Is the disruptive influence of Shadow IT creeping into your organisation? It probably is, but you might know it by another name: Dropbox. The cloud-based file sharing service has become so ubiquitous (passing 300 million users earlier this year) that it now functions as a synonym for shadow IT: the use of technology that has not received formal approval from the IT department.
Dropbox has grown so rapidly since its launch in 2008 due to ease of use: the service makes it incredibly simple for users to send, sync and share documents across multiple devices. A late 2012 survey found that one in five people were using Dropbox to store and share company documents. Today, that number is likely to be even higher. There's only one problem: Dropbox is fundamentally a consumer file-sharing service that lacks the enterprise-grade protection needed for secure online collaboration.
The security issues associated with Dropbox (and similar file-sharing services like Box and Google Docs) are well-known. Last year, data protection guru Larry Ponemon told the Wall Street Journal that "consumer-grade file sharing apps are inherently insecure and susceptible to data leakage". And it's significant that on the blog post Dropbox published to celebrate passing the 300 million milestone in May this year (just six months after it announced 200 million users), the most recent comment simply reads: "Don't trust Dropbox for your important stuff."
However, for businesses that would rather keep their confidential information within official boundaries, the issue they face is slightly more complicated than 'many people in the office are using Dropbox'. This is because the 2012 Nasuni survey discovered that half of Dropbox users are aware that it goes against their company's IT policy - but continue to use the service anyway. This suggests that while many users may understand that using Dropbox to share company files carries risk, the desire for a convenient service overpowers their concerns. Alternatively, they may simply be under the impression that their organisation does not have a strict data protection policy.
As Dr Ponemon concluded: "[Consumer] cloud-based file-sharing apps coupled with careless or negligent employees create the "perfect storm" for a data breach." But how can you stop employees using a tool that is already highly popular, and migrate them to a service that is more suited to secure file sharing for business?
The answer comes in two parts: 1. Educate your employees about the dangers of consumer file-sharing apps, the importance of data security and the consequences of a potential breach; 2. Provide an alternative method of file sharing that remains accessible and easy to use, but also has the enhanced security credentials needed for a business environment.
Your business needs a tool with the functionality of a Dropbox or similar product (otherwise encouraging user adoption will be almost impossible), but also the ability to provide genuinely secure online collaboration. As a starting point, seeking out collaboration tool suppliers with ISO 27001 certification can be useful.