How do you handle coworkers exfiltrating customer data to unmanaged, unsecured third-party SaaS products? For a long time, I thought the best solution was to just try to provide IT-sanctioned first-party tools, but that appears to not work — any reasonably-sized employee base will want more tools than an IT team can possibly set up and manage.
@TheGibson Assume you're forbidden from taking any punitive action by your management and executive team... Competent moderately technical types can bypass any DLP...
@TheGibson I guess what I'm looking for is some way to make people not want to exfiltrate data. What I'm doing now is playing whack-a-mole and shutting down one avenue as fast as new ones pop up, which is exhausting.
I mean a common and accepted cloud storage solution.
They use something else, what then?
What I’m getting at is that IT can’t solve HR problems.
@TheGibson I'm just stuck at how to do it without having the ability to punish people for bypassing policies & controls. The only things I know to do are make good things easier and bad things harder...
And that is the approach you’ll have to take without at least a champion in leadership, and effective training.
This is an HR issue. Someone in upper management needs to own it.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!