Are we sitting on a time bomb?
I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data. Let's briefly look at the findings first:
- 38% of U.S. office workers admit to storing work documents on personal cloud tools and services
- […] almost a fifth (16 percent) of people use Dropbox to store work documents, while Google Drive and Apple iCloud came in second and third place with 15% and 12% respectively
- […] 91% of workers also stating that they use personal devices to store, share, access or work on company documentation […]
- Regarding personal devices, almost two thirds (64 percent) of office workers use external hard drives to store work documents and almost half (46 percent) use USB drives. More than a third (34 percent) of people admit to using USBs to share documentation with others and 43% use external personal hard drives for the same purpose
- Half of U.S office workers want to be able to work from anywhere and almost half (49 percent) wanted to access all of their work documents in one place
- A fifth of U.S. workers also want to use their personal smartphones, laptops and tablets for work
According to the research, technology adds to people's frustrations in the office as key annoyances are:
- Not being able to send large files via email (31 percent)
- Wasting time searching for electronic documents (28 percent)
- Ensuring that you are using the most up to date version of any given document (21 percent)
- Getting documents approved by others (18 percent)
- Figuring out who has specific information about a project or task (17 percent)
In order to share and work on documents with people outside of their company:
- Almost two thirds (65 percent) of office workers continue to revert to sending email attachments
- Nearly a fifth (16 percent) use USB drives
- A similar amount (15 percent) send hard copies of documents via courier
- Eight percent send CDs or DVDs via mail
Shocking, no? Do we need to go out now and start to change the policies and punish the user? Well, this is what happens most of the time. We change the policies and then feel really good. However, I would guess that your user do all these things for a reason. This reason probably is not to feel cool but to do their job. A few weeks ago, I posted on Will the user define security policies in the future? where I quoted a study saying that at least 40% of the sales people had to circumvent security policies to do their job – to get access to information they needed to win a sale.
I guess it is time to re-think. Almost all the scenarios above can be done in a secure way with today's technology like Rights Management Services, Bitlocker To Go etc. So, it is probably more helping the user to do their job – but in a secure and safe way rather than tightening the policies – no? Do you have a different view on that?