Bring Your Own Service, or BYOS
Research conducted by Varonis Systems Inc. has found that while eighty percent of companies do not allow their employees to use cloud based file synchronization services, seventy percent said they would use these services if they were as robust as internal tools. For the research, decision makers were interviewed about the emerging shift from Bring Your Own Device (BYOD) to Bring Your Own Services (BYOS).Having brought their own devices, the Bring Your Own Device (BYOD) end-users are now bringing their own services into the enterprise as well. In the latest development of the Bring Your Own Service (BYOS) trend, end users are introducing apps that offer file synchronization services that control the movement of data across their various computing devices – from laptops to iPads. The ease of use, and convenience, of consumer apps such as DropBox, Sugarsync and Huddle has persuaded many enterprises to adopt these as the de facto tools for file sharing. However, BYOS has a dark side and is threatening to sweep past company defenses to carry away data.
All too often these services will act as a Trojan Horse, breaching the defenses of a corporation and opening them up to all kinds of counter attacks.
This is because the very strength of BYOS – ease of use – is its vulnerability. A virtual folder, which looks and seemingly acts like a regular folder, replicates files placed in it as soon as possible to another computer, device, and/or “cloud drive.” This means that instantly crucial and confidential information is outside the protection of the enterprise.
The most serious repercussion from file synchronization services is that security is threatened. Depending on the circumstances, the person responsible for securing company data could fall foul of regulations on corporate governance, the most common being the Data Protection Act (DPA), the EU Privacy Directive, Sarbanes-Oxley (SOX), HIPAA and PCI DSS.The first step is to monitor network connection attempts for services – such as Dropbox, Sugarsync and Huddle. In parallel, also watch for employees who are emailing documents into the company as this will reveal who is taking data out or storing it and creating it elsewhere in the first place.
Once you have identified who in your workforce has a need to share files outside of traditional corporate platforms, you can work with them to verify whether it’s legitimate and why they feel the need to use these services. Is it that the files are too big to email? Are they trying to share information with a third party — again legitimately or otherwise? Perhaps it’s because connecting to internal resources either isn’t possible or feasible or it’s just too complex?
While cloud-based solutions are steadily improving, an immediate and straightforward answer resides in deploying premise-based software capable of providing the experience of a cloud service while keeping precious data in the enterprise. With the right file synchronization offering in place, IT managers can grapple with the threats of BYOS and reduce the temptation to use them in the first place.
David Gibson has been in the IT industry for over fifteen years, with a breadth of experience in data governance, network management, network security, system administration, and network design. He is currently Vice President of Strategy at Varonis Systems, the leading provider of comprehensive data governance software. David holds many certifications, including CISSP. As a former a technical consultant, he has helped many companies design and implement enterprise network architectures, VPN solutions, enterprise security solutions, and enterprise management systems.