Mobile IoT Authors: Pat Romanski, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan, Elizabeth White

Related Topics: @DXWorldExpo, Mobile IoT, Linux Containers, Containers Expo Blog, @CloudExpo, Cloud Security

@DXWorldExpo: Blog Post

The Major Cloud Security Threat By @Intermedia_Net | @CloudExpo [#Cloud]

Eighty-nine percent of knowledge workers retain access to the sensitive corporate applications and files of former employers.

The Major Cloud Security Threat Most IT Departments Overlook

Eighty-nine percent of knowledge workers retain access to the sensitive corporate applications and files of former employers.

Earlier this year, a member of the team at Site-Eye, one of the top time-lapse film companies in the UK, noticed a disturbing problem with one of its client's feeds. A deeper investigation revealed that of the 200 cameras it had installed at construction sites around the world, 120 had been remotely disabled. In order to restore service to these cameras, engineers needed to be dispatched to each location, setting Site-Eye back $80,000.

The cause behind the problem? A single disgruntled former employee who walked away from his job with the passwords to the company's services in-hand.

This is an issue that is far from isolated to the time-lapse film industry: it's actually a risk for any business that embraces the cloud.

A not-so-silver lining
Cloud services do more than just increase flexibility and scalability: they level the playing field by enabling small and medium-size businesses to leverage the same technology as enterprise companies. Businesses are showing increasing comfort with cloud-based services, and so are users. This has created the "Bring Your Own Service (BYOS)" trend, in which employees deploy the cloud services that they're most familiar or comfortable with, sometimes without IT's permission and often without IT's awareness.

This is one reason why it's becoming increasingly difficult for IT to control who has access to what data-and why stories like the Site-Eye sabotage are becoming increasingly common.

14.3 apps per company

According to Osterman Research, the average company has deployed 14.3 apps. (To me, that number sounds too small, even if it doesn't include apps provisioned without IT's knowledge.) Regardless, it's no surprise that employee turnover is now introducing a new IT risk: ex-employees that retain continued access to their former employer's sensitive cloud apps.

In fact, a separate study from Osterman Research found that a staggering 89% of knowledge workers retained at least one login and password to a former employer's cloud service, including Salesforce, PayPal, Dropbox, and others.

To make matters worse, 45% of the respondents to the Osterman Research survey considered the information they could access from their former employers to be "confidential" or "highly confidential." And 49% admitted to logging into one of these accounts after leaving a company.

I call this "rogue access." The FBI calls it "insider threat cases": they recently announced that this risk poses "a significant cyber threat to US businesses," noting that "...victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees."

Three ways to mitigate your risk

This vulnerability creates risks that are potentially devastating for a business. These include the potential for stolen secrets, loss of data, data breaches, regulatory compliance failures, and, as in the case of Site-Eye, out-and-out sabotage.

However, there are three steps companies can take to regain control over their data and their access:

1. Establish stringent access management and IT off-boarding practices. Osterman Research found that 60% of the employees that participated in its survey were not asked for their cloud logins by their employers. Formal on-boarding and off-boarding policies are critical and must be implemented for every employee and every app.

2. Offer cloud storage services that are more attractive than personal alternatives. IT obviously is unable to revoke access to data on personal storage. However, 68% of the employees in Osterman Research's study reported using personal file storage services-including Dropbox and Google Drive-to store corporate files or transfer them to other devices.

Not only does this enable employees to retain access to these files after leaving the company, it also creates the risk of losing the only copy of a critical file if the former employee simply purges their personal file storage folders.

If companies offer easy to use options that also provide IT with full access and control, employees will be less likely to sidestep it, and employers can avoid these serious risks.

3. Leverage a single sign-on (SSO) service to improve visibility into employee access. An SSO portal allows employees to securely access all of their apps with just one click, using one strong password. This improves security because employees are more likely to use strong passwords if they don't have to commit them to memory. In addition, SSO gives IT visibility into which apps a departing employee had been using, providing a much better picture of which accounts need to be transferred or terminated.

The "ex-employee menace" is a very real problem, but also a preventable one. If IT departments institute and adhere to these three crucial steps, they can enjoy the benefits of cloud applications without incurring the potential risks.

More Stories By Michael Gold

Michael Gold is the President of Intermedia, a leading one-stop shop for cloud IT. You can learn more about the dangers of rogue access in Intermedia’s report, The Ex-Employee Menace. You can also download their IT off-boarding checklist and best practices for IT access. Follow Intermedia at @intermedia_net.

IoT & Smart Cities Stories
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.