Your sitting at your desk and you are looking through a great report or slide show provided by that smart as a whip employee in your department who always seems to be able to get things done and get you the information you need when you need it.
This is a highly confidential report/slide show that you would not want shared with the public, never mind your customers, suppliers or competition.
You are not aware that this report/slide show was created in Google Apps or stored in a Dropbox account sync which Ms. smart as a whip or that you are viewing it on Slideshare.
Your employee did not use the company –
- MS-Office license or
- servers for storing the file or
- as such the file is not secured, password/firewall/ACL/ or
- using an encryption process.
The file is just out there protected by the most highly security procedure in the world – ignorance.
This is not a bad thing. Your employees are using the tools that the web and their mobile devices make available to them to do their job more productivily for them individually.
Here is the bad thing.
You need to be aware of this as an executive of your company so you know where your intellectial property (that precious company IP beyond trademarks) is being created, modified, shared and stored.
Here is the worst thing.
Your reaction being a quick policy statement banning this type of activity. Stating that all work product by your knowledge workers MUST be done on company computers, using company software and stored on company servers.
Right – that will work.
How is that enforced exactly? Just like a yield sign in New Jersey right?
The reaction should be –
- Find out how prevalent this is in your company
- Discuss at the executive level how this impacts your risk management of your IP
- How this impacts your current IT strategy (licensing, having your own data center, mobility)