The Unforeseen Risks of the Cloud

Tuesday, August 21, 2012

Barrie Hadfield

C67c179cd59e50f867e06086f5b2d21f

While it has revolutionized collaboration, the cloud can also bring with it potentially serious security ramifications, like intellectual property theft or data breaches.

To understand why, first consider just how drastically the cloud changed enterprise security protocols. Sans cloud technologies, collaboration largely occurred through internally-sanctioned email clients and conference calls.

Then, the cloud burst onto the scene. Suddenly, consumer tools that would have made IT cringe a decade ago became omnipresent and the concept of a protected, corporate firewall essentially evaporated, opening the enterprise to three, largely unforeseen, risks.

Traditionally, enterprise communication and collaboration tools were introduced by departmental heads or IT administrators, always after some security audits. The cloud took a reverse path to enterprise ubiquity, enabling consumer-grade tools to seep into the corporate collaborative ecosystem via lower-level employees who were either already using them for personal reasons or heard about them from friends at other companies.

These tools then trickle upward and remain officially unsanctioned by administrators, meaning IT administrators have zero insight into how these tools are used – or what happens to information uploaded there.

For instance, an employee sends herself a document with sensitive information via a consumer file-sharing application. The company has no insight into the life cycle of this document from that moment on, including whether it is forwarded onwards, illegally modified, or even lost.

Additionally, these consumer cloud tools have started to compound the issues that IT face around application sprawl and data silos – a multiplier effect as it were, but for all the wrong reasons.

It has been stated many times before that Steve Jobs' greatest legacy was his emphasis on usability in design. It has revolutionized the way humans interact with technology, and all major technology companies have since followed suit.

An unfortunate casualty of this mindset has been security, which, if taken into consideration at all, has been relegated to a distant afterthought among consumers drawn to cool designs and intuitive functionality.

Because of their target customer demographic, consumer-based cloud platforms focus exclusively on usability and do little, if anything, to prevent the improper distribution of sensitive files and information across the firewall. In addition, employees aren't trained to think about this either.

When coupled with the consumerization of IT and the plethora of mobile devices now used by employees across a seemingly unlimited geographical region, the opportunities for corporate documents to fall into the wrong hands, or be altered and distributed illegally, become essentially limitless.

This is, perhaps, the greatest collaboration challenge faced by the enterprise today. Tangentially, companies now need new ways to track corporate assets, and ensure that ex-employees are no longer allowed access to sensitive information after leaving. 

When you look at the Microsoft Office suite, you might not fully appreciate how great it is to have a full set of tools that are integrated into one platform.  

On the other hand, disparate cloud-based platforms are not designed to work well with each other. It is capitalism at its finest. They are meant to be in direct competition, and despite that it might make it easier on all of us; any integrative capabilities that would thus imply cooperation are non-existent. This forces employees and IT administrators to invest time in learning about and transferring information across a mish-mash of a, at best competing at worst conflicting, set of tools.  

This compels impatient employees to develop workarounds to ensure the best collaborative process possible. For most who work in enterprise security, I don't need to iterate that “workaround” should be an expletive.

At the same time, the cloud can be an incredibly effective tool for professional collaboration. In fact, I believe it has the potential to be the single greatest improvement in employee communication since the advent of email. However, it must be used carefully. If you are smart about how – and why – the cloud threatens your ecosystem, you can turn that threat into an opportunity.

Barrie Hadfield is co-founder and CTO of SkyDox

Cross-posted from SC Magazine

Possibly Related Articles:
9907
Cloud Security
Service Provider
Data Loss Cloud Security Enterprise Security Risk Management Cloud Computing Managed Services Information Technology Consumerization
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked