The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

A few generations back, when the Internet was still an unknown commodity and inter-office mail came around in manila envelopes graffitied with the crossed-out signatures of every recipient that envelope had ever met, network security was largely an in-house affair with data tapes and mainframes playing a central role. One of the challenges for the IT wizards of that era was that no matter how sophisticated they made the system, employees would save time by writing their password on a piece of paper and taping it to the underside of the keyboard. It was discreet, convenient and hassle-free.

In this age, while Technology Officers and IT departments of companies and organizations everywhere struggle with new technological developments such as cloud storage and virtualization, their employees continue to find easy, convenient ways to their work done. In many cases they take matters into their own hands, enjoying the relative ease and accessibility of tools such as the free cloud sites DropBox, Google Docs and Apple’s iCloud, to move and store documents and files. And who can blame them? These apps are free, easy to use, and in the case of iCloud, pretty much come bursting out of the screen, demanding to be used.

This is all great for the home user or the small-business owner, for whom such reliable and ubiquitous services add another dimension of versatility and convenience. But it has much darker implications for larger organizations, for which security and compliance have always been major issues of concern. CTOs and CSOs have their hands full trying to keep this particular Pandora ’s Box under control.

This situation is a major source of concern for people such as Nimmy ReichenbergNimmy-Reichenberg, Vice President, Marketing and Business Development for AlgoSec, a network security policy management company headquartered in Boston. He says Chief Security Officers should no longer be worried about the proliferation of Bring Your Own Device (BYOD) into the workforce, rather they should be concerned with the inevitable data breaches that will occur as a result from employees bringing their own cloud computing software into the office, known as Bring Your Own Cloud (BYOC).

A recent survey commissioned by AlgoSec revealed that less than 20 percent of respondents said that the majority of their organization’s security controls are in the cloud and that the larger the organization, the less likely it was to have cloud-based security. This, Reichenberg states, is likely because larger organizations are both are more sensitive when it comes to protecting their data, and also have dedicated staff to manage security technology, which makes them less likely to have security controls in the cloud; whereas for smaller  companies, the lower management overhead and pay as you go/grow model are more attractive.

In other words, security continues to stay on premises. And this has major implications for companies, and for cloud service suppliers who wish to sell to them.

Of course, the end user/employee who is eager to save time and effort by storing a draft confidential document on DropBox where s/he can pick it up later at the home office, will protest that all of these free BYOC services have clear and strong security policies. Reichenberg agrees, but adds, “we must differentiate between consumer-grade and enterprise-grade security. Many of the consumer oriented cloud services may claim to be secure, but most do not include enterprise-based security controls required to adequately protect corporate data and meet compliance mandates.” He continues, “Employees are oblivious to security by nature, and it is up to corporate IT and information security to define and enforce a policy that balances between employee productivity and security.”

The risks exist across many dimensions. Malware, which can implant itself through the simple click of a mouse on a disguised phishing link, can put sensitive corporate information stored on BYOC at risk, and some recent well-publicized breaches at services such as Twitter and Evernote show that no-one is immune from hackers’ prying fingers. But in addition to malware, Reichenberg states companies can face compliance challenges when it comes to information stored on services (such as data retention e-discovery etc.). “For example,” he says, “how do I ensure employees who leave the company no longer have access to internal company information if it is stored on BYOC?”

This paints a picture of a horse-race, with IT, free cloud providers, end users and bad guys all sprinting towards the finish line where data, or access to data, waits for the fleetest of foot. Reichenberg recommends that those who govern their organization’s security take immediate steps to:

1. Define and communicate a policy of what is acceptable when it comes to BYOC

2. Enforce this policy using tools such as Next Generation Firewalls.

3. Evaluate enterprise-grade alternatives to some of the popular consumer-grade cloud services.

As organizations evaluate the merits of going to the cloud, or of using a hybrid system with some data stored on-site and other data in the cloud, they must remain vigilant that the new-age version of the taped-under-the-keyboard password may reside within their employees’ own genuine desire to get their work done using the easiest tool within reach.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

One Response to The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

  1. This is really going to be a big deal for organizations to manage. How do they balance ease of use of the cloud vs the security and control on corporate data. New solutions like Tonido FileCloud and OwnCloud are appearing that promise to bring control back to IT. It remains to be seen if that will work.

The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the Senate Intelligence Committee voted to approve the Cybersecurity Information Sharing Act (CISA), moving it one…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some of the exciting…

Is The Fintech Industry The Next Tech Bubble?

Is The Fintech Industry The Next Tech Bubble?

The Fintech Industry Banks offered a wide variety of services such as payments, money transfers, wealth management, selling insurance, etc. over the years. While banks have expanded the number of services they offer, their core still remains credit and interest. Many experts believe that since banks offered such a wide multitude of services, they have…

5 Surprising Ways Cloud Computing Is Changing Education

5 Surprising Ways Cloud Computing Is Changing Education

Cloud Computing Education The benefits of cloud computing are being recognized in businesses and institutions across the board, with almost 90 percent of organizations currently using some kind of cloud-based application. The immediate benefits of cloud computing are obvious: cloud-based applications reduce infrastructure and IT costs, increase accessibility, enable collaboration, and allow organizations more flexibility…

How Big Data Is Influencing Web Design

How Big Data Is Influencing Web Design

How Big Data Is Influencing Web Design For all you non-techies… You’re probably wondering what big data is (I know I was….a few years back) so let’s get the definitions out of the way so we’re on the same page, okay? Big data is A LOT of data – really, it is. It is a…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…

Consequences Of Combining Off Premise Cloud Storage and Corporate Data

Consequences Of Combining Off Premise Cloud Storage and Corporate Data

Off Premise Corporate Data Storage Cloud storage is a broad term. It can encompass anything from on premise solutions, to file storage, disaster recovery and off premise options. To narrow the scope, I’ve dedicated the focus of today’s discussion to the more popular cloud storage services—such as Dropbox, Box, OneDrive—which are also known as hosted,…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…