Superb Internet Facebook Superb Internet Twitter Superb Internet Google Plus Superb Internet printerest Subscribe to Superb Internet's blog RSS feed

The Era of Mobile Insecurity

  • General
  • Security

  • Mobile Flawed Externally & Internally
  • Speed Prioritized Over Precautions
  • Devices Themselves at Risk
  • Taking on the Security Responsibility

Mobile Flawed Externally & Internally

Facebook. Yelp. Google Maps. Trulia. Instagram. Drunken Contacts. Do you have a dozen or more mobile applications on your cell phone? A study just released by IBM and the Ponemon Institute notes the surprising lack of security precautions among mobile software, a general consumer data-safety concern and business risk that they label as “mobile insecurity.”

Almost two out of every five enterprises, some of which are Fortune 500 corporations, are failing to provide appropriate protections for the phone software they design for their clients. The researchers reviewed over 400 enterprises and determined that it was standard for big business to release mobile apps with “‘major security flaws,”’ according to PCMag.

Not protecting the security of customers is one thing. Not safeguarding company-owned phones and tablets, or those within the network under a “bring your own device” policy, is another. While mobile insecurity of customer software is problematic related to liability, public image, and consumer rights, mobile insecurity of the company’s internal technology is a concern related to direct intrusion by cybercriminals – as indicated by CIO Today.

Since protecting the data within an application is not a core concern of so many businesses, people who want to get inside programs can quickly reverse-engineer them, jailbreak phones, and grab whatever information they want, explains IBM security VP Caleb Barlow.

“Industries need to think about security at the same level on which highly efficient, collaborative cybercriminals are planning attacks,” he argues.

Speed Prioritized Over Precautions

It’s all too easy to believe the findings of the study. After all, we have seen:

  • Russia (suspected) hack the US State Department, resulting in the email system being shut down for a weekend in November.
  • North Korea (suspected) hack Sony Pictures, using a slash-and-burn, scorched-earth approach that brought the movie studio to its technological knees.
  • China (suspected) hack Anthem’s completely unencrypted data trove, gathering the names, Social Security numbers, and home addresses of 78.8 million employees, customers, former customers, and non-customers.
  • A criminal syndicate made up of Russians, Chinese, and Europeans (especially Ukrainians) hack into more than 100 different financial institutions, study the activities of the clerks, and seamlessly transfer money into their own hands – literally in some cases, dispensing huge amounts of cash from ATMs.

Beyond those high-profile cases, data breaches are becoming increasingly common and complex – and that’s particularly true with mobile, according to an Arzan Technologies study that estimates there is currently malware on almost 12 million tablets, smart phones, and e-readers.

The Ponemon research paper revealed that the typical enterprise forgoes security testing with more than one in every two mobile programs it engineers. One in three (33%) don’t test any of this type of software. Neglecting to properly check the apps before releasing them to the public (or for internal use) makes it easier for attackers to abscond with information. At this point, safeguarding mobile simply isn’t a priority.

“These numbers are not surprising given that 50 percent of the 400 organizations in the survey aren’t devoting any dollars to mobile security,” CIO Today reports.

As a part of the total budget, mobile is sizable. Along with big data, cloud computing, and social media, it is seen as one of the four pillars of the “third platform” that is gradually taking precedence over the PC (the second platform following the mainframe). Hence, the companies analyzed by IBM invested $34 million into mobile each year on average; but only 5.5% of those funds were dedicated to data protection.

Development is being rushed by the desire to deliver a user-friendly experience to customers. That pressure is coming from the outside and the inside. When asked why apps weren’t tested for security, the top reasons were:

  • Excessively aggressive internal timetables – 77%
  • Demand from clients – 65%

Devices Themselves at Rrisk

The way in which employees typically use their smartphones is also problematic. What that means is that even if a company is employing mobile security itself, it is at risk of infection from apps made by third parties. Although more than half of business staff interact with outside software extensively, 67% of enterprises don’t have any policy to limit what apps can be used.

