Data Mobility and Security Biggest Cloud Computing Concern

Monday, September 10, 2012

Bill Gerneglia

44fa7dab2a22dc03b6a1de4a35b7834a

Article by Tom Sloan

BYOD brings potential productivity benefits to employees as well as challenges and concerns to the IT department.

According to Rafel Los in a recent post, productivity is great to talk about, especially when your emplyees work from home and access their corporate email on their tablet, or mobile phone.

But what if that device is ridden with malware, or hijacked to be part of a botnet? These are potentially very serious security and productivity implications for systems administrators, CIOs, and CISOs to address as they can expose the rest of the network to data loss.

So Who Supports a "Broken" BYOD Device Anyway?

What happens when your employee's personal laptop is not operating rationally? Most likely the user calls IT department for tech support.  We all like to complain about how poor tech and PC support is in many organizations, it's one of those things that we complain about until it is no longer available.  

Your employees may think your IT support is a poor performer, until they have to call the retail store where they purchased their mobile phone, or the manufacturer, or worse some 3rd party - because their device is not able to access their corporate email.  

When there is a clear ownership of the device (corporate owned device, corporate problem, right?) the support call is clear - but when the corporate email simply "won't work" on, say, an Android device - who should receive the tech support call?  One can just hear the string of "well, that's an issue with your corporate email, call your provider" calls, and finger-pointing endlessly from carrier, to hardware provider, to corporate IT... where does it end?  Who ultimately takes responsibility for the support?

Making a clear distinction is hard, because if it's a personal device you can't expect your IT organization to support every available mobile device, or can you?  It would be difficult to imagine your corporate IT support staff would handle Apple, Samsung, HTC, Motorola, LG and countless other devices each with their own operating system, applications, and carrier issues. 

Think about these tech support issues when you talk about increased productivity gains. How fast can your corporate support team offer support for a  device they own end-to-end, versus having to share responsibility and potentially finger-point with other vendors' support organizations?

On the other hand... this could be a good situation for your IT support organization. Not having to have fully staffed tech support department that supports cell phone carriers, operating systems, applications, corporate connectivity and everything else lets you focus on the things that really matter to your company. Your corporate applications should matter because you support those - why not outsource the support of everything else to the experts?

BYOD initiatives and support issues such as these continue to cause headaches for IT departments. Their security mandates grow exponentially as they struggle to prevent corporate data leaks from their private networks onto public clouds. Some of the biggest concerns of IT decision makers dealing with public clouds are the loss of corporate data and control of the location of that data. 

These concerns are documented in a recent survey of more than 150 CIOs conducted by cloud storage services specialist Mezeo Software. The survey findings indicate great concern over data leakage onto the public cloud was high, with more than 80% of respondents rating their concern as an eight or higher on a scale of one to 10.

Compliance and data availability were also highlighted as concerns, but were considered less worrying than data leakage. For the most part, survey respondents were not as concerned about data theft. However, no one believed their organization was exempt from data leakage to public clouds.

The rise of bring your own device (BYOD) initiatives and personal decision-making by employees were cited as the greatest causes of data leakage. Approximately 42% of respondents said they were actively preventing data from being stored on public clouds. Budgetary restraints, a lack of available options to help keep corporate data behind firewalls, and an inability to mandate that users stop using consumer tools and public clouds were the top obstacles to stopping data leakage.

"Even if CIOs find a solution, other hurdles need to be overcome including the inability to control users actions. Some IT teams have taken a tough stance and have forbidden use of popular consumer-based tools that store data on public clouds. However, most IT teams don t have the corporate backing to do this," the report concluded. Nearly 70 percent of respondents said they allowed their employees to bring their own mobile devices to work, while about 40 percent said they allow company provided devices and allow corporate data access on them. One third of respondents said they only allow senior management to have access via mobile devices.

"This survey tells us that IT executives have a high level of concern as they face the real challenges associated with the consumerization of IT, including corporate data leaking onto public clouds through consumer-based tools," said Steve Lesem, the CEO of Mezeo Software.

"Without adequate policy protections and corporate-endorsed alternatives in place, mobile corporate users are doing what it takes to increase productivity, with or without input from IT. You don't want to stop progress -- but you can't risk control. The good news is you can deliver both. The key is control."

Cross-posted from CIOZone

Possibly Related Articles:
6512
Cloud Security
Service Provider
Cloud Security Enterprise Security Data Loss Prevention Managed Services Employees Mobility Policies and Procedures BYOD
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.