mercredi 20 juin 2012

BYOD Exposes the Perils of Cloud Storage

A lire sur:  http://www.cio.com/article/708593/BYOD_Exposes_the_Perils_of_Cloud_Storage?source=CIONLE_nlt_datacenter_2012-06-20

As more and more companies adopt BYOD policies, IT managers are taking steps to prevent employees from using cloud-based consumer storage services with their personal devices.

By Lucas Mearian ,  Mon, June 18, 2012
Computerworld — The dangers of using consumer cloud storage systems became clearer earlier this month, when a hacker claimed that he accessed presidential candidate Mitt Romney's Dropbox storage and email accounts using an easily cracked password.
Slideshow: Top 15 Cloud Storage Tips and Tasks
The apparent hack of Romney's accounts came on the heels of IBM's rollout of a bring-your-own-device (BYOD) policy that bans the use of Dropbox due to concerns that hackers could easily access sensitive information stored there.
Such examples make it clear that it's risky to keep corporate data on consumer-oriented cloud storage systems, say IT executives and analysts.
"IBM has the world's biggest BYOD program, and they just locked down Evernote and Dropbox because they discovered their future product plans and all sorts of really sensitive data was being beamed automatically out to these services," said Dion Hinchcliffe, an executive vice president at IT consulting firm Dachis Group.
Though companies are increasingly tightening their BYOD policies, most have yet to address the use of consumer apps and services such as cloud storage on mobile devices.
"Cloud data centers are becoming high-value targets" of data thieves, said Hinchcliffe, raising the possibility that "someone inside the company with the keys to the castle" could be bribed to share data with hackers. "There's a lot of temptation," he added.
Dave Malcom, chief information security officer at Hyatt Hotels, said he's keenly aware that employees are using consumer-grade cloud storage services with mobile devices on the job, and he's taking steps to address the situation.
For instance, the hotel chain is surveying employee workstations to determine whether cloud storage apps like Dropbox have been downloaded and, if so, what data is stored on them.
If a cloud storage app has been downloaded, "there's probably a corresponding machine they're placing documents on that we don't own," Malcom said. "We're starting to get in front of it [and] we're trying to provide a corporately blessed service."
Among other things, Hyatt's BYOD policy requires employees to register mobile devices, and it prohibits the storage of confidential data outside the corporate firewall. The company also makes no bones about the fact that it remotely wipes all data from lost or stolen devices.
Nonetheless, "we're not naive enough to believe that a policy alone is the answer, and that we don't need technology" to help people follow the rules, said Malcom. "We want our employees to do the right things, but we know there may be times that they don't have the tools."

Aucun commentaire:

Enregistrer un commentaire