Recon Analytics data specialist Roger Entner said that security and privacy are not top concerns in mobile design since protection is geared toward stability and credibility rather than immediate money-making.

“It’s important to have more secure applications with privacy in mind,” argues Entner, “especially as both criminals and governments like to find out everything they can about us.”

Typically, he said, security flaws do not become apparent until user information has already been hacked. It’s up to businesses to make sure their customer information is safe, and many of them are falling short with that responsibility.

Taking on the Security Responsibility

In an age of persistent threats to a company’s security and privacy, as well as those of customers, business must concern itself not just with creating internal safeguards but also with choosing the right partners.

If you want to develop in the cloud, choose:

  • An organization registered to meet the ISO 9001:2008 and ISO 27001 standards.
  • Data centers audited for compliance with SSAE 16, Type II.
  • A staff certified to follow the principles described within the ITIL.

All those security parameters are met by Superb.Net.

By Kent Roberts

Why Local IT Pros Hate the Cloud

  • Business Talk
  • Cloud
  • General
  • Technology

Cloud Devices

  • IT Guy: Cloud is the Devil
  • How Cloud Actually Saves Jobs
  • Cloud with Great Support

IT Guy: Cloud is the Devil

Ali Mirdamadi, a consultant with San Diego-based Abacus Data Systems, says that he frequently meets locally based IT professionals who argue against cloud, viewing it as a second-rate threat to their one-on-one, in-person expertise.

Mirdamadi suggests that while he thinks the concern of local IT is valid, it’s better to recognize how their role might be adapting than to battle against the inevitable. After all, cloud is helping many technologists stay in business, as described by Marc Le Guen of Digital Days – discussed below.

Why does local IT get nervous in response to the cloud, though?

The reason, according to Mirdamadi, is that private clouds, public virtual machines, and platform-as-a-service “have become more popular and more affordable which allows Law Firms and businesses to outsource their entire IT needs to experts specialized in data management, security and virtualization.”

Those who use cloud say it makes sense because of the following benefits:

  • Whereas in-house servers are a capital expense that requires equipment ownership, cloud is an operating expense that can be slotted in as a consistent cost per month.
  • Both on-site and digital data protections are enhanced, so it’s easier to stay compliant with any industry-specific regulations.
  • You can easily tie in disaster recovery mechanisms, avoiding the tremendous potential pitfall of extensive downtime.
  • Cloud services render companies more physically and organizationally agile, with space previously needed for servers made available and network weaknesses overcome.

Mirdamadi concludes that the cloud is a transition to a new model of data resource provisioning – and perhaps that goes without saying. However, it summarizes why local IT folks may get defensive when it is discussed. They used to be your middleman to the resources. Now you can go out and get them yourselves.

However, here is where they are wrong: cloud computing is not about slashing jobs.

How Cloud Actually Saves Jobs

Marc Le Guen, the head of sales at Digital Days, says that IT is progressively serving a strategic rather than a tactical role. In other words, rather than gathering finite sets of resources to meet defined objectives of the business, technologists are now tasked with viewing the organization comprehensively and providing solutions to improve the business and its use of resources across the board.

Any technology, whether physical or virtual, has a lifecycle, each phase associated with certain challenges, in a similar manner to people. IT management must pay full attention to the lifecycle of all technological models.

The overarching mission of IT, explains Le Guen, “should be to ensure that the business is up to date with a current solution that enables their co-workers to either have an advantage over their rivals on the market or at the very least remain competitive in their ability to carry out their daily work functions.”

Just like the human lifecycle, the lifecycle of a successful IT service – like any business service – come with a series of stages:

  1. Early adoption – During this initial stage, the technology is still being tested and may be cost-prohibitive. Think of this stage as childhood – and yes, some technology is precocious.
  2. Emergence – This stage is the ideal time for a company to have the solution in place: many hiccups and kinks have been resolved, so systems typically represent a competitive advantage. Think of this stage as young adulthood.
  3. Maturity – At this point, the strategy is an accepted best practice. This phase corresponds to middle age.
  4. Decline – This final period is when the system is being removed, trumped by a newly emergent, innovative approach. This stage is similar to the senior years, and we all know what happens after that.

