Sportscotland removes Dropbox shadow-IT threat
Sportscotland: 'We had little control over what information was being shared or who it was shared with'
Scotland's national agency for the development of sport, Sportscotland, has deployed Redstor Centrastor secure file-sharing software to remove what it describes as the "threat" of staff using free-to-use "shadow IT" services, such as Dropbox.
A report released earlier this year suggested that the vast majority of CIOs are worried that cloud computing and shadow IT are reducing their organisation's control over IT, and creating long-term security risks.
Funded by the Scottish government and the National Lottery, the role of the agency means it often shares data - including sensitive medical information - with coaches, athletes and other related organisations.
However, in order to make sharing this information simpler, many of the organisation's employees preferred to use private cloud storage tools, putting the data at greater risk of being lost or stolen, said Gareth Bevan, ICT systems engineer for Sportscotland.
"With our staff using their personal cloud services to share confidential data, there was potential to have little visibility as to what information was being shared and who had access to certain data. Critically, there was no centralised control over what was being sent around," he said.
Sportscotland claims that while there were no incidents where data was compromised, the use of private cloud services could have caused problems. For example, if a member of staff had left the organisation while they still had information stored in a private account.
"Due to our legal obligations, and especially due to our increased profile through the Commonwealth Games in 2014, we knew we needed to implement a robust and highly secure method of storing and collaborating on data with centralised control," said Bevan.
The organisation therefore needed a new, secure, file-sharing solution - purchasing 160 licences for Redstor Centrastor in March this year. "When looking for a new solution we knew we needed to offer our staff the same functionality as Dropbox," said Bevan. "However, we also knew that we needed an 'admin perspective' to keep track of the information that was shared and who had access," he continued.
"Cost was very important. When we saw Redstor was priced competitively with other solutions, we knew the company and their technology would be a good fit," Bevan added.
After the initial rollout, Sportscotland increased the number of licences for Centrastor - after realising how widespread the use of shadow IT had been within the organisation.
"After discovering how staff were previously using Dropbox, and the frequency with which the service was being used, we realised that it would be beneficial for us to increase the number of licences we purchased," said Bevan.
However, "the implementation process was gradual as we wanted to give employees a window of opportunity to migrate their files from Dropbox to Centrastor. We were conscious we didn't want them to feel pressurised, and wanted to give them the chance to ask any questions and raise any concerns", he added.
For Sportscotland, the biggest impact of the move to Centrastor has been in terms of visibility, said Bevan.
"Previously we had little to no control over what information was being shared or who it was shared with. This was a great concern that could have had serious consequences if there had been an incident. However, Centrastor has given us peace of mind," he said, adding that the simplicity of the tool is also good for staff.
"Ease-of-use was a very important factor. We wanted to make sure data is secure, but also didn't want to hinder staff from doing their work."
Ultimately, the tool has proved so useful that Bevan will be rolling out Centrastor to all Sportscotland employees. "Initially we decided to only roll out Centrastor to the employees who were currently using Dropbox. But following the ease-of-use and positive feedback from the team, we are rolling out the service throughout the entire organisation," he said.
Update: In a statement to Computing, Mark Van Der Linden, country manager for the UK & Ireland at Dropbox, refuted the claim that Dropbox isn't suitable for enterprise.
"Earlier this year, we introduced advanced administration controls to enable IT to effectively manage their users and maintain control over company data. For example, using Dropbox Enterprise, IT teams are able to assign multiple admin tiers and permissions, while also having full visibility over what information is being shared and who has access to this data," he said.
"Coupling enterprise-grade security features with an already highly adopted tool is the most effective form of security," he added.