A small company had moved staff off-site during COVID, with most staff working remotely from home four days of the week. The company had a VPN for remote support work, and this was utilized by staff working from home. Having never been designed to support all staff working remotely, the VPN was now carrying nine times it’s previous peak data load. Data speeds plummeted and staff became frustrated. As a solution, staff began to use (without permission) Dropbox and other cloud solutions, streaming files and data to the service while in the office, then working on those files from home.
Australian Defence strongly encourages, or depending on the sensitivity of data mandates, keeping all defence related data within Australian Jurisdiction. The use of personal cloud goes against this as data held by free services can be located anywhere globally.
For a final check the company’s IT then contacted the cloud provider’s Tech Support to see if it was possible for users to restore the deleted files using other means. To the company’s horror, the cloud provider’s Tech Support assured the company’s IT that all the missing data could be restored from their “Archival Backup”, through a process triggered by Support. This process worked and restored all the files uploaded to the cloud over the past last two years, demonstrating that once data is transferred to the Cloud it can never be securely deleted. The company had the difficult job of explaining this incident to their PRIME contractor.
The company now uses GuardWare INSIGHT to monitor and prevent staff from uploading files using any non-authorised cloud, web, email or chat application.