People in the IT world who tether themselves to the onsite physical server approach should be cognizant of the fact that the localized equipment model is in its third stage, rapidly headed toward the fourth one and its exit. On the other hand, cloud is now in its emergent stage, rapidly headed toward maturity. It is becoming the recognized technological standard.

IT professionals may be convinced that the cloud is replacing them – that it is actually the IT professional that is in decline. Instead of thinking that the job is disappearing, IT experts are best served by recognizing how it is adapting. Cloud doesn’t mean that IT is no longer locally needed. Rather, it means that the specific tasks are different.

Cloud can actually make an IT job much less tedious and repetitive: “Once a cloud solution is put in place,” argues Le Guen, “the IT department can focus on improvements to business through IT instead of just spending all their time on maintaining the status quo.”

Cloud with Great Support

IT has always been fundamentally centered on the cutting edge. Cloud delivers automation at a speed and cost that is impossible to devise locally. IT is changing rapidly, and that means the IT role is too – but support is still needed.

It’s easy for people to think that cloud is self-service IT, and some dominant brands fuel that misperception. At Superb, we have cloud experts on staff to support your everyday technology needs.

By Kent Roberts

Donate Your Own Device: Both IT & Employees Agree that BYOD is DUMB (Continued)

  • Cloud
  • General
  • Security

Note: To read Part 1 of this article, please click HERE.

  • No BYOD at Local Government (continued)
  • Private Sector, Revisited
  • Connected Home & Office – The Final Frontier?
  • Bring Your Own Caution with Cloud VMs

Wilkinson says that his hesitation with BYOD in a government setting is not that high-quality security systems do not exist; rather, the issue is that they are cost-prohibitive.

“But there has to be a middle ground,” he explains, “and at the moment that’s two devices in your pocket.”

What about partitioning information, so that only professional content would have to be deleted if the device were lost? Shropshire Council explored the possibility of distinctly separating personal files, but the solutions they surveyed were unconvincing.

Although Wilkinson isn’t comfortable with letting every employee integrate whatever personal device they choose with the county’s network, he does believe it’s critical to consistently assess the user-friendliness of phones and tablets provided to employees. Shropshire is a Microsoft-based organization, so it uses Surface tablets and Lumia phones, both based on the Windows OS.

Wilkinson says that he is seeing employees resetting their passwords and accessing the government systems from home, suggesting that the company is becoming less firmly rooted in the traditional business day. He says that individuals are integrating their work into their lives as desired, and he sees that as positive.

“If working from home doesn’t become the default,” he argues, “people will never be able to integrate home working into a flexible lifestyle that can work around life events such as hospital visits.”

Well, sure. You know what also will be great? People will be expected to get projects done when they are at home. That’s kind of how it works. It’s a way to get people to work 60 hours a week rather than 40, because you’ve now enabled them to work 12 hours a day. Earth to Wilkinson: No one wants to be fooling around with their depressing government job on a Sunday. You have apparently been drinking Kool-Aid supplied to you by the UK’s Bureaucratic Productivity Agency. I hope it was the cherry flavor, which is delicious and makes it easier to stomach all the manipulation.

Private Sector, Revisited

Although we can argue about whether the “work from home” trend is about optimizing employee freedom or trapping them inside an Orwellian nightmare, the third CIO interviewed by Computing remains consistent with the anti-BYOD attitudes of Reed.co.uk and Shropshire Council.

Martin Davies of UK-based gambling company Bet365 does not understand what is supposed to be so positive about BYOD. With a broader set of devices, you get a broader set of security concerns. It’s that simple.

The developers at Bet365 are given all the computing equipment they need when they come onboard at the company, explains Davies, who also notes that he does not expect employees to EVER be able to connect with whatever devices they want.

Many financial transactions flow through Bet365, so Davies’ concern with precautionary measures is wise.

“Wireless is just another extension of your attack surface from a security perspective,” he comments. “We’ve started allowing it, but it is very segregated from the main network and it is very tightly controlled.”

What exactly does he mean by tight controls? Well, Wi-Fi is used purely by developers to test mobile apps. The only way for the company to responsibly provide mobile use to its customers is to check everything out themselves. Employee convenience and flexibility are moot points given the increasingly treacherous threat landscape. The only situation in which Bet365 uses wireless is when there is no other option.

In order to properly test the applications, wireless is necessary, says Davies. Since client cash is flowing in and out of the firm consistently, losses could be astronomical if a breach occurred. Even with its Wi-Fi network, Bet365 has numerous access point controls and immediately shuts down any connections that look suspicious.

Connected Home & Office – The Final Frontier?

Whereas Bet365 takes a hard line toward accessibility, assuming a future in which everything will remain tightly contained, Ridley (the Reed CIO) says that home computing will eventually need to be incorporated into business environments.

Even though Ridley sees his company gradually allowing more personal devices into its network, he knows that security is a daunting task that requires adherence to universally accepted standards.

“Where we are now, we have a hybrid model,” he mentions, “but making sure there are compliance models is a big thing, and is becoming big business.”

Ridley actually doesn’t seem to really understand the BYOD debate, saying that it’s already as ubiquitous as the requirement for workplace parking. The obvious question then, is, why is it not a policy at Reed?

Bring Your Own Caution with Cloud VMs

BYOD is not really that great of an idea. In fact, it’s an awful one.

Employees don’t want to have to donate their own device to their workplace. IT leaders don’t want to have to conquer the exponentially more complex security challenges. Convenience and flexibility should always take backseats to security. Saving a few bucks on mobile devices for employees is also not a valid reason to adopt this policy.

Look at all the recent high-profile hacks. Security is critical throughout all aspects of IT.

When you want a cloud virtual machine, make sure it is governed by internationally recognized standards, as ours are.

By Kent Roberts

Donate Your Own Device: Both IT and Employees Agree that BYOD is DUMB

  • Business Talk
  • Cloud
  • Security
  • Technology

IT dislikes it because it’s a security nightmare. Employees dislike it because now yet another organization has its fingers in the pie of its personal electronics. Why is BYOD hailed as such a great idea?

  • BYOD? IT Says Slow Down
  • No BYOD at For-Profit Company
  • No BYOD atLocal Government
  • The Value of Controls & Standards

BYOD? IT Says Slow Down

Seven out of ten IT decision-makers (70%) want to wait for third-platform technology to mature and to prove its data-protection capabilities rather than immediately incorporating BYOD into the office, says an analysis by UK tech publication Computing . More people have been converted to the cause, though, since eight out of ten (80%) were anti-BYOD in the magazine’s 2012 poll.

One in two (50%) think that in 2018, they will still be against an open-access network policy that incorporates whatever smartphone or laptop the employee is using when they walk in the door. Why do just three in ten currently say it’s OK to allow ultimate freedom to the individual user now (and really, who cares about any optimism toward three years from now)?

Data protection is fundamental to this debate. Mobility and the immediate concern of on-the-go security have been of increasing concern to big business since the first appearance of the iPhone in 2007. That’s part of the reason that you see mobility – along with big data analytics, cloud computing, and social networking – listed as one of the four pillars of the new wave of computing, the so-called third platform .

Because of the rise of smartphones and tablets, explains Computing’s Peter Gothard, mobility monitoring solutions such as Airwatch and Good have cropped up to provide some method to the madness.

However, companies like cutting costs by using employee-owned devices, and marketing the notion of phone choice can potentially help with recruitment.

No BYOD at For-Profit Company

You want everyone in the company to be proud of the workplace culture, argues Reed.co.uk CIO Mark Ridley.

Reed, a staffing company, is conducting a complete review of the technology that accesses its intranet – looking at all computers rather than just mobile, which it protects using Airwatch.

“The next step is how we could do this with a choose-your-own-device policy, augmenting the choices you make with our own funding,” says Ridley.

As of right now, though, Reed does not allow people to use whatever equipment they want.

So that employees don’t start to become convinced that they work for an Amish firm, the company has attempted to strike a compromise: slightly more than 50% of the workforce carries Google Chromebooks that are kept in recharging compartments.

Employees will grab one on the way to the conference room or to work on a project over a lunch break.

In addition to the Chromebooks, Reed now has a fleet of iPads for when people don’t want to lug around a PC.

“Bring your own device” initially meant that people wanted to be able to check their email with their phones. Now it’s become integrated into operations.

Gothard said that people want to work at companies that have cool equipment, giving the example of young computer scientists feeling unsure about a company that doesn’t have its own data center or otherwise remind them of the private network with four monitors they have running in their basements.

It would be great if everyone could have 100% computing freedom, says Ridley, provided that basic business standards – cost, security, and efficiency – are met.

In fact, it’s too simple to assume that everyone wants BYOD. Many employees hate the idea because they want to be able to separate their personal and professional lives.

“If you look at a lot of people, they’ll walk into a meeting room with two phones,” Ridley explains. “They like that segregation, and they want to keep working that way. ”

No BYOD at Local Government

The county government of Shropshire Council (in the West Midlands of England) closed the door to BYOD in December 2013, according to IT director Barry Wilkinson. He said it was simply too challenging to fit limitless devices within the mechanisms of the Public Services Network, the essential platform of the United Kingdom’s public sector.

Wilkinson says that he and his colleagues talked about how it should be called DYOD for “donate your own device,” since the organization is pulling every employee’s personal electronics into its clutches like a hoarder with junk mail.

Wilkinson fretted about taking home his own tablet, putting a bunch of personal images on it, and then having to clear out all the data if it were stolen. He hated the notion that someday he might have to do the same to a coworker’s mobile device.

“That’s not a nice element to have to patrol,” he comments.

To read Part 2 of this article, please click HERE.

The Value of Controls & Standards

Nobody wants another organization latched onto its device, with creepy access to personal data. Meanwhile, the IT team doesn’t want to have to deal with the borderline impossible complexity of infinite choice. BYOD is dumb. Let’s talk about solutions that make more sense: cloud virtual machines based on internationally recognized standards.

With Superb Internet, get your own cloud VM, one that is delivered via international parameters you can trust, through three world-class SSAE 16 audited datacenters.

By Kent Roberts

How to Prevent Shadow IT by Fostering Three Values

  • Cloud
  • Events
  • General
  • Security

Hacker

If you want to prevent employees from casting IT shadows at your organization, focus on enablement, transparency, and partnership.

  • Everyday Cloud Use & the Clinton Scandal
  • A Struggle for Control
  • Value #1 – Enablement
  • Value #2 – Transparency
  • Value #3 – Partnership
  • Providers Who Share Your Vision

Everyday Cloud Use & the Clinton Scandal

Here is what is great about the cloud: employees have immediate access to a broad range of productivity software and essentially limitless resources delivered through multiply redundant virtual machines, without having to clear everything with IT. Here is what is not so great: employee have immediate access without having to clear everything with IT.

The recent case of Hillary Clinton operating her own private email server out of her house for official State Department correspondence has brought the concept of shadow IT into the light. While cloud-delivered software-as-a-service (SaaS) apps such as Dropbox seem to be (by far) the most prevalent form of shadow IT, Clinton’s system similarly existed outside the infrastructure of her institution.

As we pointed out in our exploration of the Clinton case, Shadow IT is incredibly prevalent. It’s so prevalent, in fact, that Gartner Research analyst Simon Mingay argues we should “engage with [shadow IT] and adopt practices that will exploit it as a delivery mechanism, albeit with some guardrails and clarification of accountability to mitigate the risks and enhance the value.”

In other words, you don’t have to outlaw shadow IT but can scale it back using enablement, transparency, and partnership.

A Struggle for Control

IT used to be completely in charge of computing within the enterprise. No matter what department people were in, the IT department was the only way for them to get the services they needed.

The flexibility  and deployment simplicity of cloud have accelerated shadow IT. As suggested above, it’s too easy to say that it’s negative.  As Anjali Acharya suggested in Forbes​BrandVoice, SaaS tools allow employees to optimize speed and efficiency while not having to wait for a green light from IT.

Shadow IT results in “application sprawl” as various departments go out and get something that makes sense for their immediate purposes.

Plus, too often, productivity trumps security. In fact, a survey conducted by Skyhigh for the Cloud Security Alliance determined that leadership at more than three out of every four companies consider cloud security to be a top business priority.

Based on conversations with two CIOs, Acharya gleans three values to foster in the interest of creating a proper balance between employee agility and proper data management.

Value #1 – Enablement

NetApp CIO Cynthia Stoddard believes that the role of IT leadership is “to provide technology frameworks and an operating model to facilitate but not throttle innovation.”

Stoddard decided that the best approach currently available to meet that objective is a hybrid cloud. By deploying a hybrid cloud (a blend of public and private systems), Stoddard’s team created an environment that is ideal for self-servicing and collaboration. Rather than excising the accounts and applications of shadow IT, she pulled it under the umbrella. Now, the workforce is less inclined to dodge IT to meet its needs.

Value #2 – Transparency

Many people’s eyes glaze over when you start to talk about computing. Part of the reason is because IT has a lot of jargon, and the human element seems stripped away from the code and machines. Do your best to find common ground by being transparent.

“If you can be open and transparent and say, ‘Hey, I need to change,’’’ Stoddard argues, “you’ll have a better relationship with your users.”

With the rise of cloud computing, Stoddard’s perspective toward IT has adapted. She now sees it as made up of three components:

  • · IT controlled by business divisions
  • · IT controlled by IT
  • · IT with shared control.

While you won’t control all the systems in the model advocated by Stoddard, you can provide information to all users so that everyone is dedicated to reasonable guidelines.

Value #3 – Partnership

You want your organization’s technological environment to be characterized by partnership rather then “we-they” infighting.

Give your users access to the services and resources that will help them excel, and don’t obsess over security upfront, says RedHat CIO Lee Congdon. Rather, manage new ideas within test scenarios.

Congdon says that he now tends to think of employees on the business side as problem-solvers. When a new application or infrastructural approach is identified, the department looks it over and determines if it makes sense from a business perspective. Once that aspect is satisfied, IT reviews the solution by price-checking, running a risk assessment, and evaluating potential challenges of integration.

If the tool passes from both a business and IT standpoint, it is incorporated.Once they start seeing IT as ‘on their side,’ Congdon explains, “business users will have increased confidence in IT’s platforms and apps.”

As Congdon sees it, your main goal is to keep communication channels open. Neither side should want to point fingers when issues arise because you’ve created a culture of mutuality.

Providers Who Share Your Vision

To tackle shadow IT, you want the business side to appreciate the tech side for its consultative expertise characterized by values of enablement, transparency, and partnership.

If you want to consistently deliver on those values, it’s best to work with providers who share your vision. At Superb Internet, we are a customer-centric IaaS provider that forms transparent partnerships with our clients to enable their success.

By Kent Roberts

The Shadow of Hillary Clinton: Large and Small Cases of Shadow IT

  • Cloud
  • Events
  • Security

Hillary Rodham Clinton is being scrutinized for her use of a private email server, which represents shadow IT on a grand scale. Shadow IT, though, is a challenge for every business.

In case you have been under a rock for the past week, a rock underside lacking political news, Hillary Clinton did not use an official United States government email address when she was the Secretary of State. She forewent a state.gov address in favor of buying the domain ClintonEmail.com, which she ran through a physical server at her New York home, reachable (assumedly) via sweetkisses4u@clintonemail.com.

