The prevalence of Content Services and Enterprise File Sync and Share (EFSS) has brought to the fore the issue of document authenticity and integrity. This is because applications such as Google Drive and Box make it possible for a mobile phone user to manipulate that document in a platform that is less secure and then save it back to the more secure cloud system. From a records management and IG perspective, this represents a weakness in the chain of custody. As if that is not bad enough, “Sync operations can vary depending on the network users work on.” Wi-Fi hotspots are everywhere. This is only the beginning of the potential security risks as the number of those who use personal devices at work increases.
It was a decade ago that Intel first introduced the acronym BYOD (Bring Your Own Device) to categorize the growing number of employees who used their personal devices for business. Most of the buzz surrounded the security of these devices; the danger being users do tend to lose them. Proprietary and otherwise confidential internal documents are the stuff of corporate espionage. Given the impact BYOD had on the enterprise (i.e., a nearly unmanageable state of cyber-protection), IT departments scrambled to either ensure personal devices were secure within the enterprise or banned entirely from the office.
Crucially, BYOD is attractive because it gives employees the ability to work anywhere there is an Internet connection. This, combined with the prevalence of cloud computing, presents to the enterprise a new problem with old security issues. The security of data stored on a secure cloud system is only as good as the security on the device used to open that document. While IT professionals, compliance officers, and others understood that Enterprise Content Management (ECM) had the scope to manage BYOD, the primary concern was the authenticity of documents stored on a cloud system as users shared and collaborated on projects.