Wednesday, 25 April 2012

The True Cost of Google Drive


Today Google announced the launch of Google Drive, a cloud-based file storage and synchronization solution touting 5GB of storage for free. Google Drive just compounded the IT security nightmare already created by free unmanaged consumer file sharing services such as Dropbox, iCloud etc.
Unmanaged file sharing in business environments is never a good idea because of the heightened risk of data loss and exposure. In the case of Google, a company that’s built its legacy on extensive search engine and targeted advertising capabilities, you also have to question Google’s intentions with storing business information. Just how equipped is Google to handle confidential business data?
If this latest Google Drive announcement is leaving you confused about what to do for business file sharing, you’re not alone.
To help you navigate your way, we’ve outlined six questions to ask when considering a file sharing and storage solution for business use:
  • Is this truly a solution for business? The rapid of adoption of free consumer file sharing services such as Dropbox and iCloud, by business users may have you wondering if the lunatics are running the asylum. But, your instincts are correct if you are wary of unmanaged cloud file storage for business use, If a file sharing solution doesn’t have IT administrative and management tools then it isn’t a business solution.
  • Am I being locked in? Is the file sharing solution from a company trying to carve out a proprietary niche, forcing you to use certain operating systems, devices, or applications? In the case of Google Drive it is part of Google Apps, but native applications are not available for  iOS devices like the iPad.
  • How will my information be used? Check the privacy terms carefully. Google must have a plan to make money from Google Drive customers somewhere, somehow, so carefully review Google’s privacy policy and their right to mine your valuable assets to their advantage.
  • Can I track and view all file activities? If your organization is subject to any type of compliance reulation such as HIPAA, GLBA, SOX then you need to know what’s happening with your organization’s files, otherwise how are you going to demonstrate compliance.
  • Can I set my own security and privacy standards? For business file sharing, you want to be able to establish customized policies and administrative controls related to file access, security, and storage – as strict or flexible as desired.
  • What mobile devices and apps are supported? From Androids to iPhones, make sure that files can be synced and accessed via any device.
While “free” is certainly appealing, in the case of file sharing it always comes at a cost. A security breach from business file sharing could mean exposure of confidential financial statements, upcoming product designs, or employee health information, with implications for privacy and compliance violations and fines, lost revenue, loss of competitive advantage and damage to a corporate brand. For confidential business information, using free consumer file storage and sharing can be a costly mistake.
by Ryan Swindall


Posted by CMI at 08:34 0 comments

Tuesday, 17 April 2012

IT-Thinking Twice About the Cost of Free Apps


Most people treat their mobile devices as an extension of themselves. People text, share, and play their way into two year relationships with the devices they use on a daily basis. In the typical mobile device “relationship,” individuals downloaded an estimated 83 apps in 2011, according to Piper Jaffray and analyst Gene Munster. While that number sounds high, it boils down to about 1.6 apps per week.
Many IT professionals have noticed this trend and are concerned about the use of free consumer apps in the work place. It’s hard to imagine that last week’s discovery of the security hole in Dropbox’s mobile app, by U.K.-based iOS app developer Gareth Wright, eased concerns about mobile security. Wright reported the security hole in Dropbox’s native mobile app that could be used to access personal information. PCWorld also confirmed that Facebook andLinkedIn mobile apps had the same core vulnerability. Widespread use, combined with security vulnerabilities, of consumer mobile apps have IT managers concerned.
Consumer mobile file sharing apps serve a purpose for users that want a quick and easy way to share and store things like family photos, recipes, and videos. However, these un-managed file sharing apps should not be used to send enterprise data of any kind. The security hole that Gareth Wright found in the Dropbox app is an unfortunate example that consumer mobile file sharing apps aren’t architected with the privacy and security measures necessary for an enterprise.
How can organizations prevent employees from using these consumer mobile file sharing apps? The answer is easy. Don’t give employees a reason to use these apps in the first place. Providing employees with an easy-to-use, secure file sharing and syncing alternative from the start is a great way to prevent the use of consumer file sharing apps. Employees should be able to send, share, and access files securely, while IT administrators ensure they’re protected from malicious content. Empowering employees with a safe and secure mobile application is the first step in the process.
by Ryan Swindall


Posted by CMI at 05:44 0 comments

Monday, 2 April 2012

Not waving but drowning

Last week, experts told the US Senate it was time to assume that American military networks have been breached and that ramping up traditional fortress features like firewalls, AV and gateway devices was effectively a waste of time. Dr. Kaigham Gabriel, head of the Defence Advanced Research Projects Agency, compared current information and network protection efforts to treading water in the open ocean; all that blocking and locking did was slightly delay the inevitable.
This reality check dovetailed rather nicely with the release of Verizon’s annual Data Breach Report for 2012, which found that hacking was linked to almost all of the 855 incidents and 174 million compromised records the company investigated in 2011. Malware featured in 95 per cent of all stolen data incidents.
Hacking and malware have been exchanging places in the top three causes of data breach for years now. While there are plenty of tools out there doing a fine job of removing known threats using established methodologies, it’s becoming abundantly clear that this, on its own, is not enough to protect valuable information assets from falling into the wrong hands.
The reality is that focusing on inbound threats is outdated. As Dr. James Peery, head of Information Systems Analysis Centre at the Sandia National Laboratories in the US puts it, “We’ve got the wrong mental model here.” It’s time to focus on the content, not the threat; controlling access is all well and good, but protecting information is paramount.
If there’s one thing that the Data Breach Report underlines, it’s the reality that data theft and leakage come in a variety of flavours and vectors. Traditional, threat-focused methods are the equivalent of shooting in the dark. In today’s environment, it makes far more sense to protect your content and monitor it in the context of how you need to do business.
Knowing where and how your information is used and understanding the context within which users communicate empowers you to extract maximum value without putting information at risk.
Letting AV and threat-detection policies define your information protection stance is not only outdated, as 2011’s data leakage statistics suggest, it cannot protect your data. It’s time to stop treading water and start swimming.
by Nick Peart


Posted by CMI at 06:11 1 comments
Subscribe to: Comments (Atom)