December 11, 2013
The “Bring Your Own” technology revolution is in full swing, with technology publications and IT departments around the globe discussing BYOD (Bring Your Own Device) and its effect on business technology, security, and more. The past couple of years, organizations (and, in a way, even nations) are taking a stance on the issue and developing policies to address it. But what if BYOD was not the biggest issue? BYOD may only be a symptom of another debate in IT: the applications and services that these devices offer. Users’ ability to bring cloud storage apps like Dropbox into the office and use them freely can lead to serious security risks. So should these services and applications be restricted by IT, or is their business value too great? Here are the reasons why you should (or shouldn’t) allow users to freely use these services.
Why You Shouldn’t: Cloud Services Are Too Risky
According to a study published on ZDNet, 77 percent of small business IT departments are either concerned or very concerned about the security of data in cloud storage apps. And there are plenty of examples to support this concern. For example, one IT director named Michael recently shared one story to show the disaster that one employee and Dropbox could have created. Before starting at his company, none of the cloud services were restricted, and, in fact, no restrictions were in place at all. There were even public computers in the lobbies that customers would sometimes have access to. “One of our staff members wanted to get a financial form from his home PC to use at work. So, what did he do? He put it in his Dropbox. Said user then proceeded to install the Dropbox agent onto one of these public PC’s,” he said. What the employee forgot to do was uninstall the program from the computer. “So any random person could go up to that machine and open up this guy’s Dropbox account…and have free access to everything he had there,” including a good amount of “adult content” and other personal documents. “[It] was right out in the open for anyone to see.”
“Moral of the story is, if this sort of service is there for open access it can cause some trouble,” Michael said. “Say if one of our customers saw all that ‘data’. They’d most surely
have left immediately and not given us their business.” This doesn’t even consider the amount of malware that could have affected their systems through this error.
The biggest issue facing these services is that users do not fully understand the risks they pose. “Our smaller clients don’t have a policy and don’t worry because they think that nothing they have is important or that the law of averages is in their favor, Phil Marasco, Director of Security Services at ISON said. “We don’t agree and offer alternatives to reduce that exposure. Our larger clients have policies against hosting files in third party servers and use internally hosted mechanisms like share point as glorified logging file servers. Not optimal but properly protected it is better than allowing Dropbox.”
Why You Should: It’s a Productive, Cost-effective Technology
While there are inherent security risks with giving users the ability to use various business apps and services at work, there are huge benefits to the technology as well. In a recent blog post, Edwin Schouten, argued that services like Dropbox and others are more cost-effective because Applications are increasingly consumed on a pay-for-use basis. “You will not pay double because half of your customers use application A, and the other half use B.”
Shawn Hager, an Enterprise Business Systems Engineer argues that some in IT forget about the business value. “I think the one big mistake that people in IT security make, is they forget about what is important to the business and do security for the sake of security. At the end of the day, it is about business agility,” Hager said. “If you’re doing your job right from a security standpoint, you know what needs to be secured and what data is not confidential.” Hager believes IT should play a role in the decision and do its best to educate business users of the risks. “This is truly a business decision, IT should however educate the business as to the risks of using tools like Dropbox,” Hager said. “That is why we have everyone in our company sign an electronic usage policy that holds them accountable for their actions.”
What are your thoughts on Bring Your Own Apps and Services? Do you think the value it provides is worth the security risks? What do you think of the “Bring Your Own” revolution in general? Tell us in the comment section below.
Posted By: James Sweeney