Keeping Data Out Of The Insecure Cloud

  /     /     /  
Publicated : 22/11/2024   Category : security


Keeping Data Out Of The Insecure Cloud


Companies looking to keep their data safe need to give their employees a choice of solid file-sharing services and apps. Otherwise, its back to their insecure favorites



File sharing is both a boon and a danger to companies.
While speeding communications between employees and corporate partners, unrestricted file sharing carries with it the risk of leaking sensitive information. Services such as Dropbox, Google Drive, Apples iCloud, and Microsoft SkyDrive allow workers and consumers to share files and collaborate, while at the same time increasing the likelihood that attackers get access to -- or malicious insiders make off with -- confidential documents.
There is no way that you can be totally sure that people are putting enterprise data somewhere where they shouldnt, says Dimitri Volkmann, vice president of product strategy for enterprise technology provide Good Technology, which provides mobile business software and platforms. Its an illusion to think its possible.
Yet companies cannot ban the tools for collaboration because the benefits of quickly sharing files are just too high. Three-quarters of small and midsize businesses, for example, have adopted file sharing for productivity reasons, according to a June survey funded by software-security firm Symantec. Other research, by analyst firm Aberdeen Group, found that two-thirds of best-in-class companies use secure file sharing, while only a third of laggards use the technology.
The evidence is that the top performers continue to address the need to share data through secure, reliable and well-managed commercial solutions, while all others, perhaps overwhelmed (by complexity) may be losing control of their policies and processes in this area, Derek Brink, vice president and IT research fellow with Aberdeen, stated in the report.
To secure their data, companies need to set strict policies and educate their employees on the dangers of unrestricted file sharing. Yet using just the stick will not work; you need a carrot as well, says Goods Volkmann.
Because of the nature of the bring-your-own-device [BYOD] trend ... from an IT perspective, if you dont find a way to give your employees a solution that is secure, they will find an insecure one, he says.
[ IBM tracked cases that show an increasing number of large password stores targeted by thieves, even when the passwords are hashed with encryption mechanisms. See
Bashing The Hash: IBM X-Force On Password Follies
. ]
To convince workers to use a service, it has to be well-designed, Volkmann says. Companies should focus on providing consumer-friendly, but secure, options to file sharing and regain control of the policies securing the data.
Nearly 80 percent of companies using secure file-sharing service Accellion, for example, deploy the companys on-premise solution to create a private storage cloud. Employees can use the infrastructure no matter where they are located to share documents and collaborate, while giving the risk and compliance team the ability to monitor controls.
It is important for an enterprise to pick a solution that offers the capabilities that end users are used to in a solution like Dropbox, but provide the IT folk with the security controls and the compliance reporting, says Hormazd Romer, senior director of product marketing for the firm.
Startup WatchDox has taken a similar approach, but focused on providing detailed monitoring of security controls while keeping the end users experience simple.
Another aspect to managing the risk: When dealing with a cloud service, companies need to pay attention to the rights that a storage provider has to the enterprise data, Accellions Romer says. In addition, while any modern file-sharing service should strongly encrypt the users data, companies should be concerned about where the keys for that data is kept. Encryption keys stored with the data allows the service provider -- and possibly an attacker -- to easily access the data.
Goods Volkmann stresses that IT managers should not expect a perfect solution -- employees can bring in a personal device to get around any reasonable security a companys IT department can create.
At the end of the day, employees could have a BlackBerry in their right pocket and a personal iPhone in their left pocket, he says. It is really about education and giving them the right tools.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Keeping Data Out Of The Insecure Cloud