infoTECH Feature

October 01, 2014

Why 'Bring Your Own Cloud' Forces IT to Take Action

By TMCnet Special Guest
Kris Lahiri, Co-Founder & Chief Security Officer, Egnyte

How safe is your data? The answer can mean the difference between growing your business and going out of business. 

The recent theft and release of celebrity photos is a reminder that even high-profile cloud security systems can still be vulnerable to breach. It’s important for consumers and businesses to understand the security protocols that can keep both personal and professional information accessible yet still private.

Businesses use cloud-based storage for solid reasons: cost, scalability and ease of access. But consumer solutions brought in by their employees (call it BYOC or “Bring Your Own Cloud”) allow workers to share often sensitive data to cloud-based programs that offer insufficient protection from threats like PRISM, Heartbleed and most recently BASH. 

Your business data deserves an enterprise-class sharing and storage solution that offers flexibility while also providing layers of security. Reputable vendors will offer four must-have features:

  • Secure access to files both in the cloud and on premises
  • Layered security using encryption (both at rest and in transition), SSL and TFA as well as compliance with regulations pertaining to your industry
  • Advanced authentication and native MDM (Mobile Data/Device Management)
  • Integration with complementary solutions from technology partners

Regardless of security, some data is simply too sensitive to live in the cloud. There are two things to look for to reduce errors when data is manipulated, save time and retain full control and visibility. First, a reputable vendor will help design a tiered system that evaluates the risks and offers options for sharing and storing that does not use the cloud. Secondly, the security that is on the cloud—permissions, authentication, etc.—should integrate with the on-premises solution so that IT doesn’t have to rebuild it, and can manage it from a single pane of glass. 

Every system, whether enterprise or consumer, should offer the following built-in protections: 

  • Email Notification: After “Celebgate,” Apple (News - Alert) instituted this. Users receive alerts when their passwords or email addresses are changed. When a user attempts to reset a password or is locked out as a result of too many failed login attempts, admins are notified. Alerts should also go out when new devices are used to access an account.
  • Two-Step Login Verification: Accounts should be configurable to require a second authentication factor when a user logs in. This can be a phone call, push notification to a smartphone, or a passcode sent via SMS.
  • Lockout: After a specified number of failed login attempts, a user account should be locked out either for a specific duration or until an administrator manually unlocks the account. 

Your data (or data belonging to your clients) deserves to be as protected as possible from security breaches. Make sure that your vendor is offering the latest safeguards before trusting your information to a cloud-based system. To ensure company-wide engagement, these safeguards shouldn’t restrict end-user capabilities to share information in and out of a company, nor should they weigh down the user experience. 

IT’s challenge is to implement policies that protect company data - a critical business asset - without reducing collaboration and productivity.

Kris Lahiri is Co-Founder & Chief Security Officer of Egnyte. Mr. Lahiri is responsible for Egnyte's security and compliance, as well as core infrastructure, including storage and data center operations. Prior to Egnyte, Kris spent many years in the design and deployment of large scale infrastructure for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology - Banaras, and an MS from the University of Cincinnati. Follow Egnyte on Twitter (News - Alert): @Egnyte




Edited by Maurice Nagle
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers