Not wanting more sleepless nights, I immediately alerted my firewall guy, who pulled up a report on the accessing of personal cloud storage sites from corporate locations that are monitored. As it turns out, cloud storage sites were being accessed quite often. That was alarming, but when we took a closer look, we saw that most of the cloud storage activity involved personal photos, music and videos. Fine; cloud storage is ideal for that sort of thing, and it keeps all that personal data from hogging space on our servers via employees' network-share H: drives. But some sensitive data, including strategic product road maps, had been transferred.
Pulling the Plug
That was all I needed to see to convince me that I had to pull the plug on the cloud storage initiative until we can figure out a way to properly protect data.
Some vendors have made progress in this area, but so far, none meet my requirements, which include limiting access to restricted company resources. I don't want employees downloading data to an Internet kiosk in, say, Cancun. I checked in with Legal and then decided to block access to the entire category of personal storage sites by reconfiguring the content-filtering functionality of our new firewalls. (We had to make a few exceptions that would allow us to continue sharing data with partners, but those exceptions were few and far between.)
I'll be keeping my eye on the fast-changing cloud storage industry, and when I find a vendor that satisfactorily addresses the security risks, I will reconsider our stance. But for now, we're keeping our storage capacity in-house, where we can keep an eye on our data.
This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at email@example.com.