I keep hearing about businesses using storage services like Box, Drive, Dropbox etc. as their primary storage for intellectual property. In fact I just saw a Box PR video with a fashion retailer proclaiming the virtue of this. They store designs, photos, company financials – EVERYTHING in Box.
To be honest my mind boggles. If your designs or digital assets ARE your business, why would you keep them on a service whereby anyone with a login can access them from literally any computer or device connected to the internet?
Imagine this, if you will. Joe is your best graphic designer, so has access to the (Insert Service here) account where all your IP is stored. Joe is getting disgruntled, so he’s starting to look around at other firms. He gets a position with a new company, but before he formally resigns, logs into his account and downloads all those digital assets to his own personal computer. YOUR digital assets. He hands in his resignation and walks into your competitor with your IP.
While that may be an unlikely scenario, is it worth the risk?
Far better to store your business critical assets on a server, either in the cloud or on-premises, with access blocked to all but the most necessary IP addresses (your office IP addresses, for instance) and use online storage services to collaborate only when necessary, with any IP properly watermarked. If remote access to your assets is required, ensure it can only be done from work-issued equipment, and that USB storage drives are disabled either via your Group Security Policy or your Security Suite. Alternatively, create a server for terminal services (Remote Desktop or Virtual Desktop) usage, allow access to the file server from that, and lock down access to a user’s local storage drives so they cannot download files.
To finish up, ANY access to your digital assets should be seen as a business risk, so access to those assets should be controlled and minimised as much as possible. Online storage services are great for collaboration, but awful for security of those assets. Don’t risk it.