12 Ways

12 Ways

Featured Article from Software Monetization

SafeNet Survey Finds C-levels Adopting 'Do As I Say, Not as I Do' Attitude on Security Rules

September 24, 2013

It almost goes without saying today that most of us enjoy the convenience of consumer-oriented cloud applications like Dropbox and Google (News - Alert) Drive for storing and sharing files. It also is a fact of life that we use such services on our laptops and BYOD devices in a business context, even though most IT security professionals consider such services insecure for enterprise use. In what can only be described as disconcerting, a new survey from SafeNet (News - Alert) Labs sheds light on just how many people are actually breaking enterprise policies and rules regarding the use of such services, and, surprisingly, C-level executives are amongst the worst offenders despite their avowed concern over security issues.

SafeNet Labs, a company that recently announced SafeMonk solution provides strong “tapproof” encryption for enterprises using third-party storage and file sharing services, polled hundreds of business professionals to gauge their use and level of concern about such cloud-based applications. They found a disturbingly large number of employees store personal and professional data in the cloud. What’s more, despite acknowledging the risks, most aren’t bothered by it. In fact, the high-level headline here is that more than one in five employees of organizations with policies against services like Dropbox (News - Alert) say that they use it anyway.

Other key findings include:

  • 64 percent of respondents say they store personal or professional data in cloud applications.
  • 53 percent acknowledged that this could be a security risk. However, more than half said they don’t worry about it. In fact, when asked what keeps them up at night regarding their data and information, more than half answered, “Nothing keeps me up; I sleep like a baby.”
  • Only 28 percent have a corporate policy regarding usage of file sharing applications like Dropbox, while another 33 percent don’t even know whether there’s a policy.

Where things get really interesting is in the finding that the higher a person is on the corporate ladder, the more they use file-sharing services like Dropbox, despite company policies against it. Ponder these findings for a moment:

  • 33 percent of C-level titles said “yes” versus 18 percent of associates.
  • The majority of respondents, 59 percent, said they “wouldn’t be surprised” if they found out that their boss or executives were using file-sharing apps like Dropbox, despite a policy against doing so.
  •  In general, C-level executives (39 percent checked “Yes”) are less concerned about security in the cloud than associates (54 percent checked “Yes”).

This clearly is a case of “Do as I say and not as I do,” which has major repercussions. Talk about an instance of mixed messages!

“What this survey suggests is that cloud app usage and document storage continue to proliferate, and that organizations should reexamine antiquated attitudes towards usage of these apps across the enterprise,” said Tsion Gonen, Chief Strategy Officer, SafeNet, Inc. “It’s clear that top-level executives understand the advantages of cloud app usage, and should enable their companies to leverage these advantages by adopting contemporary security tools and practices.”

image via shutterstock

Geographical differences and user concerns about security

Location also factors into respondents’ attitudes about data security in the cloud.

For example, the usage of cloud-based apps is far greater in EMEA than in the U.S. or APAC; so too are the levels of concern about data security and corporate policies against using cloud apps. However, EMEA respondents are more likely to ignore those very same policies.

Who they are concerned about also varies. Interestingly, when it comes to their data privacy, which now dominates daily headlines, respondents in the U.S. and EMEA are most concerned with the government, while APAC is most concerned with Google. Plus, APAC respondents as a group expressed more concern about their information being maliciously compromised. And, in one of the not so surprising findings, 52 percent of respondents are most concerned with someone hacking into their banking and financial apps.

As to the systems most frequently used for file storage, they were Dropbox (39 percent) and desk drawers (25 percent). Email continues to be the dominant means for sharing files (68 percent), according to the data.

The facts in this case point to a looming issue in enterprises around the world that I have characterized in the past as “IT Anarchy.” As the utility of apps and third party services has captured the imagination of employees at all levels of business, the need to use the best tools available at the right time in order to get the job done has trumped security concerns. And, as with BYOD, where C-level desires to run their organizations in real-time on their personal devices has, in many cases, forced the issue on accommodating these desires and propelled the Mobile Device Management (MDM) and Mobile Applications Management (MAM) markets, so too should the vulnerabilities to third-party information and file-sharing services drive the need for solutions like SafeMonk.

The goal is to not hamstring users from having access to tools they believe are valuable, but rather to give IT the visibility and control it needs to ensure the risks of using such tools can be properly mitigated.

SafeNet Labs conducted this survey in August 2013. For a complete copy of the survey data set, contact Trisha Paine at trisha@safemonk.com.

Edited by Ryan Sartor
IDC Infographic