The connectivity compromise

Humans love the path of least resistance. After all, we’re all incredibly busy and just do not have the time to mess around spending excessive time on, well… anything that’s not absolutely necessary. This is not news to anyone, but ironically, it’s something that IT teams spend a disproportionate amount of time trying to control.

Today’s worker likes to use their own devices – phones, laptops, tablets – and applications that are designed for consumer use with them. Most organisations are very happy to allow their people to access company data from personal devices. In most environments, this kind of flexibility is a productivity win, but it can also represent something of a compliance nightmare when that beloved path of least resistance lures employees to file sharing tools outside of the company control. Free applications like WeTransfer, DropBox and OneDrive are hugely popular, even where companies offer their own IT-approved alternatives. The upshot is that nearly everyone uses them to share information, both with their colleagues and to send files outside of the organisation.

However, the risks are considerable. In a large company, simply ‘not knowing’ who is holding and distributing files is seriously problematic and organisations leave themselves open to fines if they are unable to identify what information they hold and who it has been shared with. It’s not the purpose of applications like DropBox to automatically apply retention policies and governance compliance mandates, and sensitive documents contained there need to be managed manually – with care – so you can understand why this would cause a sharp intake of breath for any IT team. This and an almost absolute lack of visibility makes the task of GDPR compliance almost impossible and especially frustrating where an organisation already provides an Enterprise Content Management (ECM) system that achieves the same outcome, but with all the security in place.

Sounds disastrous, doesn’t it? But the pull of the path of least resistance is only so strong because the alternative is awkward by comparison. Restrictions on email attachment sizes, difficulty connecting to the company system when offsite or just no provision for collaborating on the move – these will all send people straight to the no-fuss alternative because it’s been proven to work. No one should be surprised by this, but it does present something of a modern dichotomy: do businesses want their employees to work fast, efficiently and productively, using tools they are familiar with and that get the job done? Or should they completely clamp down in the name of security and safety? The short answer is that every organisation should think carefully about what constitutes a business-critical document and deal with those accordingly. For example, if you are a healthcare provider you would certainly want to use ECM to take care of digital patients records since they are confidential, and their safekeeping is essential. However, you can still decide to use DropBox for sharing other files and to support collaboration. The key is in understanding which documents are business-critical and to use a solution that ensures their security and compliance.

There is certainly an educational element to put in place when it comes to the use of personal mobiles or laptops for work activities. What’s the best device? How do you select the right security settings? This kind of guidance and auditing can help to strike a real balance of productivity and security. But overall, there’s a real argument for putting IT managers in a position to meet employees somewhere in the middle, giving them a central role in businesses operations. This alone would foster a broader understanding of the issues involved and the ability to identify when a battle is simply unwinnable without compromise. Ultimately, this knowledge helps IT Managers to invest their future budgets in solutions that mimic the convenience and capacity of the less secure alternatives.