Tag Archives: BYOD

The average employee stores 2,037 files in the cloud, a new study says

8 November 2014

The Report ‘Research shows enterprises leaking shadow data to the cloud’ by Rob Wright is absolutely worth reading:

‘A new study by cloud security startup Elastica shows that enterprise employees are unknowingly leaking sensitive data through cloud apps and services.’

The results from a review of about 100 million files from approximately 100 different companies are really alarming:

‘185 files on average are shadow data — data that is uploaded to cloud services such as Dropbox or Google Drive — which has been broadly shared without approval via cloud services with either the entire enterprise or people outside of the company. Worse, 20% of those broadly shared files contain compliance data, with 56% of that compliance data being personally identifiable information such as social security numbers, 29% being personal health information, and 15% being payment card information.’

But the assumption that employees share sensitive information unknowingly, is in my opinion unrealistic. Employees use Dropbox or Skydrive to simplify their daily work!

Although BYOD is a hot topic for years now most of the businesses are not yet aware of the problem. Even if a company has not started a BYOD program, or has deliberately opted against a BYOD program, the existing policies have to be updated and communicated to all employees. If the company has decided against a BYOD program it is very important to communicate the reasons for this decision to all employees.

IT groups must implement appropriate measures to support the business strategy regarding BYOD, e.g. block Dropbox or Skydrive and provide effective and easy to use means for communication with external Partners.

Enjoy the colors …

Evening Colors, 49°35'48.1"N 6°37'05.8"E

Evening Colors, 49°35’48.1″N 6°37’05.8″E

to find some peace of mind for reading the White Paper.

Advertisements

A trusted device on a trusted network? A dangerous illusion!

24 July 2014

Some days ago I attended a webinar about Cyber security. While discussing the challenges of BYOD someone stated:

‘In a hyper connected world thousands of trusted devices connect to your trusted company network.’

In my opinion, trusted devices in a trusted network are a contradiction in itself.

Let me clarify this by an example from daily life.

The moment you are connecting with your company owned laptop across the internet to your company network, you lost the game. Even if you use a VNP tunnel to secure the network connection, your laptop is in a potentially insecure state, since likely infected with malware.

Back in the company network this computers state remains insecure because your malware detection system may not detect the malware. Therefore your company network is compromised as well.

That reminds me of the blockbuster ‘Independence Day’ from 1996. The aliens allowed a fighter jet, that was lost fifty years ago, to dock at the mothership. A trusted device in a trusted network! It was the first and last mistake in their life.

The good news are: This laptop is under your control. You are able to reinstall it with a hopefully not compromised golden image.

But in the hyper connected world of the Internet of Things (IoT) and BYOD most of the devices are not under your control. Moreover, they are in a completely undefined security state, with outdated and unpatched operating systems and applications and insecure SSL certificates for communications. Just a giant black security hole!

To master the challenges of  IoT and BYOD, we have to develop completely new concepts for securing  devices, applications and the communication between the devices and the company network. Trust no one!

In the meanwhile we have to do our best to create awareness for the new threats, and to secure the data in the company network.

By the way, the aliens would have done well to destroy the fighter jet!