Welcome!

Cloud Security Authors: Liz McMillan, Elizabeth White, Pat Romanski, Zakia Bouachraoui, Yeshim Deniz

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Post

How Free Apps Can Destroy an Organization By @IanKhanLive | @CloudExpo #Cloud

How popular apps with a dark side may open the doors of destruction for your organization before you grab your morning coffee

How to Destroy an Organization in Three Ways with Nothing but Free Apps

I didn't want to be so dramatic, but I couldn't help but be completely honest as well. The end possibility is that your entire organization may suffer the fate as Sony Pictures, Target, Anthem and others that have been shaken by hacks and vulnerabilities in their networks. In some cases it has been analyzed that hackers sat in for months stealing data, until they chose to tell everyone about their presence. That's probably one of the reasons that websites like WikiLeaks are constantly able to churn document after document, exposing one thing or the other. Without supporting any of these and staying neutral, enterprise IT does face a daunting task of protecting the fort from everything out there. It's not that enterprise IT is not doing their job. The fact remains that end users within organizations are causing a huge disruption by adding consumer-level apps to their work life. The advent of BYOD and a harmless Wi-Fi connection to your work Internet is all that is needed for the hacks to start happening.

Document Sharing Applications
Consumer grade applications such as Google Drive, Microsoft Sky Drive. Box.net, and Dropbox are amazing applications. You get a tremendous amount of storage space online, they integrate with your Android or Apple phones and essentially provide a high level of convenience for the consumer. In the business environment, they open up a loophole that's an IT department's nightmare. Apps like Dropbox within an enterprise keep a door open for anyone that a document has been shared with. Once employees leave the organization they may still have access to the links, which even if encrypted would render them useless for other users. On the other hand consumer EFSS (Enterprise File Sync & Share) applications like Box are vulnerable due to it not being secure. Yes, the right encryption at multiple levels may reduce the impact. The same goes for Google Drive and others. Mind you we still haven't discussed anything about a private or public cloud. The public cloud framework is excellent, but may not work if you are hesitant to share documents on a server that's not private. Overall document management, EFSS and consumer grade solutions pose the highest risk for any organization. The problem is also that multiple users will create accounts and use different solutions, so it's not uncommon to see users within departments uploading documents on multiple file sharing websites.

Social Applications
Social applications such as Facebook, Twitter and WhatsApp are changing the way we communicate. I use all three for different things and I can't get enough from all of them. Although highly useful, many such applications may pose a risk to your organization's security in many ways. For social media users it's more a matter of policy and to be able to get users to follow protocol when in their corporate environment. Twitter and WhatsApp are apps that need more of an IT usage policy and governance for sharing links, documents and other enterprise digital assets. Of course add-on applications on Facebook may not offer the highest level of security and in fact may be a loophole for spammers and malware cybercriminals to get into your organization and take away from the productive time your employee could have. The effects of malware on employee productivity are highlighted in the Ponemon Institutes Research Report, which mentions that phishing scams can cost an average organization as much as $3.7 million in lost productivity time.

Gaming
Games are addictive and I personally don't believe that we should stop playing them. However, we do need to be selective with the games we download. Here is an example. While Angry Birds may have been one of the most popular games of all times, a Chinese version of the game has been reportedly infected with the XcodeGhost Malware. On the Apple China store, over 25 more games and apps have been compromised by the malware. This is just one incident where a vendor took responsibility. There could be many more that we don't even know about yet. Using any affected app on a smartphone or device that is being used in the enterprise environment opens the door to malware spreading to other machines and devices. The potential threats could be the opening up of ports, time-activated viruses or opening the doors for cybercriminals to sneak in.

Where to Go from Here
Determining and securing all risks to the enterprise at an IT level is a challenging task. This is constantly being made more difficult through decisions and vulnerabilities that employees are making, most of the times in good faith but without the right information. Unfortunately such actions sometimes cost us millions of dollars to undo the damage. For IT managers it's a challenging time ahead as our technology mix evolves to be more complex, and for users it's a time to reflect upon what they use and why. There is definitely a growing need for end users and policy makers to work together and collaborate for a more stable and stronger organization.

More Stories By Ian Khan

CNN Futurist, Forbes Contributor, Author, 3 Time TEDx Speaker and Technology Futurist, over the last 20 years Ian Khan has had the privilege to serve the needs of over 5000 organizations by fueling their growth through technology solutions. He has helped a diverse set of businesses ranging from Technology Companies, Oil Companies, Power Generation & Renewables Operators, Microsoft Ecosystem Partners, SAP Customers and Partners, Healthcare Providers, Manufacturers, Facility Operators, Startups, Educational Institutions, Nonprofits & associations and more. Ian’s experiences with these organizations led him to a unique position of being able to identify the common challenges of growth for all these organizations. The bottom line as he found out, is that we all are hungry for success and want to grow and make a difference. Where we fall short is by failing to understand our environment and taking the right action within that environment. After 20 years serving the needs of the industry Ian’s natural pivot was to answer his calling and help organizations at a broader level understand what tomorrow brings. His work and study of all these organizations brought forward very unique perspectives that he now share through his work. Today, hands down, we live in the great time for humanity. Technology is a great thing, but it also has its victims. Many organizations of tomorrow will fail under the pressure of a fast changing world, much of which is fueled and driven by technology. Ian’s mission is to help organizations avoid that pitfall, and propel themselves into success in today’s era and go from digital disruption to digital transformation in the fastest and most sustainable way. This is the only way, according to him, we can together create limitless value, create solutions that are faced by us locally as well as by others around the globe, and make the world a happier place. Today Ian’s work spans working with people by delivering keynotes, consulting and by promoting his 7 –Axioms methodology through his book and workshops. He is also working on an ambitious project of releasing a documentary in spring of 2018 called Industry 4.0. Industry 4.0 will capture the thoughts and insights of some of the world’s leading thinkers and help us understand the 4th Industrial Revolution, Its Impact, and how we can all be have an opportunity to be part of the emerging future and make the right choices. For more information please visit www.iankhan.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...