Is it time to drop Dropbox?
From a business perspective, Condoleezza Rice can certainly open a lot of doors for the company, but the former US secretary of state is infamous for her public backing of the NSA's snooping activities, which understandably raises some concerns.
Whilst most businesses don't condone the use of services like Dropbox, unless they have an official policy in place, it's nearly impossible to restrict employee use. Employees will always find ways to do their job as quickly as possible, and this will always cause a conflict of interest between the CISO and the rest of organisation.
For the most part, people use services like Dropbox with good reason and good intention. When an organisation can't meet a need internally, people will look elsewhere for an alternative that can. Dropbox allows employees and clients to share large files quickly via the internet; files they were previously unable to send due to restrictions on the internal network.
The problem is, once a file leaves your environment you lose control. You don't know how your data is being stored or who has access to it. The threat of sensitive information being leaked is huge - the recent NSA revelations have made us more aware of this than ever.
In fact, in November of last year, we asked over 400 IT professionals in the UK for their thoughts on cloud security. Two thirds (64%) admitted that they were considering, or already had in place, official company policies restricting employee use of consumer cloud services like Dropbox or iCloud. Nearly half (43%) told us they had reviewed their security practices following the PRISM scandals.
Awareness is rising - and rightly so. To be able to protect sensitive data, managers need to know exactly where it is, how it's being handled, and most importantly by who. When working with cloud service providers, you should only work with ones you trust and who have the relevant security accreditations to prove their worth.
We talk about it a lot, but communicating the risks through the rest of the organisation is important. By making employees aware of the potentially damaging consequences of their actions, they're less likely to take short cuts that could end up costing the business.