Security is not difficult. People are lazy, cheapskates, or assume they know everything, and nothing will happen to them, until it does.
Some people advocate banning software title with Group Policy. Actively restricting collaboration software, is not as easy on Android, iOS, or MAC anyhow. There must be 200 various software titles that facilitate sharing. It is probably not a good idea to ban the browser and your office suite also. Besides, a determined user can always find some obscure title that the CIO has never heard of.
Instead of playing security catch-up by banning all end user tools with file sharing capabilities, be proactive and set the system up correctly so that they have no need for those tools. Don’t place confidential documents on the cloud in the first place. Clouds are for public data, like brochures, flyers, articles, catalogues and websites. Clouds are for sharing files with thousands of users. Cloud service companies are for websites, videos, and storefronts. They have the million dollar a month Internet service that you don’t. Use the cloud properly, and stop causing yourself all this trouble.
Never place private R&D information, financial, or confidential correspondence on the cloud. That is like asking your neighbour to keep your credit card statements in the trunk of his car. As should be understood, the number one rule of security is: “Unless you have physical control of the system, there is no security.”
Business documents, are mostly text based. Other documents types that have large files are more likely from specialized users, like unedited media and audio from reporters or research. These should never be stored on a cloud service. I am sure people will come up with a plethora of excuses though. Who needs gigabytes of storage for business; libraries? No, because the documents at a library are public. A media company; then that data is slated for public consumption also. These are exactly what the cloud should be for. Public domain files.
If your company needs to collaborate on everything, then you have deeper problems than security. Most likely a few fat executives can buy cheaper cars and invest in some quality servers and hardware VPN solutions instead. Everyone stuffing everything into the cloud are people who upload half-dressed pictures of themselves to social networks, then scramble to tinker with the privacy settings. Those are OTHER computers you are putting that data onto, not some mysterious bank vault in the sky. You have absolutely no idea who goes to work each day in those server farms. Perhaps, with flashkeys in their pockets to spend their break time in a back room living out their voyeur fantasies with your files. Maybe, they are looking to grab new R&D ideas to start a new company. You do not know.
When working with data that large, mostly likely you using workstations, toys like iPads or Windows RT. So, invest in some storage also, then add a quality hardware VPN, a hardware managed firewall, and have each office and share everything privately. You can even set up a private P2P system across all your offices and have everything encrypted by hardware as it leaves each network.
People who are at work, do not all need internet access from their desk. Sure it is easy and nice to be kind, but are they there to update Facebook (not counting PR personnel) or actually working. Your end users should have no need to store confidential documents on their personal devices anyhow. Do things properly so risks are minimized to those who are deliberately trying to steal data, not the typical non-technical user who doesn’t understand. If you manage the way and how devices connect, you can allow Internet access from personal devices and keep the internal network separate.
Use proper virtualized user accounts. Have it so that private computers, or devices, can ONLY use a VNC, over a VPN, into a VD. Disable local USB storage devices, mice and printers will still work. Have users use network USB storage ports ONLY. All the accounts and files never have to leave the loop. People who deal with public documents are given a separate login account for THAT work. To be secure, you make sure that you do what the military does. People who build the hardware, do not use it. People who deal with the public, do not have access to R&D, and R&D does not have access to accounting. Even with only one person for each role, the files should be separated by secure accounts that cannot share files with each other except through managed folders with filters. All user roles should have separate log-ins and use server storage, not local. All common files are on remotes drives that have regular backups.
Now, get to work!