July 19, 2012
Even as more companies implement some type of cloud computing at the enterprise level, most companies are timid when it comes to allowing employees to control what aspects they use, according to a study from a data security company. Even as companies shift to bring-your-own-device (BYOD) and service (BYOS) models, many commonly-used services remain off limits.
Tops on the no-fly list came file-synchronization services based in the cloud, with 80 percent of respondent companies refusing to allow employees to use them. For many of the companies, banning the use of the services was more a matter of control than one of function. Seventy percent of those surveyed claimed they would use the services if they were as "robust" as similar tools available for internal use.
Chief among the holdups that organizations cited in the study were two stalwarts of the BYOD and BYOS eras: cloud data security and compliance. Fears over the ability to control and protect the flow of data were a major issue standing in the way of turning toward publicly available services.
To ensure better data protection and keep employees off of public cloud-based services, 59 percent of responding organizations turned to employee policies and other more technical blocking techniques designed to "stem the tide of enterprise files spilling onto external servers and devices," according to the study. A further 20 percent rely simply on institutional policies to keep data under control, despite the fact that many employees may be going against the policies and circumventing the preventative measures.
"Even organizations that block these services may have employees using them when they're not connected to the corporate network, breaching the defenses of a corporation and introducing a host of new vulnerabilities," the vice president of strategy for the company conducting the study told Tech Central.
Employee devices are accepted in many businesses where they might not have been even a few years ago. Because of that, the pressure falls on companies not just to secure the devices, but the data that lands on them. In fact, some in the mobile device management industry believe that it comes down to managing and ensuring the security of applications to protect the data, rather than the devices themselves.
"If the corporation owns the device, it should manage that device," Alan Murray, a senior vice president at mobile device management company Apperian, told Computerworld. "When is it valid to manage the application? Always."
-McAfee Cloud Security