Lots of employees use public cloud services, like Dropbox and Box, to sync and share files even if they contain sensitive data. That's not too surprising, but what is is the finding that more than half of organizations don't have policies in place to keep important data out of the public cloud, at least according to their employees. So says M-Files, which has released interesting survey results on this topic.

The key findings of the survey, which M-Files announced last week, were:

  • Twenty-five percent of respondents reported security breaches, data loss, compliance issues or similar problems associated with data at their company.
  • Thirty-seven percent use personal file sharing and services routinely when working with their company's data.
  • Fifty-six percent said their company had no policy in place prohibiting them from storing sensitive business data on third-party public clouds, while another fourteen percent said they were unsure whether a policy existed.

The last finding is the most interesting one because it highlights the wide rift between data security best-practices and the risky behavior that is routine in many enterprises. It's possible that many companies have policies in place that they don't enforce, or that they don't communicate effectively to employees, or that employees simply don't follow.

Whatever the cause of the problem, the survey results (which, for the record, may not be overly scientific, since the only details M-Files provided on the data-collection methodology is that it involved "online survey of hundreds of working professionals based in the United States") suggest that there's a major data protection issue here.

M-Files is using the survey results to pitch its own enterprise information management solution, which emphasizes user-friendliness and simplicity as a way of inducing employees to use the file syncing and sharing services that their company provides, rather than resorting to unofficial services of their own choosing.

In a lot of ways, that's an approach similar to the one companies are adopting to overcome challenges associated with the Bring-Your-Own-Device (BYOD) phenomenon. Instead of telling employees not to share files through the services they use for their personal data and failing to offer an alternative, or providing an alternative service that no uses because it doesn't work well, implementing an official enterprise file syncing and sharing solution that's as good as third-party alternatives is the most reliable way to mitigate the risks of placing sensitive data on public clouds run by third parties.

Or, of course, you can pretend it's 1998 and block Dropbox on the corporate firewall, since Internet filters worked so well back then...