Securing Sensitive Information in the Cloud Comes Down to Access Management

Cloud-based platforms saw a major boost in adoption as a result of the COVID-19 pandemic, with many organizations moving collaboration entirely to the cloud via platforms like Microsoft Teams. Adopting new cloud platforms and methods of collaboration means it's time for organizations to create a plan for securing sensitive information.

The most successful way to do so is to understand and mitigate who can access sensitive information and how business processes are increasing exposure to risk. Yes, preventing cyberattacks from mysterious malicious actors in black hoodies is important, but studies have repeatedly shown that most of your risk exposure comes from inside your organization.

Most organizations have sensitive information in the cloud today, that's inevitable. But well-meaning collaborators will inadvertently overexpose sensitive information if proactive measures aren’t in place to guide them  — it’s only a matter of time.

Once you know who has access to what, instating proper strategies and access management tools to mitigate the risk caused by access to this sensitive content. It’s also extremely important to follow through with risk mitigation and ensure there is an ongoing plan to secure sensitive information.

Reducing Exposure to Sensitive Collaboration Information

Sensitive information can be regulated content as well as information that only a small group of employees in the organization should have access to. How people collaborate is extremely important when working on documents that contain internal proprietary information, regulated information like personal identifying information (PII) or financial details, or even information related to government secrets like ITAR.

Some organizations lack the policies or training to encourage employees to only share information as necessary. Others are unaware of how easy it is with software platforms like Microsoft Teams for users to inadvertently, with only a few clicks, overexpose such content to shadow users, even to the extent of organization-wide viewing or editing rights.

Exposure is intensified in platforms where users can easily surface documents with a simple search. Platforms like Microsoft Teams and others will even proactively surface accessible documents their peers are working on or give suggestions for information users should know.

The days of “security by obscurity” — relying on hiding content in difficult locations and trusting users will not rummage through folders to find things they shouldn’t see — are long gone. Proactive protection is the only option now to minimize the risks that come with overexposure to sensitive information.

Related Article: How to Get Employees on Board With Security Changes

It’s Impossible to Completely Eliminate Risk

Office 365 and other platforms provide some great options to secure content and sensitive information and it’s good to review how the different features can work together to reduce risk caused by exposure. Yet even with the best security features in place, it is impossible to completely prevent users from accidentally or intentionally exposing data.

Therefore organizations still need a plan in place. What steps will you take in the event of a breach? Whose responsibility it is to review content for sensitivity and exposure? What preventative steps will you  take? While 100% prevention is not possible, it may be possible to lessen the pain caused by a breach.

Learning Opportunities

ON DEMAND

Collaboration in a Distributed Workplace: Tools and Techniques of Top Performing Teams

Watch Now

ON DEMAND

Improve Knowledge Sharing: The Key to Employee Productivity

Streamline team collaboration and engagement

Watch Now

ON DEMAND

How McDonald’s Drove Productivity Through an Elevated Employee Experience

In the new remote/hybrid workplace, work/life boundaries are blurred and workplace stress is a top driver of mental health needs.

Watch Now

ON DEMAND

How to Future-Proof Your Employee Experience Strategy in 2023

A framework to navigate through economic uncertainty

Watch Now

ON DEMAND

Challenges to Efficiency in 2023: Your Employees Need the Digital Workplace of the Future

The era of asking employees to do more with less is upon us

Watch Now

ON DEMAND

The Essential Role of Communicators in Fostering Wellbeing in the Digital Workplace

Join us for practical insights on how digital communicators can support employees to thrive in the digital workplace

Watch Now

ON DEMAND

Addressing Employee Needs and Wants with a Digital Workplace

The workplace is getting more and more digital – both in how we work and where we work

Watch Now

ON DEMAND

Maintaining a Human-Centered Approach During Digital Transformation

When it comes to digital transformation - people drive change, not technology

Watch Now

ON DEMAND

The Evolution of Employee Recognition

Leveraging the power of appreciation to improve the employee experience

Watch Now

ON DEMAND

Are You Blocking Your Internal Comms Team Without Knowing It

Best practices & tips to help IC teams thrive

Watch Now

ON DEMAND

Cyber Resilience In The Cloud Is Not Optional

In today’s age of ransomware and widespread cyber attacks, your cloud data needs to be protected.

Watch Now

View All

It could also result in a lower fine or an avoidance of fines altogether because the organization has done all it feasibly could do to avoid breach. Or it could mean that potential breaches are detected and mitigated before any damage is done.

In any case, setting up and maintaining solutions as well as reviewing content and procedures can be a huge burden on IT, legal and security teams, who must work together to accomplish the goal of reducing data exposure.

Related Article: Data Security in a COVID-19 World: What to Do When You Are Pushed Into the Cloud

People Need the Tools and Training to Do the Right Thing

Security features are inherently only part of the story. Users must understand their shared responsibility for reducing organizational risk and how their day-to-day roles can help minimize exposure of sensitive data.

They need to know how the tasks they accomplish every day can ensure sensitive content remains in the right hands, and the organization needs to provide training that gives them the context to do exactly that. Rewarding managers and teams who follow the rules will help others understand the stake they have in the organization’s security efforts.

In addition, if users do not feel like a process is easy enough for them, they will often create their own process that is. Training is key. Additionally, security and governance solutions should be able to proactively enforce security and organize information in a way that makes it easy to do the right thing.

To that end, as IT teams and security teams are looking for ways to enhance security, they should be looking for solutions that can significantly reduce the workloads of IT admins and security teams, as well as users and managers throughout their organization. Solutions that tout the simplification of workloads through click reduction and reporting often fail to take into account the training that users will need to receive and that reviews and enforcement of security will still have to be manual processes.

With rapid rates of cloud application adoption, technology changes, content creation, productivity and more and more security concerns arising as time goes on, IT and security teams are increasingly burdened with the tasks of organizing and securing it all. Organizations need to respond to these increasing needs and support them with the tools they need so everyone can get the job done.

Learn how you can join our contributor community.

About the Author

Hunter has been in web development, SEO and social media marketing for over a decade, and has GSuite Admin, MCSA Office 365 & Service Adoption Specialist certifications. Throughout his career, he has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations. Connect with Hunter Willis: