In the news for more than politics this time, this Romney story caught my eye. I don’t know if it amounted to much lost data or sensitive information for Mitt, but it certainly reinforces the inherent risks of cloud storage outside of your control. Unfortunately, this is not the first, and will not be the last headline like this.
Anybody can be the victim of password phishing, but what this really comes down to – at least for enterprises — is that in your ownCloud you can use the exact mechanisms which protect your other systems to keep you safer. So if you ask for 10 characters or more and 3 numbers in your password, you are going to get that. And if you require a password change every 4 months, you are going to get that as well. And, — well, you get the point. Your file synch and share tools should have the same compliance, same audit, same precautions as with any other data you store. In this case, this would have helped solve the problem.
Look, in case you didn’t know it, it’s the wild West out there and it’s only going to get wilder. Millions of people are buying devices, installing cool new services like GDrive and Dropbox, and bringing their own devices into their companies. In an effort to make their jobs easier, employees are taking previously carefully protected corporate data and opening it to anyone with a six shooter and black hat. IBM gets it. So do most security experts and analysts.
The problem is, these tools have – arguably — made the work, and personal lives, of employees significantly more productive. How do you take them away?
That’s the quandary IT finds itself in. Previously, IT controlled both the backend servers and clients. That kind of control is either not possible or is seen as draconian. Plus, let’s face it, when people need to accomplish something (like get access to data) they find a way (3G anyone?). So rather than clamp down on these productivity tools or try in vain to control the mobile devices (laptops included), we believe data security should reside on the server, and be controlled from the server.
So build your OWN cloud, use your current data protection tools and schema and take charge of your data.