Why is using tools like Dropbox or Box potentially
hazardous for your company?
Ian Lopez, Legaltech News
While technology has enabled us to send
documents to colleagues anywhere from across the ocean to across the office, it
has also opened doors to all sorts of threats that can have severe consequences
for a business. This reliance on web-based and software solutions for office
tasks has led to the creation of various tools for collaboration and
communication, many of which, despite high favorability among employees, may
not meet the security and integration standards of the modern enterprise or law
firm.
In the Eyes of IT, This is Serious
If you're reading this article, then it's almost
certain you know what Dropbox is. There's also a significant chance that you
use Dropbox and similar tools for collaboration. In 2013's Mobile World
Congress event in Barcelona, the company's CEO claimed that users were saving 1
billion files a day to Dropbox storage.
Despite the popularity of Dropbox and other
consumer information sharing tools, their use can be a headache for IT. That's
because, when using commercial content management tools, IT doesn't always know
where company data resides, explains Tim Van Caeyzeele, IT manager for
Belgium-based HR law firm Clayes & Engles. In addition, with consumer
tools, IT doesn't necessarily know where servers are located, which can be
problematic when sharing data due to regulatory compliance and governance.
"We are not in control; we have no clue
where our data is going to," Van Caeyzeele says. "I have no idea
about [a company's] security policy, their theft prevention policy, etc. It may
be secure, but I have no idea. They don't [communicate] with us because we
don't have a contract with the company. So it's totally uncontrolled."
Van Caeyzeele notes that there have been
instances when his firm was unable to find data from users who had stopped
working for them, because to transfer files, "they had created a Dropbox
file, then closed it down. And they don't understand why IT doesn't have the
data."
"The end user, from their point of view,
[thinks] 'IT knows all and has it all,'" he adds.
Given the highly-sensitive nature of their
information, some law firms are investing in technology that allows for more
secure sharing of documents. According to ILTA's 2015 survey on legal tech
purchasing, 10 percent of firms had purchased content/document management
solutions in the past 12 months, while another 10 percent planned to do so in
the coming year. The American Bar Association's (ABA) 2015 Legal Technology
Survey found that nearly 22 percent of lawyers are using a document management
system for document collaboration, while a little over 12 percent utilize firm
intranet.
Perhaps not surprisingly, nearly 95 percent of
respondents reported using "email attachments" for document sharing,
a platform that Ryan McClead, business transformation and innovation architect
at enterprise collaboration tool provider HighQ, describes as "essentially
insecure online storage."
"We talk to law firms all the time. [They
say], 'Oh, we don't use those types of things. We don't use Box or Dropbox. But
if you actually go through and see what people are doing with their domain
email address, there are lots of people using these things, and IT isn't aware
of it, and the firm management isn't aware of it," McClead adds.
Companies are aware of cybersecurity threats.
Among respondents to a 2016 Consilio survey of Legaltech New York attendees, 27
percent said their organizations "rarely" or "never"
address shadow IT risks, despite 61 percent reporting being "very
concerned" or "concerned" with security risks posed by
cloud-based applications. An NTT Communications survey of IT and business professionals
in Germany, France, the UK and Spain found that 77 percent of respondents were
openly using third-party cloud applications, despite most knowing shadow IT use
was breaking company policies.
The Employee Dilemma
When companies provide secure platforms for
employees to share information, why do some still turn to shadow IT? Ken Grady,
lean law evangelist at Seyfarth Shaw, says "the challenge with [content
management solution adoption] lies in the users much more than it lies in the
systems right now."
The problem, he says, is that content management
solutions "depend on a sort of fatal weakness," which is users must
"be consistent" and up-to-date about uploading information. However,
"people just tend to be not very diligent" about that.
"It's human nature. What you're asking
people to do is a not very interesting task that sort of breaks up the rhythm
of their thinking and their day. So, you get some information, you know the
systems should be updated because of that information, you must either stop
what you're doing, go into the system, especially if it's one that you're not
constantly logged into, find the record, update the record, and then go back to
what you were doing," he says. "It is not the task that they want to
jump to do, and so it tends to get lost a bit in the wayside."
In addition to user interest, simplicity is
essential to getting users onboard. When it comes to using content management
tools for collaboration, users "will always go towards the easiest
solution," explains Ben Di Marco, CIO of law firm De Grandpré Chait.
"So if on a Sunday night [lawyers] need to share their document with a
client, they want to be able to do it quickly and easily. They're not going to call IT."
No comments:
Post a Comment