Yet another cloud security scare story has been making the rounds. In this particular case, Chinese hackers targeted users by sharing a malicious file from free Dropbox accounts. While it wasn’t your traditional hack – Dropbox was not compromised and its users’ and customers’ data was never at risk — it was enough to trigger the usual slew of sensationalized stories in the press and it was enough FUD to make business leaders nervous.
Now that the dust has settled, how many IT professionals had to answer the question, “we use that app, so what are you doing to make sure we’re safe”? If you didn’t get asked this time, I’m sure it has happened before. If it hasn’t, it will. It’s an unfortunate inevitability.
The truth of the matter is that the problem here is bigger than Dropbox. Employees are using a number of cloud apps to collaborate, share sensitive information, and get stuff done, from more ‘consumerized’ apps like Dropbox and Evernote to super simple business apps like Trello and Basecamp. The characteristics of these employee-introduced apps represent a much larger issue, a much more disruptive trend that is forcing IT professionals to re-imagine what makes a great business app.
I think we can all agree that we’ve reached a point where employee introduced cloud apps are unavoidable in the workplace. They’re just too darn simple and useful, and the free-to-low-cost price tag certainly doesn’t hurt. But IT pros need a better way to monitor and understand what apps employees are using. This isn’t because they should be playing Big Brother or actively looking to block usage, but rather because they need to be better prepared to respond when these issues arise. And for the apps that businesses choose to endorse and use, there’s a need for robust controls that might help to avoid some of the stumbles and mitigate some inherent risks when using such apps.
For you IT pros out there, have you ever had to respond to the backlash such stories tend to create? If so, how did you make your boss or business leaders feel at ease with your company’s approach/readiness?