I’ve said for a while that if you haven’t invested in a corporate-managed external file sharing software like Box, Dropbox, or OneDrive, then I guarantee at least some of your users have gone rogue and done it themselves. For a long time, corporate users have been frustrated with email attachments that are blocked and aging and unreliable ftp servers. As a result, many have resorted to creating their own personal Dropbox accounts. These personal accounts may be connected to personal email addresses or even a corporate email address. These personal Dropbox accounts are being used to transfer the corporate documents you are responsible for protecting. This is commonly encouraged by vendors and so your end users see it as harmless. Everyone does it. It’s possible that even the IT department isn’t overly concerned about it - I haven’t seen many IT departments drop everything to fix the problem. Before I explain my concern...let me start with a story.
As a member of IT leadership, you get a phone call from Dropbox. They inform you that 100 users in your organization have Dropbox accounts that they created on their own, using their corporate email. So – aren’t you interested in an Enterprise account so you can manage them? First, this may come as a shock – 100 users! You ask – can I find out who those users are? No, they won’t provide that information, you don’t own it. You look into the cost and it’s more than you want to deal with, so you put it to the side to be addressed later.
In the meantime, Dropbox has a security breach. Those 100 users from your own organization now have shared content that can be compromised. This time, it’s only old passwords and Dropbox forced password resets for those that needed it. However, we’ve seen a lot of security breaches lately across a number of platforms and many of them have been on relevant and active information. Sure, you could always just have them go change their passwords when these things happen. In this case though, you don’t even know who to contact to make sure they do. And…what if that compromised password is on an account that links to their corporate email and it was the same one they used to log into your network with? They didn’t just hack Dropbox, your network is at risk. So, you don’t know who has an account, who used the same password for their corporate account, who hasn’t changed their password since the breach, or what content is at risk. This isn’t a good situation!
Fortunately, the answer may be easier than you think. For many, OneDrive for Business is already part of your licensing agreement. It’s an easy roll-out and one of the easiest components of Office 365 to train users on. For those concerned about not being ready for the cloud, you can still support your on-premises SharePoint 2013 or 2016 servers and configure a redirect to OneDrive for Business instead of using My Sites. Easy! No more excuses.