Keep in mind these four points as you formulate and implement your cloud syncing and file-sharing policy.
1. Any policies cloud admins implement need a balance between the ideal governance policy and restrictions that users are willing to accept. Policies that are too rigid and constraining tend to drive users to alternative, uncontrolled methods of file-sharing. Seek to mitigate your risks and meet necessary security requirements, but keep usability in mind or it will be difficult to get users to toe the line.
2. File-sync and sharing policies must address the set of users that will have access to file-sharing systems. You may want to restrict access to employees only or include contractors, consultants and business partners. Consider how well your file-syncing and sharing service will support your access policy. For example, some services allow you to specify an Active Directory domain and limit access to users identified in that directory. Other services can allow users authenticated by trusted third-party authentication systems to have access to file syncing and sharing documents.
3. In your file-sharing policy, include a description of access controls on folders and documents. A data classification standard can help here. If you have a policy defining data classification types -- such as confidential, private, sensitive and public -- then it can be used as a starting point for defining file-sharing and syncing operations relative to the type of content. Some content will require strict control. For example, the owner of a folder containing sensitive data may have the privilege to share that folder with others, but he may not delegate the privilege to share to other users. Confidential and private data may be further restricted to sharing only within members of particular security groups.
4. Consider rules for sharing content with users outside your organization. Will you routinely share content with outsiders or will extramural sharing be more of an exception? If it is routine, then it may be more efficient to delegate sharing privileges to a large number of users. This can lead to a proliferation of file-sharing with individuals outside your organization. To mitigate the risk of unintended data loss, implement a policy requiring log monitoring and review. This helps identify patterns of excessive sharing or sharing with individuals in organizations that should not have access to your enterprise content.