High-Risk Corporate Data Cloud Storage

Recently we have published on our blog page an article on the data breach causes. This time let us concentrate on the internal threat, i.e. high-risk behavior of corporate employees. One of the largest problems today is storing corporate data on sites not intended for sensitive internal data.

Almost everyone is familiar with this practice. We often need to share or edit a document with other coworkers, possibly even external workers, while working on an assignment. Cloud storage seems to be just the right fit. All coworkers can access the document, monitor any changes made by individual workers, and as a result, complete the assignment in less time.  Few people take into account the security risk they pose to their company, even though by doing so they violate the company’s security regulations. The regulations often state clearly where the internal files must be stored and prohibit sharing data on cloud storage sites.

A study published by the IBM Security provides specific numbers: more than 32% of employees admit sharing corporate data on cloud storage sites their employers have no control of, despite the internal regulations. This problem applies even more to “millennial employees“, i.e. employees born between 1975 and 1995 who are far more connected with the Internet. The study estimates that more than 50% of millennial employees use cloud storage sites for internal corporate affairs. Given demographic trends in the society, these numbers are expected to grow, and thus further increase the security risk.

According to the poll data, the following are the most common reasons for using cloud service to store corporate data: I can access data anywhere and anytime (47% of respondents); it simplifies my work and increases my efficiency  (37%); the cloud offers better and more convenient service than our internal network (27%); senior employees require us to work with the cloud (22%). Other reasons include an easier communication with clients or joy resulting from a deliberate violation of corporate rules.