Basic HTML Version
magazine
39
01732 759725
Mobile phone use
may pose significant
security risks for
companies
Organisations are leaving
themselves open to potentially
serious security and legal risks
through the improper use of
corporate mobile devices by
staff, the University of Glasgow
warns.
Researchers analysed a sample
of 32 mobile phones returned
by employees of a Fortune 500
company and found they were
able to retrieve large amounts of
sensitive corporate and personal
information.
Data yielded by this study
included items that could
potentially have caused significant
security risks, led to the leakage
of valuable intellectual property
or exposed the company to legal
conflict. Researchers also retrieved
a substantial amount of personal
information that could have put
personal and corporate security
at risk by encouraging social
engineering attacks on individuals.
Based on their findings,
researchers argue that current
policy and processes governing
data security are not keeping pace
with the growth of smartphone
use within the corporate sector.
Dr Brad Glisson, director
of the computer forensics and
e-discovery MSc program at the
University of Glasgow, said: “This
study indicates that relatively
featureless mobile phones are
putting organisations at significant
potential risk. The amount of
corporate information involved is
potentially substantial considering
that the study targeted low end
phones. The amount of data that
we recovered even from this
limited study gives us an indication
that there is an opportunity to
improve policies from social-
technical and technological
resolution perspectives.
“This exploratory case study
clearly demonstrates the need for
appropriate policies and guidelines
governing use, security and
investigation of these devices as
part of an overall business model.
This becomes even more apparent
as businesses gravitate towards
the cloud.”
updating of folders significantly increases
bandwidth requirements. Even a separate
sync directory doesn’t produce more
efficient workflows: employees want
to access the files they need and work
with current information at all times
and continuous synchronisation of all
users and devices just isn’t feasible in a
corporate context.
The answer is a uni-directional
synchronisation process where changes
are not automatically reflected on the
corporate server. Instead, the user himself
can determine which directories are saved
on the server and shared with colleagues.
If changes are made to documents, the
user must be offered the possibility of
saving the file under a different name on
the corporate server, without overwriting
the original document.
Mastering security
Another important challenge in company-
wide implementations of a file-sharing
service is mastering security requirements.
Corporate data must be fully protected
at all times and the security of data
in the cloud, on the device and during
transmission must be guaranteed.
Often, the encryption key is
generated and stored by the provider,
which does not increase the security
of the uploaded documents; no
secure standard protocols are used
during transmission; group-oriented
encryption is completely missing; the
user management of different providers
is not always clear and intuitive; and it
is not always apparent which files are
shared with whom, which means that
documents could be found via search
engines, without detection.
One way to resolve this problem is to
install an on-site solution directly into
the corporate network so that there is
no need for an external cloud provider.
This creates a truly secure solution that
can be used with existing Active Directory
rights and avoids the need to maintain
two separate systems.
With on-site solutions, control
remains with the company and security
guidelines can be implemented easily.
Employees can be offered a company-
provided, functional and secure
alternative to insecure cloud solutions
and still take advantage of online storage
for use with mobile devices, whether
personal or provided by the employer.
The cloud can be used as a storage
location for all relevant company files
and as a starting point for improved
employee collaboration.
Today, there are many cloud services
that have not been designed for private
users, but specifically for businesses.
Before deciding on a provider, a company
should do a considered analysis of the
options available. A comparison of file
sharing providers will reveal significant
differences, in terms of the functions
offered and security standards.When
making such an important decision,
companies should always take into
account their own criteria and data
protection requirements.
Dropbox and the like have done a
great job offering consumer-level file
sharing features. However, they lack the
on-premise, secure and fully integrated
features that enterprises want and which
are imperative for corporate success.
...easy set up
and access
from anywhere
means that many
employees are
already storing
data unnoticed
in insecure cloud
services.
Provider
Product
Cloud
Storage
Price 1
User/
Month
iOS Android Blackberry Windows Mac Linux
Dropbox
Dropbox for Teams
1000GB/
5 Users
E
10 yes
yes
yes
yes
yes
yes
Wuala by
LACie
Wuala Business
Starter Pack
100 GB/
5 Users
E
6.48 yes
yes
–
yes
yes
yes
Google Inc
Google Drive
100 GB/
1 User
E
3.76 yes
yes
–
yes
yes
–
TeamDrive
Systems
TeamDrive
Personal Server
2 GB/
1 User
E
5.99 yes
yes
–
yes
yes
yes
CloudMe AB CloudMe
100 GB/
1 User
E
9.90 yes
yes
–
yes
yes
yes
SugarSync
SugarSync for
Business
100 GB/
3 Users
E
14 yes
yes
–
yes
yes
–
Cortado
Cortado Corporate
Server
Unlimited
E
3.97 yes
yes
yes
yes
yes
yes
Overview of current cloud services
Russell Crawford is
regional director UK&I,
Netherlands and Africa
at Cortado. He has
been working with
Cortado for more than
nine years.