If you want to prevent your employees from using Web-based e-mail or file sharing services to send large documents, you’d better implement a secure, managed file transfer system, according to the Aberdeen Group Inc.
With the daily challenges sending large files and documents mounting, many employees are using online e-mail services such as Yahoo Mail, Hotmail and Gmail to send and receive corporate data. Some employees are even turning to Web-based file transfer services such as YouSendIt or zShare, which market themselves as a File Transfer Protocol (FTP) replacement for users looking to upload their video, audio, and other documents.
“It’s becoming a huge problem because these documents are not going through the organizations’ data protection processes,” Carol Baroudi, research director at the Boston-based Aberdeen Group, said. “These documents are not being scanned for content and shouldn’t be leaving the company. It leaves people totally vulnerable around data protection.
“I think it’s a horror show,” she added.
The research consultancy suggested that companies implement a secure file transfer system. This acts as a plug-in that seamlessly strips the big file from an e-mail and inserts a link in its place, allowing the receiver of the e-mail to simply download the file.
Aside from keeping your data more secure, it can make everything a lot more efficient, as employees don’t have to upload their files through third-party services, Baroudi explained.
“Also, when you send files through e-mail in wide distribution, you are creating multiple copies, filling up inboxes, which are then archived, and adding to storage sprawl,” she said. “If you send a link to a wide distribution, the people who really want it will download it and it won’t create those problems.”
FTP systems are a widely used alternative for file sharing in the enterprise, but the technology presents serious risks as well, and may be difficult to use for some employees. Baroudi said that drawbacks of FTP include the manual process for adding and removing files to the server, the lack of an inherent method for encryption, and the inability to verify whether a transfer is complete.
While Baroudi admitted that using Web-based services is not fundamentally insecure, the idea that your staff is inadvertently bypassing corporate security measures should be troubling to you.
But, she said, the employees are not the ones to blame.
Whether your organization’s corporate policy restricts the use of Web-based e-mail sites or not, many employees might feel they have no choice when sending large files.
According to a recent survey from EMC Corp.’s security division RSA, a majority of workers polled said they regularly feel the need to dodge corporate security policies in order to get their job done.
The survey found most respondents said they are “familiar” with their organization’s security policies. But these policies aren’t always black and white, according to Gartner Inc. analyst Frank Kenney. He said many companies are sending out mixed messages to employees.
“If I work for a company where I can’t use Gmail, but I have access to Gmail, the company isn’t giving me better way to send out large files, and they haven’t blocked Gmail, I’m going to use Gmail,” Kenney said.
“When employees use Web e-mail as a workaround, companies don’t know what kind of intelligence property is ending up in the cloud. They need the tools in order to transfer files safely.”
Staff often view IT and security policy as a hindrance to productivity, he added.
Baroudi said that secure file transfer systems are very easy to implement and would be affordable for nearly every enterprise.
“There’s a wide range of pricing depending on additional functionality, including the ability to restart a transmission, transmission verification, altering for failures, and authentication of the receiver,” she added.
— With files from IDG News Service