“Box Sync will automatically scan your file tree and sync new files and folders to your computer.” – Box website
With all the sophisticated mobile devices and cloud apps we’re using these days for personal or professional uses, it’s easy to overlook certain features that can spell disaster for an organization. Case in point: auto synchronization. Specifically, I’m talking about when email and files are automatically synced from the cloud with your mobile devices and PCs. It happens with Box (see quote above), Office 365, and several other collaboration-type applications where data is synced automatically, sometimes unbeknownst to the user. Of particular concern to CISOs and IT security managers is the syncing and data proliferation that occurs with unmanaged devices. These could be mobile phones or tablets that aren’t owned or controlled by the organization or perhaps unmanaged PCs at home or at hotel business centers.
Take Office 365 as an example. There’s a wide array of services that fall under the “Office 365” umbrella (Outlook, OneDrive, and SharePoint, to name a few). Many of these have the ability to sync automatically with mobile devices and PCs. Inevitably, this means that sensitive business-critical data is at risk.
What kind of risk you ask? You could have a spreadsheet that contains employee social security numbers, personal health information, or revenue forecasts getting automatically downloaded to personally owned tablets and smartphones. If these types of information were to leak out, either inadvertently or maliciously, the consequences could be disastrous. That’s because existing DLP solutions don’t monitor traffic to unmanaged devices, which leaves you with gaping holes on the security and compliance fronts.
On top of that, you’ve got regulatory requirements to factor in. HIPAA, PCI DSS, and others require organizations to ensure the protection of sensitive data like personally identifiable information (PII), personal health information (PHI), or payment card information (PCI). That’s why CISOs fret over the data proliferation that results from the auto-syncing feature of cloud apps like Office 365, Dropbox, and Box. They’ve become massive repositories of sensitive data thanks to their growing popularity among employees in the workplace.
What all the above calls for is a way to manage data synchronization with these unmanaged (or untrusted) devices – that puts the organization in control. In this way, you can better manage the flow of sensitive information to or from devices you’re not so sure about. Another alternative, if you don’t want to be so draconian, is to restrict editing to online documents only. In other words, you can prevent users from downloading documents to unmanaged devices, but you can still let them view or edit docs while online.
As you can imagine, there are a dizzying number of scenarios possible when you consider all the employees and the different roles, permissions, responsibilities, access rights, etc., associated with each person in an organization. Yeah, maybe it’s OK for the CFO to edit a document online, but it might not be OK for a marketing person to do so. Granularity is the name of the game here, and it’s the key to getting the most out of these cloud apps while ensuring that the business keeps chugging along without compromising security and compliance standards.
Organizations these days realize that cloud apps are here to stay and that they are crucial for increasing employee productivity and fostering workplace happiness (i.e., “let the people use the apps they want to use so long as access to the apps can be properly managed to minimize risk”). Thus, when it comes to data protection in the cloud, certain solutions can be implemented to enable the safe, compliant, and productive use of cloud apps.
Imperva Skyfence is a cloud access security broker (CASB) that understands the serious threat automatic synchronization poses to an organization’s reputation, brand, and bottom line. It’s the only CASB vendor that can distinguish between managed and unmanaged devices and to set granular policies on limiting data proliferation on top of that. At a time when data leaks and security breaches are getting much mainstream attention, Imperva Skyfence provides the tools for organizations to effectively control data proliferation so that the corporate brand stays intact. . . and out of the headlines for all the wrong reasons.