Corporate Data Appearing On Personal Clouds
Enterprise cloud adoption has led to cloud consumerization, but how safe is any personal cloud?
Remember when you’d join a company and they’d issue a desktop computer and corporate-issued cell phone? And remember all the company’s data was stored in a server on-site at the company? It’s fair to argue that occurred in a different century. Indeed, those days are long gone. We now live in a world of digitalization, mobile computing, and cloud computing proliferation – and that has made more complicated the protection of corporate intellectual property and data.
The proliferation of mobile computing has exploded, bringing about a new order: first laptops were born, then smart phones, iPad, tablets of the likes of Amazon Kindle and Apple iPad, and then Microsoft produced its uber Surface tablet that would be smaller than a laptop and as powerful as a desktop. The “Bring Your Own Device” to work reality brought to corporations a realization that official policies needed to be established by corporate IT and enforced to safeguard corporate intellectual property and data within the enterprise, and indeed, the data infrastructure or plumbing itself.
A two-front defensive war became a major obsession for corporate IT – to guard against the enemy outside the firewall, and fight the enemy within the corporate firewall. Oh, and if that wasn’t enough of a task, corporate IT has had to ensure that while it is engaged in a war to protect corporate intellectual property and data, it must work with employees to define the realm of employee privacy and then take measures to respect employee privacy.
The Do’s And Don’ts
Official policies of do’s and don’ts for using your own personal mobile computing devices for work have been successfully compiled by corporate IT staffs, and some have even purchased IT security and network monitoring products to help them – and employees — achieve certain strategies of ‘corporate-appropriate’ usage. How does this play out?
A software developer was asked to work on-site at a company, and he was encouraged to use his own laptop and the local Wi-Fi provided by her company. That Wi-Fi network browser was monitored by a tool that issued a set of rules and regulations installed by the corporation’s IT staff – forbidding access to certain web sites. For example, the business-oriented website LinkedIn was ok to visit; the personal dating site Match.com was blocked.
Just when you thought, with the advent of BYOD, that the war to protect corporate intellectual property from outsiders and enemies within had become a mission possible, enter the complexity of cloud computing proliferation – first for the enterprise, and now for the consumer.
Clouds are networks of servers connected together in a way that allows centralized data storage and access to various services and resources. The benefit of any type of cloud — be it “public” or “private” — is the potential for the data it stores to be accessed at all times by authorized users. Most enterprises have been comfortable using the cloud, with vendors like Citrix, offering up “application-centric” cloud platform services. With the rise of Box.com, Dropbox, Google Drive, Apple iCloud and others, consumers too are using the cloud in ever greater numbers – even if they don’t exactly know what “the cloud” is.
Whether you’re an enterprise or a consumer, a major assumption exists — that really hasn’t been substantiated — that the cloud itself is secure. There’s a lack of transparency when it comes to corporate IT knowing where their data is stored and if it is safe, so having a corporate policy around cloud-consumption is key to ensure you know where your cloud sits and what level of protection is being afforded.
A survey of nearly 300 IT professionals conducted by Voltage Security indicated that almost half couldn’t say in which countries their data resided, and 30% were completely unaware of data residency laws and requirements.
Data and applications on online clouds are separated so that only authorized users may access certain subsets as appropriate, but what’s clear is that not all clouds are protected equally – against outsiders and even potential enemy within the cloud organization itself. Performing proper diligence on your cloud-provider and mitigating risk by enabling a secure enterprise cloud will provide corporate users the benefits they seek from a cloud-based service; while safeguarding corporate data – it all comes down to be proactive, and having a corporate approved strategy.
Bottomline: we live in a digital world in which enterprises and individuals are using computing devices and mobile computing devices that produce and distribute digital data to the cloud; and in this world individuals are bringing their own devices to work – and along with it, to some degree, their own clouds.
How transparent should and can cloud providers be when it comes to security or what questions should you be asking today? If companies do their utmost to develop and enforce policies surrounding BYOD, what good is it if the strategy fails to address the cloud itself?
By Nicholas Lee