Welcome!

Cloud Security Authors: Elizabeth White, Pat Romanski, Maria C. Horton, Liz McMillan, Ravi Rajamiyer

Related Topics: Mobile IoT, Microservices Expo, Wearables, Cloud Security

Mobile IoT: Blog Post

The Challenge of BYOD

Managing security in a mobile universe

Don’t care how…I want it now!
-Veruca Salt (Willy Wonka and the Chocolate Factory)

We live and work in a world of immediate gratification. In the name of greater productivity if you need to check inventory from a supplier’s warehouse…click there it is. Share a file on Dropbox, no problem. Add detail about a meeting in the sales database… click! Update your Facebook or LinkedIn status. Email a white paper to a potential client...click, click. Want to see that flying pig meme…well, you get the picture.

Now that’s not necessarily a bad thing…unless you’re an IT professional and the those accessing and storing your network assets use unsecured/unauthorized devices while potentially bypassing security protocols. But unlike Veruca Salt quoted above, it isn’t the user who falls into the garbage chute—the risk is to the security of the network. And it's happening more often than you think.

Many organizations are now allowing employees to use their personally-owned devices for work purposes with the goal of achieving improved employee satisfaction and productivity. However, this comes at an IT price. Users love the mobility and the immediacy of smart phones and tablets, but forget these devices are just hand-held computers prone to the same intrusions, attacks, viruses and risks as the computers used in the office. The larger problem is many users don’t see that, so every time they sign on to your network or download an app, it creates a wider and wider vulnerability gap for the enterprise network.

This issue is not unique to a company of any particular size or one vertical market, however the solution, whereas not simple, is clear. There are several moving parts that require elements of identity management, access management, SIEM, WebSSO and SaaS SSO. It incorporates a suite of integrated answers that together can let you rest a little better at night. The idea that if you build a strong perimeter or have users install anti-virus on their devices, the problem goes away. It simply puts the finger in the dyke, and the overriding issue still exists. Your proprietary assets are still exposed.

First off, regardless of whether you approach the solution from the cloud or more terrestrial confines, you need to rethink the risk, revise the policy and enforce the rules. You have to consider how best to maintain compliance (PCI, HIPAA, and/or Sarbanes-Oxley), and you need to incorporate the answer holistically. To this end you need new protocols to authenticate and credential users, define authorization rules based on very specific rights and profiles and monitor traffic patterns to identify, alert and act on any unusual activity.

This takes time, money and manpower. All of which are typically in short supply for new IT initiatives. That is why I advocate security-as-a-service. BYOD is a threat that will only grow exponentially and the longer you wait to address the issue head on, the greater the vulnerability gap. However, by taking advantage of the integrated solutions managed from the cloud, organizations gain the benefit of cost-effective, seamless, on-demand, scalable coverage. If you already have a strong SSO, then you don’t add it. If all you require is additional resources to improve intrusion detection and/or password management, the cloud solution exists to leverage your existing architecture. Essentially cloud-based security fills the vulnerability gap with proven and tested solutions monitored 7/24/365.

Managing security in the cloud provides the resource bandwidth to create the rules, easily provision or deprovision devices, automate the alerts and incorporate a more comprehensive and layered protection strategy that includes the BYOD crowd.

But whatever your decision, you need to address the issue sooner than later, because if you don’t take charge, your employees will self-serve based on their own needs. There’s a prescient blog by Joe Onisick of Network Computing who said:

“If you don’t support a particular device, employees will begin to find ways to self-support it. They will bypass corporate IT and, with that, bypass security, compliance, change management and audit logging. It’s a problem that will continue to get worse, and, as with any problem, an ounce of prevention is worth a pound of cure.”

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

IoT & Smart Cities Stories
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Scala Hosting is trusted by 50 000 customers from 120 countries and hosting 700 000+ websites. The company has local presence in the United States and Europe and runs an internal R&D department which focuses on changing the status quo in the web hosting industry. Imagine every website owner running their online business on a fully managed cloud VPS platform at an affordable price that's very close to the price of shared hosting. The efforts of the R&D department in the last 3 years made that pos...