Traditionally, privacy and cybersecurity efforts have focused on how companies can protect their IT assets from intrusion. Literally billions of dollars have been invested in developing security measures that limit and control access to servers, workstations, laptops and mobile devices. But in today’s cloud-computing environment, these extensive (and expensive) efforts may not be sufficient. The true objective is not to protect the IT assets, but the data that they store. And with increasing frequency, employees are storing sensitive, proprietary data on assets that their companies do not control. Thus, to capture and address this extra-company activity, a comprehensive approach to data privacy and cybersecurity needs to be data-centric rather than asset-centric.
Let’s just state this as a fact: If you have employees with laptop computers, some proportion of them is storing company data on assets your company does not control. Yes, this certainly includes those pesky flash drives that are prone to being left behind at airport security. But the greater concern is posed by the free file-hosting services that proliferate the Internet, such as OneDrive, Dropbox, Filedrive, Google Drive, MediaFire and others. Despite companies’ best efforts to provide employees with remote VPN access to data that is safely stored on company servers, many employees don’t use it — at least exclusively. Instead, employees are drawn to file-hosting services because they want to be able to easily access their files from anywhere, and are resistant to the limitations imposed by VPN keys and the requirement that a device be loaded with VPN software.