Enterprise data security is an incredibly important factor for all IT architects. While personal data holds great value, be that in the form of photos or emails, the data that a business produces is often much more sensitive. This could be financial documents, intellectual property, employee information and more. For this data to fall into the wrong hands would have massive repercussions on a business, not only legally and financially, so it’s vitally important that the systems this data is stored on are well protected.
It might be that the data sits on a variety of systems. For example, you could have a file sharing server, an asset management system and an intranet. It might even be that these files physically sit within the same storage facility, but it’s the way the data is accessed that’s different. Whatever the case, you need to ensure that the same level of security is protecting your data, no matter the system it lies on.
All of this can be mandated at a corporate level. The problem arises when your employees begin using third-party platforms. These can be cloud storage services, like Dropbox or Google Drive, file sharing services, like WeTransfer, or project management systems like Basecamp. At this point you, as a business, have lost all protection over your data. These services are now liable for the protection of your data.
Unless you’ve signed an explicit agreement with a provider that details the level of security they’ll provide and the outcomes if a breach or loss should occur, no sensitive business data should be stored on a platform outside of IT’s control. Of course, you probably already know that. It’s your employees that might not. Or perhaps they do know the risks, but they’re just opting for the service that is most convenient for them.
If the latter is the case, you need to assess your systems and understand the user cases for each of them. While data security should always remain the top priority, you also need to look at usability. A user just wants to get their job done quickly and the systems you provide need to support that. It might be that you look at using a corporate solution from one of the third-party providers.
Another issue that comes from this is where users use their personal email addresses when signing up for third-party services. For example, one user could sign up to Google Drive and then share personal business data to another user. Not only do you have an issue when it comes to identifying ownership or responsibility, but it also means you can’t control that data. If someone leaves your business then they can still access the data.
Essentially, you need to always ensure that you can control every single piece of business data. You need to know where it’s stored and you need to know who has access to it. Fail to do so and you’ll soon find that any security you might think you have will go completely out of the window.
Is Your Data Staying Within the Business?
No comments yet. Sign in to add the first!