File Sharing Apps Pose a Significant Data Breach Threat


According to the results of a recent survey [PDF] of 308 senior IT professionals in the U.S., 46 percent of respondents believe data is leaking from their companies due to the use of unmanaged file sharing products like Box and Dropbox, and fully 84 percent said the use of such "freemium" file sharing and synchronization products by employees has created security problems for their company.

The survey, sponsored by Intralinks and conducted by Harris Poll, also found that just 38 percent of respondents said they would trust freemium file sync and share apps to share confidential corporate documents, and only 31 would trust such apps for sharing their own personal financial information.

Still, those responses vary significantly by age -- 46 percent of people ages 18-44 say they would trust file sharing for their personal medical records, while only 14 percent of people 45 and older would do so.

And while 48 percent of private companies trust file sharing apps for regulated content, just 29 percent of public companies do so.

Surprisingly, executives are more trusting than the rank and file: 48 percent of respondents with the title of vice president or above would trust consumer file sharing services with confidential corporate data, while only 20 percent of respondents with a title below vice president would do so.

"This proclivicity makes it likely that there will be unauthorized access to sensitive information, and suggests more needs to be done to educate business leaders about the risks of file sharing," the report states.

Fully 88 percent of respondents said allowing users to access both their personal and business file sharing accounts from the same login poses a security threat, and 81 percent said allowing users to have both their personal and business files share from the same file sharing product poses a risk.

Still, 51 percent of respondents said that, even if a product had been blacklisted by other companies, they would consider using it if it could cost-effectively solve a problem.

"The characteristics that make consumer file sharing services attractive to employees can spawn governance, risk and compliance nightmares for senior executives," Larry Hawes, principal and founder of Dow Brook Advisory Services, said in a statement.

"Most companies, especially those in regulated industries, need to increase their visibility and control over file sharing policies, practices and technologies, while finding a way to maintain employee productivity and satisfaction," Hawes added.

In a recent eSecurity Planet article, Biscom president Bill Ho offered several tips for evaluating enterprise file sharing software, including reading the fine print before signing up, checking for SAS 70 or SSAE 16 Type II certification, and considering the pros and cons of cloud services.

"I believe there is a real and growing market for products and services that make it easy to share and access information," Ho wrote. "The road warrior of the past is fast becoming the de facto way people work -- wherever they may be ... so it’s imperative to have a solution either in place or in at least the planning stages. Take the time to think through the usage scenarios, the people who will need this type of service, and what devices and locations you will allow."