up call for IT teams to focus resources on crafting the stringent security policies, and employee education programs that will help the business stay secure. It also indicates that this is not something that is only down to employee behavior. Businesses need better training for all staff on the potential dangers of cloud services. Businesses must catch up with the employee cloud revolution or risk potentially catastrophic data loss.”