Many employees are clueless about best practices for the cloud

The cloud is obviously a sensitive issue when it comes to data security, and every business should have a cloud policy – but some employees haven’t got the foggiest whether their company does or not.

This is one of the findings of a survey commissioned by Trustmarque and carried out by TNS, which discovered that 56 per cent of office workers said their company didn’t have a cloud usage policy – and 28 per cent didn’t know whether there was an active policy or not.

Furthermore, of those who were aware of their firm’s cloud policy, half of them (48 per cent) chose to ignore it, because it prevented them from doing their job properly. It’s the old story of shadow IT and consumer cloud services being used, because a decent alternative isn’t being provided by IT departments.

One in five of those surveyed said they had uploaded sensitive company data to a personal cloud storage locker or consumer file-sharing service.

James Butler, Cloud Services Director at Trustmarque, commented: “A significant number of employees continue to steal or place sensitive company data in danger, as a result of using unsanctioned cloud applications. For IT departments, the ongoing challenge is maintaining an IT environment that supports employees' changing working practices, but at the same time is highly secure. A blanket approach towards blocking unsanctioned applications can often be unrealistic.”

He added: "IT departments need to be able to analyse the activities that pose the greatest risk (e.g. sharing data outside the company) and block them specifically to mitigate risk. To do this, real-time visibility into how every cloud application is being used is essential. Only then can organisations enforce smart usage policies and foster safe cloud application practices, and with the latest cloud management and analytics tools, it is now possible to achieve this."

Topics