The cloud storage security challenge
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
There are not just risks to your business introduced by employees' increasing desire to bring their own devices into the office - a phenomenon known as "Bring Your Own Device" or "BYOD".
There's also the associated issue of "BYOS", or "Bring Your Own Software/Service".
I spoke about this issue at the SC Congress in New York City last year.
One of the standout leaders in the BYOS cloud storage arena is Dropbox.
Dropbox provides a way for users to easily move data between the home-office and the office-office without the need for, say, a USB memory stick.
The good news is that this means the problem of users losing their USB memory sticks (and therefore the data held upon them) begins to disappear.
The only problem is that now users of Dropbox, et al are giving their data away, and third-party companies have to be trusted to secure it properly.
There's no doubt that the adoption of cloud computing is on the rise. But historically we have seen that attacks tend to follow the more ubiquitous technologies. In short, if something is popular chances are that the cybercriminals will explore how they might be able to take advantage.
Cloud storage providers have full access to your data and control where it is stored. You don't have much information about the infrastructure and the security mechanisms in place. And it might be that this storage isn't in your own country, which could cause legal concerns.
In a nutshell, if your data is being stored in the cloud, more data can be put at risk if there is a single successful breach.
The countermeasure to this risk is to utilize encryption technologies. Encryption is a leap forward in the right direction for any organization trying to deal with users who are already housing sensitive and/or protected data on third party servers.
Although officially unsupported, Dropbox tells advanced users who wish to not rely on the firm's own encryption that some have reported success with TrueCrypt to protect their data.
In my own personal experience, storing files across multiple computers with Dropbox and TrueCrypt to send to multiple third parties can be a challenge to setup. I agree with Dropbox that this is only a realistic option for advanced users.
Perhaps it's just me, but I would prefer a solution which is easier to deploy, with capabilities such as centralized key management, reporting, Active Directory integration and an intuitive user experience.
Oh yeah, and it's also important to protect the end-to-end data in motion and at rest from attackers, as well as, service providers willing to surrender anyone's data under subpoena.
David Schwartzberg is a senior security engineer at Sophos. You can read more of his posts here.
Call 1300 880 160
Start a chat
Schedule a call
