BYOD And The Issues Surrounding Cloud Storage

BYOD And The Issues Surrounding Cloud Storage

As BYOD increases and employees increasingly use personal laptops, smartphones and mobile devices for work purposes, concerns over data security and data privacy remain the most significant barriers to cloud adoption, according to the latest research from the Cloud Industry Forum (CIF). Corporate IT managers and CIOs are rightfully correct in their trepidation as they open their networks to  and data leakage plus lose control over data once it leaves the corporate confines. While employees benefit from the ability to work from anywhere by using the cloud services that provide BYOD support, they also risk the loss of privacy when they inadvertently open access to personal files. This potential loss of privacy is worrisome. byod-image

CIF’s June 2012 research found that 66 percent of respondents said the most significant concern about the adoption of cloud services within the business was data security; this is up from 62 percent in 2011. The issue of data privacy also saw a leap up from 55 percent in 2011 to 66 percent in 2012.

The problem however is not BYOD, but the cloud storage. Using file storage providers such as Dropbox or Google Drive offers convenience and simplicity that may not be available with corporate applications. These services fall into category of Shadow-IT—the case in which users decide that they need a service, one which the IT department will not, or cannot provide to them in a timely manner. In other words, the hardware or software adopted “lives in the shadows” as opposed to being sanctioned and supported by the CIO and corporate IT departments. In the past Shadow IT included smartphones, portable USB drives and tablet computers on the hardware side and applications such as Gmail, instant messaging services and Skype. Shadow-IT now encompasses cloud storage as well. Where data is stored and how securely within these applications, however, cannot always be verified. What is known is that once out of the enterprise IT environment, it becomes impossible for CIOs to know where company data is, or who has access to it. In fact when one signs up for these cloud storage services, one is also giving the service permission to use one’s data (users are advised to check the terms and conditions fine print).

The challenge for cloud providers will be convincing customers that the risks of the cloud do not outweigh the benefits – and those risks include the exposure of data through security incidents. The March 2013 Distributed Denial of Service (DDoS) cyber-attacks on Spamhaus flooded Spamhaus servers blocking traffic and making the servers unreachable. For users storing files in services that use Spamhaus networks, their files were slow to access or in some cases, inaccessible. Other potential threats to documents stored in clouds include caching of information on mobile devices, and stored passwords. Companies may also risk issues with compliance with HIPAA (Health Insurance Portability and Accountability Act of 1996), HCFA (Health Care Financing Administration), FISMA (Federal Information Security Management Act) and SOX (Sarbanes-Oxley Act of 2002).

When IT departments choose cloud services to enable BYOD support, they are quite right to consider security and compliance as well as issues such as price and convenience. The CIF research also found that security concerns had risen in 2012 most noticeably in the private sector, increasing from 59 percent to 67 percent. Conversely, in the public sector concern had narrowly dropped from 69 percent to 66 percent. Both the private and public sector have experienced data attacks and the European Union (EU) have called on both corporations and governments to be more transparent when they suffer data breaches.

In sum, it behooves both cloud storage providers and corporate IT decision makers to focus on security. The clouds have a responsibility to users to protect the data stored from attack and to protect the privacy of documents stored. Moreover, IT departments must acknowledge the growing use of clouds that are brought in by users and realize that the department is never going to be able to compete with the simplicity and ease of use of clouds Consequently, IT must change its own worldview and figure out how to implement needed protection and guidelines to assure the security of data once it leaves the corporate network for the cloud. Such paradigm shifts will not be an easy process for many organizations. The trick will be to have both sticks and carrots—firm and enforceable data control policies and a never-ending search for the best cloud storage to meet changing demands.

By Simon Bain,

Simon Bain is the company founder, CTO and chief architect of Simplexo Ltd’s software solutions.

Follow Us!

cloudtweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Comments

  1. paulcol says

    We are seeing a lot of this in the UK, For larger companies we are seeing a demand for the creation of there own enterprise dropbox services and with open stack swift becoming more established the ability to build scalable in house storage systems is becoming increasing accessible. Once you have built the object storage there are a number of good products available that let you create your own enterprise dropbox and products like maginatics allow only direct access (no sync) meaning your data never leaves the private cloud.
    For the smaller customers Gladinet offers a great solution to addressing the above even if this is located within a service providers cloud 

    @Paulcolwell

  2. ag4it says

    Cloud storage, lost devices and other security risks are definitely a part of BYOD.  However, these risks can be reduced by keeping data and applications separate from personal devices.
    This can be achieved with solutions like Ericom AccessNow, an HTML5 RDP client that enables users to connect from most types of devices to any RDP hosts (such as VDI virtual desktops or Windows Remote Desktop Services) and run full Windows desktops or applications in a browser tab.
    There’s nothing to install on the end user devices, as you only need an HTML5-compatible browser so using AccessNow also reduces IT support costs, since IT staff don’t need to spend time installing software on so many different platforms.  All they need to do is give employees a URL and login credentials.
    Download this free white paper for some additional ideas on securely managing the mobile workforce:
    http://www.ericom.com/WP-MobileAccessSecurity.asp?URL_ID=708
    Please note that I work for Ericom


cloud-sponsorship

Add Comment Here