Do you really know where your employees keep sensitive assets?

It’s a nightmare scenario for anyone involved in IT management. A member of the sales team has left a laptop, holding extremely sensitive corporate material, in the back of a taxi and central IT can’t take back control.

This a problem for both private and public sector organisations: whether it’s personal customer details such as names, phone numbers or credit card details; or data relating to citizens/customers who trust you to provide services for them.

This is a big deal. Public sector data breaches skyrocketed in 2016 and one report found that human error was to blame for half of them. There’s no two ways about it: it’s just bad news — for citizens, from a regulatory perspective, for the reputation of the service provider, and the fact it fuels cyber criminals.

However, it really shouldn’t be a problem for the modern organisation, not with the tools and technologies currently available.

A lot of the high-profile data breaches have shown that organisations frequently fail to implement basic security measures such as encrypting sensitive information, or patching vulnerabilities in old databases and IT systems.

So, why didn’t we agree to consign security breaches to the past — at least the ones we can prevent? The great thing about cloud services today is they are more secure than older legacy infrastructures, and use a whole range of security technologies and policies.

As a result, today’s businesses can confidently use cloud services to keep control over their company’s content, while maintaining employees’ privacy.

But you need to make sure you’re asking the right questions of your potential cloud partners. For instance, do they offer multi-layered security to protect documents, while providing project and department leaders with centralised control and rights management over information? Do they provide the ability to manage access and sharing policies, inside and outside the organisation? And is governance and compliance catered for — does the way documents are created, secured and stored comply with regulatory mandates and support e-discovery and data retention policies?

Furthermore, you need to ensure your cloud suppliers work with an ecosystem of trusted security partners, which extends your security controls into the cloud for identity, network and secure information and event management controls.

If you use the right combination of security tools, procedures and policies, there’s no reason why losing a laptop in the back of a cab means the end of the world. In today’s cloud environment, you really do have everything you need to protect your sensitive information.

Want to know more? Take a look at this eBook to see how Box helps tackle security vulnerabilities created by traditional tools such as email.

Justin List, Head of UK Public Sector