The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

A few generations back, when the Internet was still an unknown commodity and inter-office mail came around in manila envelopes graffitied with the crossed-out signatures of every recipient that envelope had ever met, network security was largely an in-house affair with data tapes and mainframes playing a central role. One of the challenges for the IT wizards of that era was that no matter how sophisticated they made the system, employees would save time by writing their password on a piece of paper and taping it to the underside of the keyboard. It was discreet, convenient and hassle-free.

In this age, while Technology Officers and IT departments of companies and organizations everywhere struggle with new technological developments such as cloud storage and virtualization, their employees continue to find easy, convenient ways to their work done. In many cases they take matters into their own hands, enjoying the relative ease and accessibility of tools such as the free cloud sites DropBox, Google Docs and Apple’s iCloud, to move and store documents and files. And who can blame them? These apps are free, easy to use, and in the case of iCloud, pretty much come bursting out of the screen, demanding to be used.

This is all great for the home user or the small-business owner, for whom such reliable and ubiquitous services add another dimension of versatility and convenience. But it has much darker implications for larger organizations, for which security and compliance have always been major issues of concern. CTOs and CSOs have their hands full trying to keep this particular Pandora ’s Box under control.

This situation is a major source of concern for people such as Nimmy ReichenbergNimmy-Reichenberg, Vice President, Marketing and Business Development for AlgoSec, a network security policy management company headquartered in Boston. He says Chief Security Officers should no longer be worried about the proliferation of Bring Your Own Device (BYOD) into the workforce, rather they should be concerned with the inevitable data breaches that will occur as a result from employees bringing their own cloud computing software into the office, known as Bring Your Own Cloud (BYOC).

A recent survey commissioned by AlgoSec revealed that less than 20 percent of respondents said that the majority of their organization’s security controls are in the cloud and that the larger the organization, the less likely it was to have cloud-based security. This, Reichenberg states, is likely because larger organizations are both are more sensitive when it comes to protecting their data, and also have dedicated staff to manage security technology, which makes them less likely to have security controls in the cloud; whereas for smaller  companies, the lower management overhead and pay as you go/grow model are more attractive.

In other words, security continues to stay on premises. And this has major implications for companies, and for cloud service suppliers who wish to sell to them.

Of course, the end user/employee who is eager to save time and effort by storing a draft confidential document on DropBox where s/he can pick it up later at the home office, will protest that all of these free BYOC services have clear and strong security policies. Reichenberg agrees, but adds, “we must differentiate between consumer-grade and enterprise-grade security. Many of the consumer oriented cloud services may claim to be secure, but most do not include enterprise-based security controls required to adequately protect corporate data and meet compliance mandates.” He continues, “Employees are oblivious to security by nature, and it is up to corporate IT and information security to define and enforce a policy that balances between employee productivity and security.”

The risks exist across many dimensions. Malware, which can implant itself through the simple click of a mouse on a disguised phishing link, can put sensitive corporate information stored on BYOC at risk, and some recent well-publicized breaches at services such as Twitter and Evernote show that no-one is immune from hackers’ prying fingers. But in addition to malware, Reichenberg states companies can face compliance challenges when it comes to information stored on services (such as data retention e-discovery etc.). “For example,” he says, “how do I ensure employees who leave the company no longer have access to internal company information if it is stored on BYOC?”

This paints a picture of a horse-race, with IT, free cloud providers, end users and bad guys all sprinting towards the finish line where data, or access to data, waits for the fleetest of foot. Reichenberg recommends that those who govern their organization’s security take immediate steps to:

1. Define and communicate a policy of what is acceptable when it comes to BYOC

2. Enforce this policy using tools such as Next Generation Firewalls.

3. Evaluate enterprise-grade alternatives to some of the popular consumer-grade cloud services.

As organizations evaluate the merits of going to the cloud, or of using a hybrid system with some data stored on-site and other data in the cloud, they must remain vigilant that the new-age version of the taped-under-the-keyboard password may reside within their employees’ own genuine desire to get their work done using the easiest tool within reach.

By Steve Prentice

Follow us

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.
Follow us

One Response to The Lurking Threat of Bring-Your-Own-Cloud (BYOC)

  1. This is really going to be a big deal for organizations to manage. How do they balance ease of use of the cloud vs the security and control on corporate data. New solutions like Tonido FileCloud and OwnCloud are appearing that promise to bring control back to IT. It remains to be seen if that will work.


CloudTweaks Sponsors - Find out more!


Popular

Top Viral Impact

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues Nowadays, many companies are changing their overall information technology strategies to embrace cloud computing in order to open up business opportunities.  There are numerous definitions of cloud computing. Simply speaking, the term “cloud computing” comes from network diagrams in which cloud shapes are  used to describe certain types of networks. All…

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow usSteve PrenticeSteve Prentice…

Cloud Infographic: Cloud Computing Growth

Cloud Infographic: Cloud Computing Growth

An excellent infographic provided by AwesomeCloud which predicts a continued high level of growth in the cloud computing industry. Potentially staggering numbers for Public Cloud IT Services of $100 Billion by 2016. Infographic Source: AwesomeCloud About Latest Posts Follow usSteve PrenticeSteve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture…

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends For nearly every business, the concept of business intelligence is nothing new. Ambitious organizations have been searching for any type of data-driven advantage for some time now – perhaps for as long as they’ve existed. However, the historical use of competitive intelligence pales in comparison to the…

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…


Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021
contact@cloudtweaks.com

Join our newsletter