Essential Guide

Enterprise cloud security best practices for locking down your cloud

A comprehensive collection of articles, videos and more, hand-picked by our editors

BYOD and cloud services cause -- and ease -- IT security concerns

There may be no single way to save end users from themselves, but certain cloud services may help soothe IT pros’ anxieties about BYOD security.

Many employees use their personal devices and cloud apps to work from anywhere, without any oversight or security...

controls. But IT can also use cloud computing services to regain some control.

Part of the problem is that employees use consumer-grade mobile devices such as Apple iPads, iPhones and Google Android smartphones for business without IT knowledge, said Lisa Phifer, president at Core Competence, Inc., a network and security consulting firm.

While most mobile devices have some type of management tool, such as Apple's Mobile Device Management tool for business, to help locate a lost phone, perform a remote wipe or even change the passcode remotely, these tools may not meet enterprise standards, Phifer said.

 "If a company is focused on BlackBerry, they probably have a BlackBerry Enterprise Server to do all that," Phifer said. "But you can't shoehorn an iPhone or an Android phone into that paradigm."

There are ways to alleviate the security risks associated with corporate data on consumer devices, though.

Cloud security tools for BYOD
The challenge for administrators is to provide business data to end user devices while keeping that data separated, segmented and managed, said Jim Reavis, executive director of the Cloud Security Alliance.

 "People will use app stores on their devices; and whether they are corporate devices or personal, we're concerned about app store security capabilities," Reavis added.

While IT pros worry about app store security, many end users ignore the risks.

"There's awareness [among end users], but there's not necessarily compliance," Phifer added. "When you … talk about malware, especially on Android phones, people really pooh-pooh that. But with app stores, there's no guarantee."

The cloud can help IT with the BYOD security conundrum. First, enterprise IT can acquire Security as a Service products from companies such as Barracuda Networks, Sophos and Zscaler as well as mobile device management services. Using a cloud-based service also saves companies from investing in new servers, software, training and ongoing staff for maintenance.

Cloud computing can also change the way enterprises deal with malware. Rather than run software on a laptop to continuously scan for malware, cloud-based anti-malware services scan data before it ever reaches the device.

"You never get the threat on your device and you don't need to run scanning services on the device," Phifer added.

With BYOD, it has to be automated; users are not very happy about intrusive, heavy-handed governance over the devices they think they own.

Lisa Phifer, president at Core Competence, Inc.

Building BYOD policies into your cloud plan
While automated security procedures and Security as a Service (SaaS) cloud offerings can help, educating end users is also important. IT admins need to establish some ground rules as part of a BYOD policy. SaaS-based security measures are the primary piece, but educating users also has its part.

Part of that education should be creating a mobile device acceptable use, and the rules need to be enforced.

For example, more than half of employees circumvent or disengage security features such as passwords and key locks, according to a recent study by the Ponemon Institute. So, IT needs to run a security policy on employee smartphones to check whether those programs are in place and actively running, Phifer said.

"With BYOD, it has to be automated; users are not very happy about intrusive, heavy-handed governance over the devices they think they own," she said.

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Enterprise cloud security best practices for locking down your cloud

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Regarding the following statement:

Cloud computing can also change the way enterprises deal with malware. Rather than run software on a laptop to continuously scan for malware, cloud-based anti-malware services scan data before it ever reaches the device.

"You never get the threat on your device and you don't need to run scanning services on the device," Phifer added.

How do cloud services address malware proliferated by removable media such as portable hard drives? I've seen proliferations of 20 - 50 computers from one removable hard drive shared out to an organization. In this particular case, an employee brought in wedding pictures to share with co-workers. I wouldn't recommend a cloud based solution to the exclusion of traditional AV on the device.
Cancel
Thanks.
Cancel
Thanks for your question! According to Lisa Phifer, the problem is that network interfaces and Internet traffic are not the only vector for malware infection. My advice to run anti-malware in the cloud applies when potentially-infected data is passed through the cloud before it reaches the device. But if someone physically plugs a portable hard drive or USB stick or SD card directly into a PC, data is transferred directly from storage onto the device - it does not pass through the cloud. If the device itself is not running anti-malware, no scanneer is in place to detect or quarantine that malware. Storage-borne malware has long been a big problem for PCs and now laptops and netbooks. Some of the earliest PC malware was carried by floppy disk. Today, floppy-borne infection has been replaced by CD, DVD, and removable media-borne infection. This is one reason why there are so many desktop management and endpoint security products today that can "lock down" USB ports - that is, stop someone from bringing in a portable hard drive to read or write data from a PC. It is also possible to equip removable media with portable anti-malware, so that drives becomes "self defending" no matter what PC they connect to. Both of these approaches can be applied to BYOD laptops and netbooks. But they don't tend to be applied to smartphones or tablets for two reasons. First, most smartphones and tablets don't have USB ports to which a removable drive can be connnected. Some do have removable SD cards, and MDM can often be used to permit/deny SD card use. Some early mobile malware was transferred by SD card, but these days those SD cards tend to be enclosed inside smartphones, used as extra storage but not frequently removed. Second, mobile devices that are continuously connected to a wireless network tend to upload/download all messages and data over a network - this means the primary infection vector and therefore defense vector is the network, not removable storage. Some PC malware could also be copied to/from a smartphone/tablet tethered to a PC via USB, but the PC's installed anti-malware will catch that. So, while removable storage CAN be used to pass malware to smartphones and tabs, the likelihood is just comparatively low.
-- Michelle Boisvert, Senior Site Editor, SearchCloudComputing.com
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchSOA

SearchCRM

Close