The intersection where cloud based consumer and enterprise apps used in the workplace by your employees must figure prominently in your organization’s plan to protect data from cyber risk. This is what I refer to as a culture of cyber security that accounts fully for the realities of modern business and the lives of your employees. But why is such a culture necessary?
Consumer apps can aid productivity but they can also open your organization up to risk through unintentional behavior of your employees that threaten the security of your data. Here are a couple of examples.
Sara is your marketing manager. Part of her job is to post updates on company events and programs to Facebook, LinkedIn and Twitter. There is a good chance she uses the same password to access both these consumer services and the systems she accesses at work.
Ernesto is your top salesman and he is rolling out a new product. He creates a visual presentation that he posts to Prezi as part of his nurturing campaign for web prospects. The data that he loads is meant to be seen by the world. But should the fact that he loaded that data to Prezi for the world to see mean that your organization must forfeit their exclusive right to retain ownership and usage rights to the presentation, and any supporting data, that Ernesto uploaded?
These examples are real world scenarios that happen in organizations of all sizes all around the world. And because of this reality, organizations need to ask themselves “How big of a risk does the overlap between consumer and enterprise cloud apps present to our information systems?”
In reading the Skyhigh’s Cloud Adoption and Risk Report there were a few findings for organizations to consider.
Failure to adequately protect data. Very few of the cloud services, enterprise or consumer, were deemed enterprise ready in this report. Most fail to have adequate identify verification, fail to encrypt data or fail to provide multi-factor authentication necessary to protect an organization’s data. And that is why they are so prone to infiltration by the bad guys among us. Without these security safeguards in place even many “so-called” enterprise cloud solutions open your data up to an unnecessary risk of exposure.
Once data is loaded to the cloud, you no longer own it. The terms and conditions imposed by many cloud service providers give the service irrevocable and royalty free rights to use data that is uploaded. They can use the data you upload in any manner that they see fit through distribution and even exploitation (their word, not mine).
Breaches of consumer services present significant risk to organizations.Studies show that approximately 31% of employees use the same password for both consumer cloud apps (like Facebook, eBay, or Amazon) and then reuse the same password to access the enterprise systems they use at work. The recent eBay breach was not widely believed to present measurable risk to organizational systems and data because sensitive organizational data is not stored on eBay. However, an analysis presented in Skyhigh’s Report shows that the 31% of employee’s who reuse their password present at work and in their lives present a threat to the security of the organizations they work for. How? Well it’s simple. The thieves use the password and user information they gained in their eBay attack to guess which login and password information will allow them access to your enterprise cloud solutions. And sometimes they hit the jackpot. Result? Your data is exposed.
Among other things, this report highlights the need to strengthen employee training to build a culture of cyber security. It also required organizations to develop robust company policies and protocols on password use. How will your organization respond?
View the original content and more from this author here: http://ift.tt/1J1pjKR
from cyber security caucus http://ift.tt/1LcS3Rc
via IFTTT
No comments:
Post a Comment