Live from #AIIM16: Group therapy for information sharing policies
You’ll never be able to stop employees from sharing information with others outside of your organization. Never.
From email and USB drives to FTP sites and third-party cloud sharing tools, your employees will find ways to get needed information to those outside your firewall – and you may not be thrilled with many of those methods.
As we all know, simply prohibiting the use of all these methods isn’t effective. Your staff will find workarounds because they have jobs to do.
It’s a dilemma most companies face. And that’s what many organizations came together to discuss during a session at AIIM16, “Enterprise file sync and share – are you ignoring or embracing it?”
During this roundtable session, about 25 attendees from companies in a variety of industries joined together to discuss the challenges surrounding sharing files and information outside their four walls. Their questions and experiences with enterprise file sync and share (EFSS) varied. But the overall mood made me think of a group therapy session.
Here are the top four questions and discussion points from the roundtable discussion:
1. How are people sharing information in your organization?
For the majority of attendees, email is still the dominant tool used to share information.
However, when files are too large for an email, employees start resorting to some creative workarounds. If third-party cloud sharing tools are banned within the organization, some staff turn to their personal cloud-sharing accounts to send the information. This might mean that they’re sending sensitive company information to their personal accounts and then to the third parties.
The implications this has for the organization are widespread. Not only is content being shared without any formal IT governance in place, but it also means if someone leaves an organization, they still have access to that sensitive company information.
2. How widespread is the prevalence of employees using unsanctioned tools to share information?
Very few roundtable attendees had corporate policies in place to prevent the unauthorized sharing of files with those outside the organization.
But that doesn’t mean they’re not thinking about it.
“We have trouble because we haven’t found a one-size-that-fits-all solution,” one attendee said. “Some employees want a portal, some want SharePoint, some want Box and some have files that are too big so they share via flash drives, DVDs and CDs. We need a solution that fits all of these needs.”
Other attendees agreed, adding the solution must make staff’s job easier. If they have outside parties sending information via third-party cloud sharing tools, it makes sense that employees would want to use them, too. Ensuring IT comes up with a policy that will make their job easy is essential.
3. What are the top challenges with employees using these unsanctioned tools?
Everyone agreed that most staff don’t know any better than to use the tools they’re using. They’re reasoning is simple: These are the tools I use at home. And, since they’re easy to use, why not leverage them at work?
As one attendee said, “We get buried under policy. Once we take away ease of use, they don’t want to use it.”
The group agreed that policies must not require lots of “hoop jumping” – that is, it shouldn’t be difficult for employees to share information. As soon as a policy requires multiple steps to do something that once took a matter of minutes – or maybe one or two steps to complete – people will find workarounds. That’s when staff starts using things like their personal sharing accounts to send company information.
4. How are you controlling the use of unsanctioned tools in your organization?
There are a variety of ways organizations can try to control the use of unsanctioned tools. Examples the group provided include:
– Blocking access to third-party sites
– Placing size quotas on emails
– Prohibiting access from downloading applications on machines
While all of these methods provide some level of success, each attendee agreed that staff will continue to find workarounds.
Instead, education, they agreed, is essential if organizations want their sharing policies to evolve. And with that education comes feedback from the users themselves as to what methods of sharing are the easiest and most beneficial for them.
“People always find a way to avoid the rules,” an attendee said. “When they feel something goes slow, they’ll use something better. Instead of blocking it, tell us. Maybe other people can benefit as well. I’m really in favor of empowering people.”
The group agreed with this opinion, adding that until employees are educated on appropriate sharing practices, nothing matters. If there are methods of sharing you don’t want them to use, until employees understand why they can’t be used – and also understand why other methods are preferred – they’ll continue their bad habits.
As the group determined, IT governance is essential for your organization to securely share information with others. However, doing so requires an understanding of how your staff currently shares content as well as a practical plan for how you’ll implement an official sharing policy.
Like AIIM attendees discovered, it’s not an easy problem to solve. What are your thoughts on the subject?
Has your organization implemented a sharing policy? If so, what’s the journey been like? If not, how do you plan to get started?
Because the first rule of therapy is admitting you have a problem.