How to control file sharing when your organisation is home working

Posted by: Jo Love
Category: Advisory, Blog, Compliance, Data Governance, File Sharing, News, Sharepoint Governance

With increased home working comes increased file sharing. This creates data security concerns for businesses, particularly when the content of documents could be private or sensitive.

Current world events have accelerated the use of cloud technology and remote collaboration. In the past week alone, Microsoft has seen a 775 percent increase in overall cloud services usage in areas that have enforced social distancing, with over 44 million Teams users clocking up 900 meeting and call minutes daily.

Platforms like Microsoft Teams, Dropbox, Google Drive, Box, or Office 365 are great for sharing documents and can be really useful for team collaboration. But without the right measures in place it can be difficult to track where your data is being shared, by who, when and why. The unintended consequences of which could be a data breach.

Typically, files are shared 44 times more than their access is revoked. This leads to a spiral of out of control data even at the best of times. With the reported increase in usage reported by Microsoft, there will consequently be an unprecedented rise in the level of sharing too.

We can quickly see that at times such as this, it is even more paramount to establish and enforce clear data governance policies and remind business users of their responsibilities when it comes to avoiding data breaches.

You can no longer control file sharing manually

When it comes to sharing files and compliance, you can’t just implement collaboration platforms such as Teams or Office 365 without implementing data governance policies. Agree how you are going to manage and share files throughout the entire organisation and then go ahead with it, no buts or ifs. It has to be a totalitarian approach.

Once you have communicated the policies and practices, how do you police them? You can’t stand behind your business users to make sure they are classifying the data correctly even when they are in the office. It is even less plausible to do it when your business users are working from home. And you can’t expect your IT team to do this within their role either. You have to rely on an element of automation.

The automation could be a combination of encryption and rights management services in combination with data loss prevention technologies and cloud application security. The goal is to create a clear audit trail of who’s got access to which data, why and when.

For example, Torsion is one automated platform that works with collaboration tools to automatically monitor and detect any inappropriate access, out of date folders and permissions, or the movement of files. If anything doesn’t look quite right it will promptly alert a business user associated with the file and shut down any potential breaches. Owners or creators of files and folders can certify and revoke access themselves, taking the responsibility away from the IT function.

Only with automation will businesses be able to stay in control of their data during this massive surge in remote collaboration.

Emerging compliant after the storm

If we use the right automation tools to stay in control of who has access to what, why and when, we will consequently emerge compliant regardless of the volume of files being shared. After all we must remember that good compliance does not necessarily give you data security, but data security gives you good compliance.

There shouldn’t have to be a huge rescue mission to ensure compliance once people return to the office. Because data security is being automatically managed and controlled, when it comes to proving your compliance it should be as simple as pressing a button to export a report.

If you implement the right platforms, and many are easy to do remotely, we can all be confident that our data is secure and at any one time we can see who has access to what. Compliance can just become part of the woodwork, the way that people work.