Mobile devices bring cloud storage -- and security risks -- to work
Corporate policies alone won't address the use of cloud storage services by employees
Computerworld - Dropbox made headlines this week when Gawker.com was the first to report that an unnamed hacker broke into Mitt Romney's hotmail account with the same password used for a Dropbox account also associated with the GOP presidential candidate.
That followed on the heels of a decision last month by IBM to rollout a bring-your-own-device (BYOD) policy that bans the use of Dropbox.
IBM CIO Jeanette Horan initiated the policy because she's concerned that that the SaaS service could lead to the exposure of confidential corporate information, according to MIT's Technology Review magazine. (A survey by IBM of its employees found they were violating company rules by automatically forwarding internal e-mail to public Web mail services and using their smartphones as open Wi-Fi hotspots, opening corporate data to outside purview.)
Whether its Romney's email and Dropbox account or IBM's 400,000 employees, the risks associated with BYOD and cloud storage services highlight a problem IT shops now face: The potential loss of corporate data to an insecure public cloud. And it's not just Droxbox. There's a growing number of online consumer cloud services through which data can leak, including Box.net, Carbonite, Google Drive, Mozy, SugarSync, YouSendIt and Apple's iCloud.
"IBM has the world's biggest BYOD program and they just locked down Evernote and Dropbox because they discovered their future product plans and all sorts of really sensitive data was being beamed automatically out to these services," said Dion Hinchcliffe, executive vice president of strategy at Dachis Group, a consultancy. "So they blocked all access to cloud storage applications."
Hinchcliffe said the use of mobile applications is a huge problem in enterprises, but companies have only begun to address the issue. He suggested that every company have a "bus stop" policy: If an employee wouldn't be comfortable leaving company information at a bus stop, they shouldn't be willing to store it in un unsanctioned public cloud.
While many enterprises now have a BYOD policy, they typically do not address the applications that come with mobile devices.
The concern about using public cloud services revolves around the fact that those service providers are becoming a favorite target of data thieves, just as robbers target banks.
"These cloud data centers are becoming high-value targets," Hinchliffe said. "You have to remember, 90% of all data break-ins are caused by someone inside the company with the keys to the castle -- a systems administrator that's being paid to tap a customer list or download customers' credit card information. So there's a lot of temptation in these data centers ... for people who are likely to supplement their incomes and will be tempted to offers.
Consumerization of IT
- With BYOD smartphones on the rise, IT headaches will become migraines
- Apple plays defense and offense with free software, upgrade strategies
- The three extremes of corporate BYOD policies
- IT departments won't exist in five years
- The time is right for an 'IT petting zoo'
- The next corporate revolution will be power to the peons
- Dual persona smartphones non grata at Starz
- Google Glass breaks into business
- BYOD, or else. Companies will soon require that workers use their own smartphone on the job
- 'Dual personality' could morph into Jekyll and Hyde for Samsung and BlackBerry
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
MDM and beyond: Rethinking mobile security in a BYOD world
Regardless of who purchased the mobile device, if it's being used for
business purposes, it needs to fall under IT's umbrella of protection.
Delivering Enterprise Information Securely on tablets & smartphones
A technical how-to guide-updated for Android 4.2,iOS 6.1, and Windows
Phone and Surface 8
- Best Practices for Making BYOD Simple and Secure BYOD goes mainstream: Formalizing consumerization-and getting it under control
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Bring Your Own Device (BYOD) White Papers | Webcasts