Why Microsoft's and Google's Products Are Not Meant for Board Materials

Nicholas J Price
When they think of computer applications, most people think of staples of the industry like Microsoft and Google. When it comes to file-sharing apps, cloud storage and slide-sharing, Microsoft's OneDrive and SharePoint and Google's Cloud storage and Google Slides are fine for most people. However, board directors aren't most people. Board directors deal with highly confidential information like trade secrets, intellectual property and competitive strategies.

When comparing cloud-storage and file-sharing apps, it's easy enough to do a side-by-side comparison of the features. In comparing the two, there's one notable feature that's missing on both sides and that pertains to the security features. The lack of security of board documents and communications creates a serious governance gap.

Why risk your company's security when you don't have to? With the GDPR setting the pace for data breach laws, why not get ahead of the curve on data security?

It's vital for board communications and board materials to be protected from cybercriminals. Diligent Boards is the modern governance solution to eliminating governance gaps and providing the top-level security needed for a board's important work.

Let's take a look at the top risks that boards need to address when using cloud storage and file-sharing apps for board work.

Security Risks with Popular Cloud Storage and File-Sharing Apps

Cloud storage is versatile, efficient, convenient and affordable. It's not surprising that groups and individuals have come to rely on it. It's a tool that meets storage and computing needs and saves thousands in IT expenses.

Whether companies make you aware of it or not, IT experts have been clear about the inherent security risks that pertain to universal cloud storage and file-sharing apps. There's no way to know whether a third party is working in your best interest.

It's important to get acquainted with the following risks associated with universal third-party cloud services.

Lack of Control Over Data

Companies often choose Google Drive, Dropbox or Microsoft Azure for cloud storage and file-sharing because they haven't researched options with higher levels of security. The problem with third-party file-sharing services is that the cloud-storage provider typically has to take your data outside of the safety of your company's IT environment. That means that you lose control over sensitive data because you have no control over the data's privacy settings. Most cloud services are designed to encourage users to back up their data in real time, which exposes data that wasn't intended to be shared with unauthorized personnel.

Have you considered that a third party could accidentally delete your data? There's also the chance that a natural disaster like a fire, flood or tornado could wipe out your data unless you have it stored in multiple locations.

Risk of Data Leakage

One of the reasons that using cloud storage is risky is because it's a multi-user environment in which other parties are sharing the same resources. Because data in the cloud is managed by the provider, there's the risk of the provider viewing it or mishandling it, which could easily lead to a leak. It's like entrusting your Social Security number to a total stranger. External threats like malicious hacks of cloud providers and compromised cloud user accounts are also sources of data leakage.

Data breaches can occur as a result of human error, vulnerabilities of apps that are used to access the cloud or poor security practices. Data Guardian's Data Insider issues this warning, "Even if the cloud service provides encryption for files, data can still be intercepted en route to its destination."

Bring Your Own Device (BYOD)

More often, employers are caving in to the pressure to allow employees to bring their own devices to work. Many employees prefer it because they're used to their own interfaces. However, that means that they're using the same devices for work that they use for accessing their social media platforms like Facebook, online shopping and checking personal emails, which presents many opportunities for cross-infection exposure.

Another emerging security risk of using cloud storage and file storage service (FSS) is that they have given employees the ability to work on a Bring Your Own Device (BYOD) basis. Companies get the added benefit of not having to buy or replace as much equipment. Sometimes employee-owned devices have higher specs than devices provided by the company. The risk is that companies can't be certain that employees will take proper care in using their devices. They could easily be stolen, lost or misused, which could expose the company's data or cause a breach.

BYOD sets the stage for board directors and other employees to expose confidential company data.


With cloud storage, files are stored and transmitted over the internet, which creates a major risk factor. Even when providers provide encryption files, hackers can intercept data en route to its destination. Not only can external actors access your information, IT personnel from Microsoft and Google can read your information.

Managing Cryptographic Keys

Companies have always faced the risk of securing cryptographic keys, but the risks increased strongly after the introduction of cloud technology. The best way to manage keys is to secure them at the start and ensure that they're automated, active and inconspicuous to make sure that data can't get exposed when it travels to the cloud. Companies should jointly secure their keys and make the retrieval process difficult and tedious so that it's impossible for those without authorization to access it.

Cloud Credentials Are Subject to Being Compromised

The basic value of the cloud is that it offers almost unlimited storage for everyone. In most cases, a company's data is stored side-by-side with another customer's data, which can lead to data breaches by third parties. Each customer has their own credentials, but it's important to consider that those credentials are also stored in the cloud. Moreover, credentials can vary in strength based on individual users' passwords. Having compromised credentials won't necessarily give your data to a cybercriminal, but it could give them enough access to your data to make copies of it or delete it.

describes this risk: "Bad actors masquerading as legitimate users, operators, or developers can read, modify and delete data; issue control plane and management functions; snoop on data in transit or release malicious software that appears to originate from a legitimate source.

Advanced Persistent Threats (APTs)

APTs are considered the Trojan horse of cyber-intruders. APTs act like parasites as they infiltrate systems and establish a foothold in the IT infrastructure of companies to position themselves to steal data. CSOonline warns, "APTs can move laterally through data center networks and blend in with normal network traffic to achieve their objectives.

Insufficient Due Diligence

Companies can decrease the high level of scrutiny that their own staff needs to tend to by placing their data on third-party sites that are more difficult to penetrate than the cloud.

Abuse and Nefarious Use of Cloud Services

The lack of security with cloud-based services means that they're susceptible to email scams and phishing campaigns.

Denial of Service (DoS)

An external actor could access your data, make it inaccessible to you and then charge your company a large ransom payment to return it to you. They could also charge you a ransom to unscramble data that they encrypted.

Specter and Meltdown

Hackers are continually on the lookout for data that they can exploit. It's possible to use patches for it, but they're not 100% foolproof, and they can slow down your system. It's much like putting a Band-Aid on a wound.

Diligent Boards Software Is the Best Solution for Protecting Sensitive Board Materials

Microsoft's and Google's products offer value for everyday consumers for their flexibility, scalability and cost savings, but it's critical for organizations to address the security concerns that accompany these apps before mindlessly transitioning to cloud services.

Don't risk your board's sensitive communications and materials to third-party cloud service providers that offer products and services that are universally designed for the general public. Diligent Corporation designed software solutions with the highest levels of security built right into their platform for the most trusted digital tools available today.

Diligent used file encryption while files are at rest and while they're in transit, so there's virtually no chance that they'll be exposed to hackers. Files are transmitted over a secure connection, which prevents outsiders from getting ahold of the cloud's metadata. Diligent's products won't expose your company's data to email scams or phishing. Also, there's never a worry about natural disasters like fires, floods, tornadoes or hurricanes permanently destroying your data.

Modern governance
is the practice of empowering leaders with the technology, insights and processes that are required to fuel good governance. By not having secure processes, your company is subject to having a governance deficit. That's an important fact because in a recent report by Diligent Institute, companies that abide by good governance practices outperform their index by 20% and they outperformed the bottom 20% by 17 points.

Essentially, Diligent Corporation gives leaders the tools they need to communicate, collaborate and share data securely, so it just doesn't make sense to implement less-secure apps.
Related Insights
Nicholas J. Price
Nicholas J. Price is a former Manager at Diligent. He has worked extensively in the governance space, particularly on the key governance technologies that can support leadership with the visibility, data and operating capabilities for more effective decision-making.