Consumer-grade services from Dropbox and Google remain the most popular cloud storage services used in businesses, despite the availability of more secure enterprise-level alternatives.

Enterprise-targeted file-sharing services such as Box offer security assurances such as integration with a company’s data-loss prevention (DLP) tools, IP filtering, data encryption both in transit and at rest.

However, employees are more likely to be using services without all these features, according to data gathered by Skyhigh Networks from more than one million staff across companies with from about 500 to over 90,000 workers. The average workforce was just over 25,000 people.

The consumer Dropbox service, rather than the enterprise-targeted Dropbox for Business, was the most popular cloud storage offering in companies based in the UK, US and EU. The second and third most widely used services were Google Drive and OneDrive in the US, Yandex.Disk and 4shared across Europe and Google Drive and WeTransfer in the UK.

All these consumer services were assessed by Skyhigh Networks on how they store and transmit data, where they locate datacentres and their legal terms and conditions.

The main areas that dragged down the enterprise-ready rating for consumer offerings from Dropbox, Google and Microsoft was the length of time data was retained after a customer dropped the service and the lack of DLP integration.

Google Drive and OneDrive also lost points for not encrypting data at rest, while Dropbox and Google Drive were marked down for not filtering connections by IP.

Yandex.Disk and 4shared, the second and third most popular cloud storage services in Europe, also lacked security features such as access control and in 4shared’s case allowed anonymous usage, according Skyhigh Networks.

But blocking access to these consumer services in the workplace isn’t necessarily a sensible way to improve security, Skyhigh Networks CEO Rajiv Gupta said.

“One customer blocked the cloud-based backup service Carbonite. When they blocked Carbonite, the employee started to use another cloud-based backup service that, ironically, is higher risk,” he said.

Shutting down access in this way can often result in employees simply finding another service, which “may increase the overall risk of the organisation”, Gupta said.

Providing staff with access to a more secure third-party service, with the same features as the consumer service they currently use, can be enough to persuade them to switch.

“When you enable employees to get the job done, they typically use the service you give them,” he said.

“We showed one of our clients that their employees were using 27 different file-sharing services. Staff hadn’t been told which one to use, so they used one that was convenient.”

Rolling out corporate accounts for cloud storage service Box gave the firm more control, lower risk and improved collaboration, he said, as staff switched from the file-sharing services they had been using.

However, an in-house cloud storage service created by IT is less likely to win over staff, Gupta said, as it will struggle to keep pace with the features that make these third-party services attractive to staff in the first place.

“IT has to realise it’s not only attractive to the end user but also to the IT organisation as well. If I was in IT, why would I always want to be one or two steps behind where my users want to be?”

Gupta also believes that enterprise-first services such as Box may become more popular as they become better known.

“Find the best service out there, which may be IT or third-party provided, make sure you understand what your employees are trying to do, provide additional security controls around it and make it available without adding too much friction,” Gupta said.