When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only thing that keeps the attacker away from your encrypted data. Some keys are usually treated with the appropriate level of respect. Security professionals in the payments industry, or those that have deployed a PKI, know all too well about the importance... 

Richard Moulds

Corporate Espionage in the Cloud Era

Corporate Espionage in the Cloud Era

Wow!!  That was our reaction when we saw this story about cloud file sync and share that was allegedly used in a case of theft at a law firm. Well, wow and DUH of course this was bound to happen.

Whether this turns out to be really nefarious or not is for the courts to decide, but believe me when I say that this is neither the first time, nor the last time that someone will – for good or bad intent – allegedly use DropBox (and its various me to’s) to illegally access information.  Chances are, some of those 50 + Million DropBox users are doing it as I write this blog.

Imagine this scenario:  You are an attorney working along, and you need to get on the train, but the files you need to keep working are chained to your desktop, in your office, on the network (yes, a desktop in legal land is not uncommon).  Problem is, you need to go somewhere else.  If you want to be a good attorney, you have to work.  But if you want to be a good father, you have to get on the train.  So, what do you do?  You use an online service to access your files over the web, and you take your chances.  You just want to get your job done, be a good attorney by spending a lot of time on the client’s case, while also being a good parent.

Why is this bad?  Because you have no idea where that data is physically residing, no guarantees that it won’t be viewed by administrators at the server side, and certainly, no assurance of the encryption that your IT policy requires for documents outside the firm.  Some might say that IT should block the ports for DropBox.  Really?  That’s not going to solve the problem, it will just make the attorney’s that are the life blood of your firm angry.  What’s the next best solution?  Provide an alternative!

If you can provide an alternative solution, hosted by you, that can give the same sort of access to your users, then you can help mitigate the risk to the firm in a positive, proactive manner.  And this solution isn’t rocket science, it is possible today with ownCloud.  In the case of the legal story above, it would have been simple: that laptop locked in the office would simply not have synced after the attorney was terminated – the files could have been un-shared with the attorney, and gone.  There would have been no espionage other than what sounds like a bad separation.

Now that’s simple.

By Matt Richards

Matt is a product strategist with more than 18 years of experience in the IT industry. During that time he helped dozens of companies create and execute technology strategies, and commercialize new software products. Most recently, he launched Agile Cloud Solutions for CA Technologies, and commercialized SUSE Studio for the SUSE Linux Enterprise business at Novell. Matt has degrees in Mechanical Engineering from Dartmouth College and an MBA in New Product and Venture Development from MIT.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.