Mobile Devices Bring Security Risks to WorkAdded 11th Jun 2012
Dropbox made headlines this week when Gawker.com was the first to report that an unnamed hacker broke into Mitt Romney's hotmail account with the same password used for a Dropbox account also associated with the GOP presidential candidate.
That followed on the heels of a decision last month by IBM to rollout a bring-your-own-device (BYOD) policy that bans the use of Dropbox.
IBM CIO Jeanette Horan initiated the policy because she's concerned that that the SaaS service could lead to the exposure of confidential corporate information, according to MIT's Technology Review magazine. (A survey by IBM of its employees found they were violating company rules by automatically forwarding internal e-mail to public Web mail services and using their smartphones as open Wi-Fi hotspots, opening corporate data to outside purview.)
Whether its Romney's email and Dropbox account or IBM's 400,000 employees, the risks associated with BYOD and cloud storage services highlight a problem IT shops now face: The potential loss of corporate data to an insecure public cloud. And it's not just Droxbox. There's a growing number of online consumer cloud services through which data can leak, including Box.net, Carbonite, Google Drive, Mozy, SugarSync, YouSendIt and Apple's iCloud.
"IBM has the world's BYOD program and they just locked down Evernote and Dropbox because they discovered their future product plans and all sorts of really sensitive data was being beamed automatically out to these services," said Dion Hinchcliffe, executive vice president of strategy at Dachis Group, a consultancy. "So they blocked all access to cloud storage applications."
Hinchcliffe said the use of mobile applications is a huge problem in enterprises, but companies have only begun to address the issue. He suggested that every company have a "bus stop" policy: If an employee wouldn't be comfortable leaving company information at a bus stop, they shouldn't be willing to store it in un unsanctioned public cloud.
While many enterprises now have a BYOD policy, they typically do not address the applications that come with mobile devices.
The concern about using public cloud services revolves around the fact that those service providers are becoming a favorite target of data thieves, just as robbers target banks.
"These cloud data centers are becoming high-value targets," Hinchliffe said. "You have to remember, 90% of all data break-ins are caused by someone inside the company with the keys to the castle -- a systems administrator that's being paid to tap a customer list or download customers' credit card information. So there's a lot of temptation in these data centers ... for people who are likely to supplement their incomes and will be tempted to offers.
"You can access not just one company's data but credit card files from hundreds of companies," he said.
Dave Malcom, chief information security officer of Hyatt Hotels, said he's keenly aware that employees use consumer-grade cloud storage services with their mobile devices -- and it's an issue he's already addressing.
He said, for instance, that employees often use the same passwords for multiple systems, including their own devices and web services. That means if an online cloud storage service is hacked, Hyatt's email system could well be at risk, too.
The hotel chain is now surveying employee workstations to find out whether cloud storage apps such as Dropbox have been downloaded and what kind of information is being stored.
"Obviously, that means there's probably a corresponding machine they're placing documents on that we don't own," Malcom said. "We're starting to try to get in front of it. Then we're trying to provide them with a corporately blessed service.
"Obviously, it becomes a lot more challenging with devices we don't own," he added.
Cloud content sharing service SkyDox released a survey on Thursday that shows more than half of all employees leave their IT departments in the dark about the free file-sharing platforms they use to upload corporate documents. The survey of more than 4,000 employees was conducted from April 16-30, and it showed that 77% of employees require access to work documents outside of their office - especially those who work in financial services (89%), professional services (96%) and healthcare (70%).
To enable that access, 66% of employees are using a free file-sharing platform to store or share corporate documents. That percentage spiking to 87% for those in professional services and 84% for those in financial services.
Of those using file-sharing platforms, 55% do not notify their IT department of the file-sharing platforms they use. For some workers, that number is greater. For instance, 71% of employees in sales withhold information from IT, compared to 5% of respondents who work in financial positions.
The survey also r
Cisco today announced Managed Threat Defense, a set of security services for the enterprise that Cisco is providing through two new operations centers to remotely support intrusion-detection, incident response and forensics, among other services.
Sometimes a security patch isn't all it's cracked up to be. The security researcher who first found a vulnerability affecting more than 20 different router models says the patch meant to fix it only hides the initial weakness and doesn't remove it whatsoever.
Salesforce.com recently celebrated its 15th year in existence, and as the SaaS (software-as-a-service) vendor races toward US$5 billion in revenue its influence on the industry is being felt more than ever. At the same time, some signs indicate that Salesforce.com is having a few growing pains, as well as showing some trappings of the mega-vendors it once mocked with its "End of Software" marketing campaign.
Can your tablet withstand a 2-meter drop or be submerged in water for 30 minutes and keep functioning? The new $5,000 tablets from Xplore Technologies can.
A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.
Mainframe operators using BMC software may now be able to enjoy the speedy, devops-style development pace that is quickly becoming the norm for customer-facing mobile applications and Internet services.
Dell released a new virtualized storage accelerator appliance called Fluid Cache for SAN on Tuesday, designed to help customers keep data-intensive applications working quickly under load.
Gone are the days when a company could deploy a standalone security appliance to protect an entire network, McAfee network security general manager, Pat Calhoun says.
Verizon today issued its annual data-breach investigations report, a study of what happened in 1,367 known cases across dozens of industries in 95 countries last year, and the most common form of attack was breaking in through Web applications.
The panic over the Heartbleed bug is proving to be a convenient distraction for hackers using standard techniques in a fresh wave of attacks targeting at least 18 U.S. universities, according to a computer security researcher.
A notorious Windows leaker dubbed 'Wzor' says Microsoft will issue yet another update to Windows 8.1 later this year, evidence of an even-faster acceleration in the company's development tempo.
Jurors in the Apple v. Samsung case have heard a lot of big numbers in the past few weeks.
Wireless technology changes quickly. This matters if you're running a business, as faster Wi-Fi can improve employee productivity as well as customer service. These advances in wireless tech are therefore worth watching.
As CIO at Boeing, Ted Colbert is no stranger to the Internet of Things. For more than a decade, the aerospace giant has deployed thousands of communications-enabled smart devices to sense, control and exchange data across the factory floor, on the battlefield, and within the company's 787 Dreamliner aircraft.
Falling hardware sales and the cost of layoffs hit IBM's profit hard in the first quarter, sending it down 21 percent from a year earlier.