Users are sharing information on social networks and using public cloud services to move data from corporate to personal devices in ways that by-pass company security policies and systems, and expose company data.
see the entire article Infosecurity http://www.infosecurity-magazine.com/view/29797/companies-are-losing-control-of-their-data-to-the-mobile-revolution/
A survey by Vanson Bourne for Quest Software, part of Dell, has found that 65% of European CIOs believe that employees share corporate data in the fastest and easiest way, regularly bypassing IT policy. 98% believe that this is caused by poor identity and access management, prompting employees to use third party sites as ‘work-arounds’. Such work-arounds, the use of systems outside of corporate IT control, is sometimes called ‘shadow IT’; and BYOS (bring your own services) is a prime example. Employees are increasingly using third-party services, such as Dropbox, to move company data from company to personal device, by-passing company security controls.
Ben Rapp, the CEO of Managed Networks, describes the process. “The initial motivation for ‘bring your own device’ came from the user, not from IT,” he blogged this week. “The reason is that users continually, and naturally look for ways to make their work easier and more efficient. IT often struggles to keep up with such demands; so while BYOD has become acceptable, IT support for BYOD often lags far behind.” The result, he adds, is that sensitive company data can be left exposed on route to, and at rest on third party cloud websites.
The Quest Software survey has quantified this threat. In the past 12 – 18 months, 30% of CIOs have had confidential HR data exposed outside of the business, while 25% have had customer and 23% have had financial information similarly exposed. That exposure provides multiple threats. Rapp points to potential breaches of the Data Protection Act, and exposure of sensitive data to both hackers and malware while outside of corporate security defenses. “And if that user leaves your employment,” he adds, “he automatically takes every file he has uploaded to Dropbox with him.”
As a result of ever-increasing reports of organizations losing corporate data, 62% of CIOs have faced increasing pressure over the past 12 months to better protect company data. According to the Quest survey, the greatest pressure is coming from internal legal teams (41%), CEOs (40%), and Regulators (33%). “Security systems,” warns Phil Allen of Quest Software, “have not been implemented with tech-savvy employees in mind. People therefore resort to the easiest way of sharing corporate data, and many do so without thinking about the consequences.”