Should Companies Allow Employees To Use Cloud-Hosted File Sync/Share Solutions? Yes, With Precautions.
The Wall Street Journal published a point-counterpoint article on cloud-hosted file sync/share solutions like Dropbox, Google Docs, and myriad others. They chose a title I wouldn't have used myself, but there you have it.
I took the pro side. You can read the whole article here.
My side of the argument is here:
Yes: Employees Are Doing What's Best for the Company
By Ted Schadler
Why do employees use cloud-based solutions like Dropbox, Box and SugarSync to sync and share files? As well over 100 million Dropbox customers have learned, it's because these services make it a cinch to move files from a computer to a tablet to a smartphone to another computer and back again. And it's a much better solution than email for sharing a bucket of files with others.
These services began life with a focus on home scenarios. But it didn't take savvy employees long to realize that these services also solve three big productivity problems at work: 1) getting all your work files on every device you use for work; 2) sharing files with colleagues; and 3) sharing files with trusted partners and customers.
So, should IT organizations allow employees to use these cloud-based services? That question is patently absurd. Why should an IT organization dictate what employees do to get their work done? Who made IT responsible for policing employee behavior and tools?
If your answer is, "the CEO did," then it's time to re-examine who's really responsible for deciding how much technology-based business risk to tolerate.
IT's primary responsibility here is to assess and communicate what the risks are so a business executive or leadership team can decide whether the risk is worth taking. CIOs at companies like Lloyd's of London, Intel and Kodak have done this.
Don't Squelch Innovation
Forrester's research on why employees—and their managers—bring readily available technology to work demonstrates that these employees are business innovators. Employees who feel empowered to solve business problems and use personal technology to do it are twice as likely to be company leaders, to innovate a core business process and to advocate for their company's products or jobs. If encouraging employees to experiment with personal technology for work encourages more results like this, then who is IT to stand in the way?
I am not advocating chaos or irresponsible behavior or turning a blind eye to potential risks. I am instead advising CIOs to get much closer to these business-technology innovators to understand why they are using personal technology at work, then make sure employees know their personal responsibilities and find practical solutions that balance benefit against risk.
There is a safe and reasonable approach for every company to choosing a file sync/share service:
1. Find out what level of technology or business risk your executive team will tolerate. If they say no to file sync/share solutions, lock down the network. But do it at your own risk: Employees are likely to just bring their own networks to work and use their own devices to circumvent those controls.
2. Analyze what, precisely, employees are doing with file sync/share solutions, then find a solution that delivers those benefits with the right level of control. It might be Dropbox. Or a more business-focused solution like Box or Egnyte or EMC Syncplicity.
3. If security is paramount, go with a vendor like Intralinks or BoardVantage with a more secure—and likely more expensive—business solution.
Make It Work
Your security team will give you many reasons to shut down any of these services, particularly if it uses the cloud. But most of those reasons are transient problems, as every file sync/share vendor continually adds functionality to protect consumers and companies.
Personal file sync/share solutions have become business file sync/share solutions. Your employees got there first. So tap into the passion employees bring to the job by letting them try out new solutions, then harden those solutions as necessary to meet your security requirements.