Thursday, 5 September 2013

Shall we drop our data into the box?


With the BYOD (Bring Your Own Device) policy becoming widely popular among some organisations, employees are feeling more comfortable, working on their own laptops, tablets or even smartphones. But should employers feel comfortable too? Should they trust the protection offered by file-sharing and cloud services? Think of the recent Dropbox security breach resulting in a massive spam attack, and your response will surely be no.

Most people tend to use similar, if not the exact same, passwords to their online accounts, be it social media, email, banking or cloud services. To a hacker, this is almost like offering up all your sensitive information, and most importantly that of your company, on a silver platter. Sounds scary, but we tend to do it, don’t we? 

Mathew Schwartz says if you are using Dropbox, on an organisational level, you should bear the following points in mind:

  • Monitoring Use
If you decide to allow the use of file-sharing services and/or storing your data in the cloud, you might as well keep an eye on it. Continuous monitoring is the first step towards noticing all potential threats.

  • Comparing Cloud Service Security
Although, many business users have little trust in cloud security, the numbers of accounts keep on rising, but only a few have done their research. Long story short, before uploading your data to the cloud, you must evaluate, whether that particular service provider has the measures to protect your information.

  • Treat Dropbox As A Public Repository
Employees should be informed that until Dropbox steps up its security game, they should consider all their uploaded information public. Almost as if, it was published to the likes of Google+ or Facebook.

  • The risks of insider theft
Insider attacks are listed among the most feared threats, simply because they are hard to detect. Imagine malicious insiders uploading sensitive data to Dropbox, and taking it all with them, when they get themselves fired. You must always have access to your data; therefore, using a centrally managed file-sharing service should be a no-brainer.

From the above points it seems obvious, that cloud security should be absolutely essential to every user. Luckily, many well-secured cloud providers are available. However, their services can be expensive. But, then again, consider the costs of a secure cloud, as opposed to the potential costs caused by a breach. You know it's money well spent. 

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.