Without the proper security and compliance controls, which includes knowing who’s accessing and sharing data in OneDrive, that data is available to literally anyone with an internet connection. Ironically, this accessibility is OneDrive’s biggest disadvantage. The average company stores 6,097 files with “salary” in the file name, and 1,156 files with “password” in the file name.Ĭloud platforms such as OneDrive provide efficient data storage, accessible to anyone with an internet connection.Of all shared files, 12.9 percent are accessible by everyone in the organization.Two percent of documents in file sharing services shared externally contain sensitive data.Recent research by McAfee’s Skyhigh Networks highlight the risk this limitation presents: Like other public cloud storage platforms, OneDrive lacks key controls that prevent users from uploading sensitive data and sharing it externally. While Microsoft takes security and compliance seriously, the primary focus is on productivity. Microsoft makes great products that significantly enhance a person’s ability to get work done. To condemn Microsoft is to miss the point. And, if CISOs lack visibility into file activity, the data is hardly secure. But while Office 365 offers an additional security layer (i.e., data encryption), these features alone don’t ensure your data is handled by or shared with only authorized users. OneDrive has key security features, including data encryption of files in transit and at rest, and two-factor authentication. But if CISOs don’t know what’s happening in OneDrive, they’re hesitant to let employees use it.ĭo not confuse security with compliance. Ultimately, IT must ensure secure file sharing and governance without creating obstacles for employees using OneDrive. Organizations put records containing personally identifiable information (PII) at risk of unauthorized access when they store this data in the cloud or share it with partners beyond the enterprise firewall.
Visibility into an organization’s file activity is imperative for governance and demonstrating compliance with the myriad laws and regulations designed to protect customer, patient or citizen privacy, such as the EU’s General Data Protection Regulation (GDPR), HIPAA and the new California Consumer Privacy Act. This limitation hinders an organization’s ability to oversee and control its content, including knowing who’s accessing sensitive information and with whom they’re sharing it. OneDrive, however, fails to provide IT with adequate visibility into the files users access and share.
0 kommentar(er)
