The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

A few generations back, when the Internet was still an unknown commodity and inter-office mail came around in manila envelopes graffitied with the crossed-out signatures of every recipient that envelope had ever met, network security was largely an in-house affair with data tapes and mainframes playing a central role. One of the challenges for the IT wizards of that era was that no matter how sophisticated they made the system, employees would save time by writing their password on a piece of paper and taping it to the underside of the keyboard. It was discreet, convenient and hassle-free.

In this age, while Technology Officers and IT departments of companies and organizations everywhere struggle with new technological developments such as cloud storage and virtualization, their employees continue to find easy, convenient ways to their work done. In many cases they take matters into their own hands, enjoying the relative ease and accessibility of tools such as the free cloud sites DropBox, Google Docs and Apple’s iCloud, to move and store documents and files. And who can blame them? These apps are free, easy to use, and in the case of iCloud, pretty much come bursting out of the screen, demanding to be used.

This is all great for the home user or the small-business owner, for whom such reliable and ubiquitous services add another dimension of versatility and convenience. But it has much darker implications for larger organizations, for which security and compliance have always been major issues of concern. CTOs and CSOs have their hands full trying to keep this particular Pandora ’s Box under control.

This situation is a major source of concern for people such as Nimmy ReichenbergNimmy-Reichenberg, Vice President, Marketing and Business Development for AlgoSec, a network security policy management company headquartered in Boston. He says Chief Security Officers should no longer be worried about the proliferation of Bring Your Own Device (BYOD) into the workforce, rather they should be concerned with the inevitable data breaches that will occur as a result from employees bringing their own cloud computing software into the office, known as Bring Your Own Cloud (BYOC).

A recent survey commissioned by AlgoSec revealed that less than 20 percent of respondents said that the majority of their organization’s security controls are in the cloud and that the larger the organization, the less likely it was to have cloud-based security. This, Reichenberg states, is likely because larger organizations are both are more sensitive when it comes to protecting their data, and also have dedicated staff to manage security technology, which makes them less likely to have security controls in the cloud; whereas for smaller  companies, the lower management overhead and pay as you go/grow model are more attractive.

In other words, security continues to stay on premises. And this has major implications for companies, and for cloud service suppliers who wish to sell to them.

Of course, the end user/employee who is eager to save time and effort by storing a draft confidential document on DropBox where s/he can pick it up later at the home office, will protest that all of these free BYOC services have clear and strong security policies. Reichenberg agrees, but adds, “we must differentiate between consumer-grade and enterprise-grade security. Many of the consumer oriented cloud services may claim to be secure, but most do not include enterprise-based security controls required to adequately protect corporate data and meet compliance mandates.” He continues, “Employees are oblivious to security by nature, and it is up to corporate IT and information security to define and enforce a policy that balances between employee productivity and security.”

The risks exist across many dimensions. Malware, which can implant itself through the simple click of a mouse on a disguised phishing link, can put sensitive corporate information stored on BYOC at risk, and some recent well-publicized breaches at services such as Twitter and Evernote show that no-one is immune from hackers’ prying fingers. But in addition to malware, Reichenberg states companies can face compliance challenges when it comes to information stored on services (such as data retention e-discovery etc.). “For example,” he says, “how do I ensure employees who leave the company no longer have access to internal company information if it is stored on BYOC?”

This paints a picture of a horse-race, with IT, free cloud providers, end users and bad guys all sprinting towards the finish line where data, or access to data, waits for the fleetest of foot. Reichenberg recommends that those who govern their organization’s security take immediate steps to:

1. Define and communicate a policy of what is acceptable when it comes to BYOC

2. Enforce this policy using tools such as Next Generation Firewalls.

3. Evaluate enterprise-grade alternatives to some of the popular consumer-grade cloud services.

As organizations evaluate the merits of going to the cloud, or of using a hybrid system with some data stored on-site and other data in the cloud, they must remain vigilant that the new-age version of the taped-under-the-keyboard password may reside within their employees’ own genuine desire to get their work done using the easiest tool within reach.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
View All Articles

Sorry, comments are closed for this post.

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges. The Main Challenge: Bring Your Own (Physical) Network Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical…