Tag Archive for Dropbox

Are Firms Ignorant About BYOD Issues?

Are Firms Ignorant About BYOD Issues?Enterprises are being ignorant towards the issues BYOD is causing to their business says backup vendor Acronis. James Rawbone, Senior Partner Account Manager EMEA, Enterprise Mobility Solutions at Acronis, shared his opinions with Desire Athow at ITProPortal on why and how enterprises are being ignorant towards BYOD issues.

Acronis logoThe Acronis 2013 Global Data Protection Trend Report developed by the Ponemon Institute identified five surprising BYOD trends:

1. There are big gaps in secure BYOD policies across organizations. The Acronis survey found that 60% of businesses have no personal device policy in place, and those with policies 24% make exceptions for executives, who are most likely handling the most sensitive corporate data. As a result, these organizations are increasingly vulnerable to data loss and serious compliance issues.

2.Simple security precautions are not being adopted. The survey found only 31% of companies mandate a device password or key lock on personal devices, and only 21% do remote device wipes when employees leave the company, drastically increasing the risk for data leakage.

3.Businesses underestimate the dangers of public clouds. The researchers report that corporate files are commonly shared through third-party cloud storage solutions such as DropBox, but 67% of organizations don’t have a policy in place around public clouds and 80% haven’t trained employees in the correct use of these platforms.

compatibility and interoperability are still big obstacles4.The growth of Apple (AAPL) devices is complicating BYOD security for administrators. 65% of organizations will support Macs in the next year, and 57% feel compatibility and interoperability are still big obstacles to getting Macs compliant with their IT infrastructure. This puts data stored and shared across the corporate network and on Apple devices at risk.

5.Some organizations are ignoring the benefits of mobile collaboration altogether. More than 30% surveyed actually forbid personal devices from accessing the network.

 tight budgetsMr. Rawbone sees two reasons organizations are not educating or training their employees on the risks of BYOD. First is time and money. Most companies have tight budgets across the board and in particular within their IT department, as well as their overall staffing. The second excuse for not training their staff is that they are unaware that their staff is using these solutions, or they are turning a blind eye to the issues effect their corporate data and overall IT infrastructure.

The Acronis Senior Partner told ITProPortal there are legal and compliance issues associated with BYOD; but generally BYOD can be adapted to each compliance regulation and rule. The main concern of BYOD is data protection and ensuring that as employees bring devices to-and-from the workplace, confidential corporate data is adequately protected while remaining easily accessible. An important part of data protection, often not addressed by BYOD strategies, includes ensuring that information and records comply with privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), as well as specific industry and regional privacy regulations.

data protection Mr. Rawbone concludes by reminding the author that the important thing every business needs to remember is that mobile devices can be replaced for a small cost in comparison to having your confidential data stolen and used incorrectly.

Companies need to embrace technological evolution and look at the business benefits of BYOD. Otherwise, he claims they will be facing some serious network and data issues and worst of all potentially facing some legal problems in the coming future.

mobile device security policyCreating a mobile device security policy doesn’t have to be complicated, but it needs to encompass devices, data, and files. The article lists a number of simple things organizations should do, like require users to key-lock their devices with password protection. 68% of those surveyed use VPN or secure gateway connections across networks and systems, and 52% use Microsoft (MSFT) Active Directory and/or LDAP. The simplest place to start is to use device key-lock and password protection.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Cloud Storage, Back-Up Bust

Cloud Storage, Back-Up BustIt is heady times fans of cloud storage these days. In case you haven’t been paying attention, the cloud file storage corner of the IT universe has heated up for the past couple of months. Dropbox, Microsoft (MSFT), Google (GOOG) and Apple (AAPL) have been leapfrogging each other in an apparent effort to buy mind-share.

Dropbox recently announced that its Dropbox Pro plan will now offer 1TB of capacity for $9.99 a month, or $99 for a full-year subscription. Paul Mah at FierceCIO says this is a significant reduction, especially when recent monthly Dropbox Pro storage prices were:

  • Dropbox logo$9.99 for 100GB,
  • $19.99 for 200GB, and
  • $49.99 for 500GB of storage.

Mr. Mah, says the latest move by Dropbox allows them to stay on par with the latest price cuts from Apple iCloud in September, Google Drive in June, and Microsoft OneDrive in May.

In September Apple updated its porous iCloud storage plans. CNET says the basic 5 gigabytes of storage remains free, though prices for paid tiers were significantly reduced and larger storage options were made available. CNET says the new monthly iCloud storage costs are:

  • Free for 5GB,
  • $0.99 for 20GB,
  • $3.99 for 200GB,
  • $9.99 for 500GB and
  • $19.99 1TB

Previously, 10GB of storage would have cost $20 per year, 20GB for $40 per year, and 50GB for $100 per year.

At Microsoft, the cloud-based file storage game also changed. According to Redmond Magazine, the improvements include a new file load limit (10GB max), an easier way to share links to OneDrive folders, and support for folder drag-and-drop operations using the Google Chrome browser. Microsoft is also working on speeding up the synchronization of files with OneDrive. The updated per month prices for OneDrive are:

  • Microsoft One DriveFree for 15GB,
  • $1.99 for 100GB,
  • $3.99 for 200GB,
  • $5.99 1TB

In an attempt to trump MSFT, Google released Google Drive for Work, a paid service targeted at business users and priced at $10 per user per month. FierceCIO noted that the new service offers unlimited storage, the ability to upload files of up to 5TB in size, and access to productivity apps such as Docs, Sheets, Slides, Hangouts, and Sites. Importantly, Google also announced that files uploaded to Google Drive can be encrypted, and will stay that way while in transit or when at rest on its servers. Here are the current prices per month for Google Drive space pace according to CNET:

  • Google DriveFree for 15GB,
  • $1.99 for 100GB,
  • $9.99 for 1TB,
  • $99.99 10TB,
  • $199.99 for 20TB and
  • $299.99 for 30TB.

Mr. Mah argues that price drops are good news for consumers. The extra space would certainly be useful for users who rely on it for long-term file archives or backing up large local files. The author correctly argues that 1TB of online storage does not deliver the same value to business users. The reason is simple: cloud storage is a terrible backup solution for large volumes of data, especially if you need to get it back quickly.

Mr, Mah observed that cloud storage vendors do not share information about any guaranteed uploading or downloading speeds when using them. This is noteworthy considering that 1TB of files can take a really long time to transfer over the Internet.

He explains that downloading 1TB worth of files with zero data overhead–which is impossible, across a reasonable 10Mbps broadband connection would take over 222 hours, or close to 10 days of continuous downloading. You can be assured that real-life conditions on your broadband connection would likely mean that this is at least doubled or even tripled.

And that’s assuming that the cloud service provider isn’t experiencing any congestion on its end, which is not something that cloud vendors are offering any guarantees on. Notwithstanding that, you can check out this nifty online calculator.

So while there is no question about the value of cloud storage for data synchronization across multiple devices, it is important for businesses to understand that the cloud just isn’t ideal for data backup. Mr. Mah concludes that users should use their 1TB of cloud space for all its worth, but users and firms need to do proper local backups for important files, as well as those that need to be restored quickly.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Is Your Data Safe From Gen Y?

Is Your Data Safe From Gen Y?Fortinet (FTNT) released a new study that says that most Gen Y staff members are thwarting their employers’ Bring Your Own Device programs. Fortinet surveyed 3,200 employees between the ages of 21 and 32 on their attitudes and practices around BYOD and found that 51 percent of respondents said they would ignore formal BYOD policies at their organization.  “It’s worrying to see policy contravention so high …” Fortinet VP of Marketing John Maddison said in the study report.

Gen Y staff

Gen YThe same Fortinet survey revealed that 55 percent said they have been the victims of cyberattacks on their desktops or laptops. The respondents noted that those attacks had affected their productivity and potentially cost them corporate or personal data.

FierceCIO provides another example of staff’s cavalier attitude towards data security from Symantec. According to the Mountain View, CA-based Symantec (SYMC) when it comes to corporate data, employees who feel like they live in a “finder’s keepers” environment, Robert Hamilton, Symantec director of information risk management said. The firm surveyed workers in the U.S. about taking corporate data outside of the workplace if they would use company information in another job and their views on whether that constituted stealing. FierceCIO reports the results of the survey, were not encouraging to IT security professionals and IT management.

Finder’s keepers

  • Data theft40% of employees download work files to personal devices,
  • 40% of employees plan to use old company information in a new job role,
  • 56% of employees do not believe it is a crime to use a competitor’s trade secrets,
  • 68% of employees say their company doesn’t take proper steps to protect sensitive information.

Mr. Hamilton summarized, “The attitude is that ownership lies with the person that created it, not with the company that employs them.” He says companies need to do a better job of safeguarding data from employees, especially with the growing popularity of BYOD. Symantec noted,

Only 38 percent of employees say their managers view data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies

File sharingA survey by mobile file-sharing app provider Workshare provides more evidence of how employees flaunt IT policies by using free file-sharing services to store and share corporate documents from their mobile devices. FierceMobileIT reports that the firm’s survey revealed that 81% of employees access work documents from their mobile devices. A disturbing 72% of workers are using free file-sharing services without authorization from their IT departments.

Fiberlink recently conducted a survey of its customers about what apps they are blacklisting and whitelisting. DropBox appeared at the top of the blacklisted apps lists for both Android and iOS devices. Commenting on the results, Fiberlink CEO Christopher Clark told FierceMobileIT: “I think there are other ways besides DropBox or Box to do apps and content management.”

personal USB devicesWork documents on personal devices

Another survey, conducted by Ipsos MORI for Huddle found that 91% of U.S. office workers store work documents on personal devices, such as USB drives, and 38% store documents on consumer file-sharing services.

FierceMobileIT reports that Dropbox is the most used consumer file-sharing service for work document storage and sharing.

Patrice Perche, Fortinet’s senior Fred Donovan VP for international sales and support, said in the report:

This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage, and soon the adoption of new connected technologies. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed.

FierceMobileIT’s Fred Donovan warns that enterprises need to educate their employees to combat the security risks of using consumer file-sharing services. He also says that employers need to offer enterprise-sanctioned file-sharing alternatives. Otherwise, employees will continue to bypass IT policies and put corporate data at risk. Symantec’s Hamilton told FierceCIO that firms need to undergo a cultural shift if they are going to win the battle of protecting their assets from their own staff.

rb-
Sharon Nelson at Ride the Lighting sums up my thoughts on the BYOD thing.

I have never understood the arrogance of this attitude or the failure to appreciate that employers have a duty to impose rules to protect client/customer/proprietary data./proprietary data.

It is common for each succeeding generation to despair of the generation that follows it, but I confess to a certain amount of despair for a generation that is so tied to their mobile devices that they cannot balance their desire to use their devices with the duty owed to the employer to keep work data secure. In a world where young folks cannot seem to keep from checking their phones at weddings and funerals, I guess it is no wonder that they see nothing wrong with willfully disobeying rules imposed at work.

What do you think? Is your data safe from Gen Y staff?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Dropbox Adds AD for SSO

Dropbox Adds AD for SSO

When people talk about the consumerization of IT, Dropbox is invariably part of the discussion. Dropbox, like Box, Google DriveMicrosoft SkyDrive, and others is a cloud-based storage system that enables users to sync and share files. This can and often is done without IT intervention, potentially putting sensitive data at risk or organizations out of compliance according to Debra Donston-Miller at InformationWeek.

Dropbox logoHoping to land some street cred with corporate IT, the consumer cloud file storage leader Dropbox, rolled out Dropbox for Teams, with security tweaks designed to give companies more control over what their users do with Dropbox, (which I covered here).

Now Dropbox has announced a rebranding, from “Dropbox for Teams” service to “Dropbox for Business” with an eye toward business and its IPO. So it is taking notice of existing enterprise authentication infrastructure to grow its customer base into authorized corporate use.

existing Active Directory infrastructures, and leverage things like secure sign-on.The InfofWeek article says Dropbox will now add single sign-on (SSO) capabilities to its Active Directory integration and is working with several partners to ease that integration. “Active Directory is really core to IT architectures, security and compliance strategies,Kevin Egan, Dropbox VP of sales, told InformationWeek. “It lies at the heart of security, so we’re going to make it a lot easier for customers to plug into their existing Active Directory infrastructures, and leverage things like secure sign-on.

Thomas “Tido” Carreiro, growth engineering lead for Dropbox, explained in an interview that the integration with Microsoft’s Active Directory will let companies use the work they have already done in setting security and authentication policy. This helps end-users and admins alike, he said. “It’s good for the end-user not to have another password to remember — they can just use what they’re familiar with”

set up two-factor authenticationMr. Carriero also claims the new Dropbox for Business will be good for IT Pros. “Admins can set up security policies depending on the nature of the data being stored, and they can do things like set password requirements, reset passwords as often as they’d like, set up two-factor authentication, set up other kinds of authentication — whatever they have decided on for their business.”

According to Dropbox’s Egan and Carriero, the firm will provide SSO out of the box. Dropbox SSO uses the industry-standard Security Assertion Markup Language (SAML), so it will also integrate with any large identity provider companies are using or with companies’ own SAML-based federated authentication systems. DropBox SSO partners include Ping Identity, Okta, OneLogin, Centrify, and Symplified.

The author notes that Dropbox has some pretty stiff competition in the cloud-based storage space, including no less than Google (GOOG) Drive, SugarSyncApple’s (AAPL) iCloud, Box,net, and Microsoft’s (MSFT) SkyDrive. But the SSO integration with Active Directory is an important step forward in making Dropbox a corporate tool, and not just a tool for consumers.

rb-

The producers of these consumer-targeted technologies need to recognize that for deals in tens of thousands of seats, firms like Dropbox, Box, and Evernote need to offer those of us charged with protecting the firm’s assets assurances about security, privacy, and integration with Microsoft Active Directory.

Despite that, Box Enterprise GM Whitney Bouck also told CITEworld, “The premise of Box is to make it super-easy to share, communicate, and collaborate … At its most open, there should be as few controls as possible.”

attackers to penetrate accounts used by DropboxAnd then there are the security breaches. In 2011, Dropbox accidentally pushed a code update that introduced a bug into the company’s authentication mechanism, allowing third parties to log in to user accounts and access files. Last year, hacks at other Web sites allowed attackers to penetrate accounts used by Dropbox employees, including a document from which they may have been able to harvest email addresses. In August, those email addresses were apparently used to send Dropbox users spam.

Related articles
  • Get 7GB of Free Cloud Storage from Microsoft (savings.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Dropbox Warms Up to Corp IT for IPO

Dropbox Warms Up to Corp IT for IPOIn preparation for its IPO, Dropbox is warming up to corporate customers reports InfoSecurity. the general consensus about Dropbox within the business community is that it is an excellent service, but lacks security. Data breaches, a lack of visibility into and control over how stored and shared files are used make the app seem insecure to many corporate users. GigaOM points out that large companies, including IBM (IBM), forbid its use. One of the criticisms, InfoSecurity cites is that employees leaving the company (either through termination or leaving to join a competitor) will automatically take any potentially sensitive files stored in their Dropbox accounts when they leave the company.

Dropbox logoThe new Dropbox Team (the corporate multi-user offering) dashboard seeks to make that more attractive. This paid-for service costs $795 per year for 5 users plus $125 for each additional user. The new dashboard provides the team leader with greater visibility and control over which members can access individual files, and what they can do with those files. In particular, if a team member leaves the company or just the team, access to the stored files can be immediately blocked.

These new features do not prevent an employee from opening a separate personal account and using that to exfiltrate sensitive files. However, InfoSecurity claims they make it more likely that it would be a planned (and probably illegal) act. Unfortunately, the greater part of the shadow IT use of Dropbox is likely to occur simply because the staff is seeking to make their jobs easier and more efficient. By providing an official Dropbox Team account, the need to bypass security becomes less pressing. Dropbox will benefit from increased income while business benefits from increased control.

two-factor authenticationA second new security feature within the new dashboard is the ability for the team leader to insist on and ensure the use of two-factor authentication by the team members. Optional two-factor authentication was announced by Dropbox last July. It followed the breach involving users’ re-used passwords. “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” announced the company at the time. Two-factor authentication can solve this issue, and the team leader can now insist upon it and ensure that individual team members do not subsequently turn it off.

It is possible that this improvement to the corporate Dropbox may be the start of preparation for a Dropbox IPO. IDC estimates that the enterprise file-sharing market will be worth $20 billion by 2015, and Dropbox is currently valued at around $4 billion.

we just want to make it easier for IT to say yesOver 2 million businesses have people inside them using Dropbox. It’s already pervasive, we just want to make it easier for IT to say yes to those people asking for Dropbox,” Sujay Jaswa, VP of business development for Dropbox said in an interview with GigaOM.

Among business accounts, GigaOM says Google (GOOG) is getting traction with the Google AppsGoogle Drive combo and Microsoft (MSFT) integrates SkyDrive storage with Office and Windows 8. Box, the company most associated with Dropbox-of-the-Enterprise, touts its support of all client devices but targets larger companies including Netflix, Dow Chemical, and Procter & Gamble.

rb-

Other competitors in the Dropbox-of-the-Enterprise niche are Accellion’s kitedrive, Egnyte, GroupLogic’s activEcho, SurDoc, and ownCloud. Still, it’s hard not to see all these rivals battling it out for the same paying business customers down the road.

At $125 per seat it seems awfully expensive, is it good enough for corporate IT to warm up to Dropbox in time to save its IPO?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.