This could be anything from sharing content to sending internal messages, uploading pictures to storage and backing up data. But with more and more people using this technology, transferring data to cloud technology can put security at risk, without even realising they are doing so.
Unknown threats: IT departments left in the dark
“The biggest problem is that employees are using cloud technologies without vetting them for safety,” says Rajiv Gupta, CEO of cloud security start-up Skyhigh Networks.
“With liberated employees, it’s as easy as getting an email with a link and clicking on it. The IT department are usually the last to know, and it can be a serious risk to your data.”
This has generated a fear that appears to be seeping through businesses, as cloud security start-up Skyhigh Networks announced recently that they have raised almost $40 million in capital to expand its two-year-old business overseas.
Mr Gupta argues that the unknown threat of cloud security is the most dangerous aspect.
“In every company out there, it’s a big difference between the number of cloud applications approved, and the number that are being used.” He estimates that there could be between 10 and 30 times more applications being used than are known by information security officers.
Employees are unaware of how the programs they use can affect them
Many employees may not even realise they are putting their companies’ data at risk by using programs and applications like iCloud, Dropbox, and Evernote – but these are all cloud-based services that have the potential to be hacked. If employees use them to store valuable data, it poses big security risks.
Mr Gupta recalls speaking to the CEO of a bank about cloud space, which he knew all about and was confident his business was as secure as it could be with the cloud.
“Then he stopped and said, ‘Wait, I’m using Evernote to store my details. I create these codes, and even I am violating theses codes!’ We are all using cloud technology in different ways, to different degrees, and businesses must recognise and understand it all.”
Multiple mobile devices
One of the problems chief information officers are facing is their staff bringing smartphones and tablets into the workplace and using them with company and public WiFi.
Guy Bunker, product and cyber security expert at Clearswift cyber security solutions said: “As employees increasingly rely on mobile apps as a data hub for work files, including cloud collaboration, it’s more important than ever that mobile security is put in place, as well as ensuring best practise concerning passcodes.”
“As we move into the ‘bring our own app’ or BYOA era, businesses and employees have very little visibility over the data exchange between the devices and the cloud,” said Garry Sidaway, global director of security strategy at NTT Com Security.
“The Global Threat Intelligence Report showed that many applications that send sensitive data to the cloud are not being detected by anti-virus software.”
A centralised IT solution?
Gareth Maclachlan, chief commercial officer at mobile protection firm Adaptive Mobile says that a centralised solution to “identify and apply on sites employees may connect to” is the best way to mitigate the risks that can arise when using cloud technologies.
“There’s no other way of knowing whether people are using third party applications which could be unsafe,” he said. “We need to be sure that if we connect to a service that we know if it can become compromised or not.
Alternatively, he suggests that IT officers might consider outsourcing to third-party security firms to make sure their data is as safe as possible.
Bruce Grove, general manager for cloud gaming platform OnLive, is positive about the use of cloud computing despite its risks, and insists its use “will accelerate”, and that “companies need to embrace it”.
“The key is to understand the risks of cloud technology, and remember that it is just a tool to solve a problem of your security needs and business needs,” he said.
“Central management of cloud-managed data means that I can switch that data off at any time and then access it is I need to, but I don’t have to manage the individual devices.”
He also suggests that protection can be helped with multiple back-ups, resources, and points of access. Companies also have the option of developing their own cloud solutions that are purpose-built and managed for them directly, as opposed to using a third-party system.
“Companies in tight security industries, such as financial services, are looking into this,” he said. They want to keep everything within their own control.”
The blurring of boundaries between home and work
With access to cloud technology online available to almost all employees in the office and at home on the same device, the scope for bypassing the IT department for solutions to IT problems poses even more of a risk, with more unknown applications, and the use of public WiFi which can more easily be compromised.
“Our work lives are becoming more intertwined,” said Mr Gupta. “The consumerisation of IT has expanded, it’s convenient and employees like it. More often than not, the same devices are used at home as in work, and most people don’t think about it.”