Think about how many cloud services the average person uses each day. For most, it’s a mixture of services managed by their employer and others chosen for personal use. An IT professional might carefully manage the separation between those worlds, but it’s very easy for users to accidentally spread information from their work lives into their personal cloud services.
When this happens without the knowledge of the IT department, it exposes the organization to the risk of loss, theft or public disclosure of sensitive information. Here are four ways that businesses can better manage employee use of cloud services to detect data leaks and repatriate improperly exposed data.
1. Tap Google Alerts to Spot Data Breaches
Some of the most embarrassing and damaging exposures of sensitive information occur when employees accidentally publish such information on the internet. Administrators can set up a series of strategic Google Alerts to watch for the presence of sensitive information. For example, a search for “+site: yourcompany.com +SSN” might provide an early warning of places where you’ve accidentally exposed Social Security numbers to search engines.
2. Audit Cloud Permissions to Prevent Accidental Exposure
When employees make use of approved cloud services, be sure to audit the permissions for those services to prevent accidental exposure of sensitive information. It’s best to conduct regular audits of cloud service permissions, paying particular attention to publicly shared files.
3. Deploy a Cloud Access Security Broker
Managing cloud service use and permissions is a time-consuming task for an IT staff. Cloud Access Security Brokers (CASBs) alleviate this by providing a centralized approach to cloud service management. These solutions monitor cloud service use and watch for violations of the organization’s security policy, ranging from inappropriate permissions to the use of unapproved cloud services.
4. Implement Data Loss Prevention Tools
Data loss prevention technology monitors user activity on endpoints and the network, watching for attempts to transfer sensitive information. DLP systems play an important role in stopping the spread of sensitive information to the cloud by preventing it from leaving the organization. This saves administrators from a time-consuming and embarrassing cleanup effort.