Slow, Steady Growth of the Shadow

If we can step aside from the politically loaded event to view it as a technical lesson,  said Larry Dignan of ZDNet, the Clinton scandal is a perfect example of the problem presented by shadow IT. It occurred to many of us when we read about Clinton that no low-level bureaucrat in the government would get away with saying they wanted to do email themselves: “It’s cool guys, you can reach me at WeirdDomainIJustBought.net.” That probably would not fly at the DMV.

That brings up an important point: shadow IT often arises when the IT people are hesitant to say no to top brass.

Shadow IT has been building in the business world for some time. Executives have been deploying their own cloud software (SaaS). Developers have their card on file with one or more cloud virtual machine providers (IaaS). The gradual encroachment of the shadow began innocently enough: “It started with an innocuous printer under a desk,” remarked Dignan. “Then went to a server. Then smartphones to cloud services. People bring their own devices, apps and business practices with them to work.”

The Case of Clinton

Clinton used her own email service while she was the Secretary of State, according to an Associated Press report published March 5. It looks bad. It looks ridiculous at the very least, probably irresponsible, and possibly illegal.

The laws that govern federal records were updated while Clinton held the Cabinet position – nine months after she was sworn in, in October 2009. The new regulations dictated that whenever federal employees were using outside email systems, all communications had to be backed up within federal databases. It appears that Clinton became noncompliant at that point, but it doesn’t seem she was doing anything wrong legally when she set up the email account.

Perhaps she didn’t want the NSA to be looking over her shoulder quite as much. Perhaps she needed to set up secret trysts with John Boehner at interstate rest stops. Only the shadow knows.

Ladies and gentlemen of the jury, certainly Clinton must fully explain herself and submit repeatedly to full-body cavity searches. However, from a shadow IT perspective, this is a classic case:

  1. The C-level leadership often gets what it wants regardless if it is smart IT.
  2. It seems crazy that Clinton was using her own server, but that’s better than using a public service; many people break company policy by using Gmail.
  3. Right and wrong, ease trumps security every day, whether we are looking at a homespun mail server or an unauthorized Dropbox account.

Speaking of Dropbox

Clinton is not the only one lurking in the shadows of IT. The Wall Street Journal recently covered the case of shadow IT at Ebsco Industries. Each week the company’s CIO, Mike Gorrell, gets a marketing email from Dropbox asking if he would like to transition the 400 users on his workforce with individual Dropbox accounts to a single business account.

Dropbox and other software-as-a-service vendors are aware that many of their corporate users could be better served by an umbrella account. However, according to the WSJ, “The  emails — guerilla marketing for the Shadow IT age — are like salt in the wounds for CIOs trying to prevent employees from using unauthorized cloud services for work.”

Shadow IT has certainly become more prevalent in the age of the cloud. Developers use cloud virtual machines to build new projects, often without seeking approval from IT. Many companies have bring-your-own-device (BYOD) policies that incorporate tablets and phones, but mobile access is sometimes unauthorized as well. A service like Dropbox can be set up on a device as a quick way to share files with users anywhere; and it is incredibly popular, with 300 million users. In all these instances, convenience is prioritized, and IT leadership rightly worries that they’re losing control of security.

Strength in the Shadow

Shadow IT is on the rise, as employees have realized they can immediately solve issues of storage, access, and even resources by using cloud systems, according to a 2014 Gartner report by Simon Mingay. Mingay commented that IT chiefs should step in if their employees are using technologies that “threaten to compromise the company’s privacy, security, compliance and business continuity practices” (paraphrased in WSJ).

Working with Strong Providers

If your IT leadership is hands-off, you may want to consider allowing all your employees to have their own email servers set up in their family rooms. However, you may have a more measured approach, like that of Gorrell: “You can fight [shadow IT], or embrace it and try to influence it,” he told the Journal.

The best way to influence it is to work with a provider that has a proven track record of upholding privacy and security standards: Superb Internet.

By Kent Roberts