The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

A few generations back, when the Internet was still an unknown commodity and inter-office mail came around in manila envelopes graffitied with the crossed-out signatures of every recipient that envelope had ever met, network security was largely an in-house affair with data tapes and mainframes playing a central role. One of the challenges for the IT wizards of that era was that no matter how sophisticated they made the system, employees would save time by writing their password on a piece of paper and taping it to the underside of the keyboard. It was discreet, convenient and hassle-free.

In this age, while Technology Officers and IT departments of companies and organizations everywhere struggle with new technological developments such as cloud storage and virtualization, their employees continue to find easy, convenient ways to their work done. In many cases they take matters into their own hands, enjoying the relative ease and accessibility of tools such as the free cloud sites DropBox, Google Docs and Apple’s iCloud, to move and store documents and files. And who can blame them? These apps are free, easy to use, and in the case of iCloud, pretty much come bursting out of the screen, demanding to be used.

This is all great for the home user or the small-business owner, for whom such reliable and ubiquitous services add another dimension of versatility and convenience. But it has much darker implications for larger organizations, for which security and compliance have always been major issues of concern. CTOs and CSOs have their hands full trying to keep this particular Pandora ’s Box under control.

This situation is a major source of concern for people such as Nimmy ReichenbergNimmy-Reichenberg, Vice President, Marketing and Business Development for AlgoSec, a network security policy management company headquartered in Boston. He says Chief Security Officers should no longer be worried about the proliferation of Bring Your Own Device (BYOD) into the workforce, rather they should be concerned with the inevitable data breaches that will occur as a result from employees bringing their own cloud computing software into the office, known as Bring Your Own Cloud (BYOC).

A recent survey commissioned by AlgoSec revealed that less than 20 percent of respondents said that the majority of their organization’s security controls are in the cloud and that the larger the organization, the less likely it was to have cloud-based security. This, Reichenberg states, is likely because larger organizations are both are more sensitive when it comes to protecting their data, and also have dedicated staff to manage security technology, which makes them less likely to have security controls in the cloud; whereas for smaller  companies, the lower management overhead and pay as you go/grow model are more attractive.

In other words, security continues to stay on premises. And this has major implications for companies, and for cloud service suppliers who wish to sell to them.

Of course, the end user/employee who is eager to save time and effort by storing a draft confidential document on DropBox where s/he can pick it up later at the home office, will protest that all of these free BYOC services have clear and strong security policies. Reichenberg agrees, but adds, “we must differentiate between consumer-grade and enterprise-grade security. Many of the consumer oriented cloud services may claim to be secure, but most do not include enterprise-based security controls required to adequately protect corporate data and meet compliance mandates.” He continues, “Employees are oblivious to security by nature, and it is up to corporate IT and information security to define and enforce a policy that balances between employee productivity and security.”

The risks exist across many dimensions. Malware, which can implant itself through the simple click of a mouse on a disguised phishing link, can put sensitive corporate information stored on BYOC at risk, and some recent well-publicized breaches at services such as Twitter and Evernote show that no-one is immune from hackers’ prying fingers. But in addition to malware, Reichenberg states companies can face compliance challenges when it comes to information stored on services (such as data retention e-discovery etc.). “For example,” he says, “how do I ensure employees who leave the company no longer have access to internal company information if it is stored on BYOC?”

This paints a picture of a horse-race, with IT, free cloud providers, end users and bad guys all sprinting towards the finish line where data, or access to data, waits for the fleetest of foot. Reichenberg recommends that those who govern their organization’s security take immediate steps to:

1. Define and communicate a policy of what is acceptable when it comes to BYOC

2. Enforce this policy using tools such as Next Generation Firewalls.

3. Evaluate enterprise-grade alternatives to some of the popular consumer-grade cloud services.

As organizations evaluate the merits of going to the cloud, or of using a hybrid system with some data stored on-site and other data in the cloud, they must remain vigilant that the new-age version of the taped-under-the-keyboard password may reside within their employees’ own genuine desire to get their work done using the easiest tool within reach.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

One Response to The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

  1. This is really going to be a big deal for organizations to manage. How do they balance ease of use of the cloud vs the security and control on corporate data. New solutions like Tonido FileCloud and OwnCloud are appearing that promise to bring control back to IT. It remains to be seen if that will work.

Comic
When Sci-Fi Predictions Come To Fruition

When Sci-Fi Predictions Come To Fruition

Evolution of Technologies To paraphrase science fiction author Arthur C. Clark, those who make predictions about the future are either “considered conservative now and mocked later, or mocked now and proved right when they are no longer around to enjoy the acclaim.” The one thing we can be sure about, Clark ventured, is that “[the…

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Inc (FB.O) said on Thursday it had completed a successful test flight of a solar-powered drone that it hopes will help it extend internet connectivity to every corner of the planet. Aquila, Facebook’s lightweight, high-altitude aircraft, flew at a few thousand feet for 96 minutes in Yuma, Arizona, Chief Executive Mark Zuckerberg wrote in…

When Will Women In Tech Become The Norm?

When Will Women In Tech Become The Norm?

Tech Diversity It is well known that the technology industry has been dominated by men, but it is also clear that the industry is working to change that. Diversity in the tech industry, especially where it applies to women in tech, has been a topic of discussion for years. Recently the Washington Technology Industry Association…

Four Keys For Telecoms Competing In A Digital World

Four Keys For Telecoms Competing In A Digital World

Competing in a Digital World Telecoms, otherwise largely known as Communications Service Providers (CSPs), have traditionally made the lion’s share of their revenue from providing pipes and infrastructure. Now CSPs face increased competition, not so much from each other, but with digital service providers (DSPs) like Netflix, Google, Amazon, Facebook, and Apple, all of whom…

Edtech and Virtual Reality – Exciting Learning Environment

Edtech and Virtual Reality – Exciting Learning Environment

Customizing Edutech Customized edtech learning solutions are becoming more commonplace as the education industry recognises their potential and begins transforming the traditional structures so as to incorporate innovative developments. From textbooks to tablets, chalkboards to virtual reality, edtech promises not only dynamic and exciting learning environments but better learning strategies and solutions. Virtual Reality and…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations Everyone knows what the cloud is, but does everybody know where the cloud is? We try to answer that as we look at some of the most unusual data centre locations in the world. Under the Eyes of a Deity Deep beneath the famous Uspenski Cathedral in the…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

Ambitious Startups An oft-quoted statistic, 50% of new businesses fail within five years. And the culling of startups is even more dramatic, with an estimated nine out of ten folding. But to quote Steve Jobs, “I’m convinced that about half of what separates the successful entrepreneurs from the non-successful ones is pure perseverance.” So while…

Cloud Infographic – Big Data Analytics Trends

Cloud Infographic – Big Data Analytics Trends

Big Data Analytics Trends As data information and cloud computing continues to work together, the need for data analytics continues to grow. Many tech firms predict that big data volume will grow steadily 40% per year and in 2020, will grow up to 50 times that. This growth will also bring a number of cost…

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. Forrester has defined big data as “Technologies and techniques that make capturing value from data at an extreme scale economical.” The key word here is economical. If the costs of extracting, processing, and making use…

Cloud Computing Then & Now

Cloud Computing Then & Now

The Evolving Cloud  From as early as the onset of modern computing, the possibility of resource distribution has been explored. Today’s cloud computing environment goes well beyond what most could even have imagined at the birth of modern computing and innovation in the field isn’t slowing. A Brief History Matillion’s interactive timeline of cloud begins…