I came across an article, More Employees “Going Rogue” On IT that reminded me of a recent client experience. Doolittle writes in the piece, “Employees are signing up for free apps and cloud services without running it by IT!” Yes, this practice is reaching near epidemic levels. So often people have something that they want to accomplish and the natural tendency is to come up with the fastest and easiest way to get it done. They recall encountering one of the bajillion tools that they’ve used in their personal life that would work “perfectly” in this situation.
Ulgh! It is difficult to keep up with all of the easy access web applications that are coming online.
The client that I worked with has used policyIQ for their Sarbanes Oxley compliance documentation, historically. They recently discovered that employees from all ranks of the business were storing and sharing company information on a wide range of cloud applications. Alone, that might not seem like a big deal—they’re being creative and finding ways to be productive—great! The issue is that many of those tools matter-of-factly state (as Google did this week) that users should have ‘no legitimate expectation of privacy’ when sharing content through a third party. Most of those apps were not intended for business use and certainly not for the confidential sharing of sensitive business information! Not to mention that employees were driving up costs in an uncontrolled manner by subscribing to many services and loading content indiscriminately.
This is really what drove our client to reach out to us. While their IT organization had not yet adopted the practice recommended in Doolittle’s post of creating and educating their employees on their IT Security Policy, they knew that policyIQ’s hosting service was SAS70 and SSAE16 Type II compliant. They had put it through the necessary reviews and had trusted their financial compliance to policyIQ for years. They had experience with locking down some content to small teams while allowing others read only access to a broader base of work. They knew that policyIQ really walked them through the information governance discussion upon initial configuration. They had to think about who would hold the keys to the structure, who could add content and how content would be shared.
Of course, security is the paramount in the discussion of information governance. Knowing where to find things, which is the master version and having instant access to the status of work is really critical to efficient business. Just ask anyone who has tangled with multiple SharePoint sites running different versions with overlapping content that don’t speak to each other. SharePoint was intended for business and often runs head on into the information governance wall (or the wall created from the lack thereof).
If you can relate to this common issue written about in the linked post and experienced by the policyIQ user described here, reach out to us! We can help you to draft a plan for transitioning processes and documentation to a secure and controlled environment—a plan that you can then use to broach the topic of information governance with your executives who are passing confidential data via their iPad app. Yikes!