WINTER 2016
Distributor's Link Magazine Winter Issue 2016 / Vol 39 No1
Distributor's Link Magazine Winter Issue 2016 / Vol 39 No1
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
106 THE DISTRIBUTOR’S LINK<br />
JOE DYSART ROGUE CLOUD USE: VULNERABILITY AWAITING PLUNDER FOR FASTENER DISTRIBUTORS from page 8<br />
Similar studies are uncovering similar devil-may-care<br />
attitudes towards the public cloud. A Nasuni report, for<br />
example, found that 20% of the 1,300 of management and<br />
staff surveyed regularly used DropBox to share and store<br />
work-related documents. And more than half of those<br />
surveyed did so even though they knew the practice directly<br />
violated company policy.<br />
Plus, a study released by NetIQ, an enterprise software<br />
firm, found that 70% of IT execs believe public cloud services<br />
pose a serious risk to sensitive company data.<br />
Besides risk off-site, public cloud<br />
use can also result in major<br />
security breaches within the walls<br />
of a company, according to<br />
security pros, since hackers can<br />
easily insert malware into the files<br />
of a public cloud account that<br />
they’ve breached, according to<br />
Jacob Williams, principal<br />
consultant, CSRgroup Computer<br />
Security.<br />
Essentially, that malware is<br />
immediately downloaded to a<br />
company’s network or employee’s<br />
hard drive the next time that public<br />
cloud account sync’s with the<br />
employee’s computer. Often, that<br />
happens the very next time that<br />
employee logs into his/her public<br />
cloud account after it has been<br />
breached.<br />
All that auto-syncing can also<br />
create additional risk for a fastener<br />
distributor if an employee is<br />
working with multiple devices.<br />
Subscribers to Apple’s iWork for<br />
iCloud, for example – a suite of apps for the creation of<br />
documents, presentations and spreadsheets – are treated to<br />
auto-syncing of that iCloud data with every Apple device they<br />
own, according to Richard Walters, CTO, SaaSID, a Web<br />
application security provider.<br />
In such scenarios, company IT may not even be aware<br />
that company data has been breached, since that data may<br />
walk out the door on an employee’s iPhone that has not been<br />
secured for use on the company network.<br />
Security pros also worry that unsecured storage of critical<br />
ABOVE: GOOGLE DOCS IS ANOTHER CLOUD<br />
CONVENIENCE THAT WORRIES SOME IT SECURITY<br />
DIRECTORS.<br />
BELOW: MICROSOFT'S OFFICE 365, BASED IN THE CLOUD,<br />
COULD PRESENT SECURITY CONCERNS FOR SOME<br />
FASTENER DISTRIBUTORS.<br />
company data in the public cloud represents a severe risk<br />
when an employee moves onto another company or<br />
organization – especially with an employee who is unhappy at<br />
work, and is planning an unannounced departure.<br />
“Specifically, how do you know if malicious insiders are<br />
forwarding sensitive information to themselves, where it will<br />
remain available even if they’re fired?” says Dan Ring, director<br />
of global communications, Sophos, a computer security firm.<br />
Not surprisingly, public cloud services – as well as third<br />
party security providers -- are the first to counter that they’re<br />
on the job, and working to make<br />
public cloud apps more secure.<br />
But security pros are skeptical.<br />
They cite a major security breach at<br />
Dropbox in 2012, when scores of<br />
IDs and passwords were stolen at<br />
other Web sites, and then used –<br />
with some success – to break into<br />
the Dropbox accounts of the<br />
victims.<br />
Moreover, tech lifestyle<br />
magazine The Verge recently<br />
exposed a gaping hole in Apple<br />
iCloud security. It enabled anyone<br />
with access to a user’s email<br />
address and birthday – easily<br />
available on the Web – to reset the<br />
password to that user’s account,<br />
and then gain access to their<br />
iCloud account.<br />
Apple quickly plugged the<br />
vulnerability. But one wonders how<br />
long the breach-waiting-to-happen<br />
would have persisted without a<br />
spotlight from a third party.<br />
Someday, the rising concern over<br />
the vulnerability of the public cloud may produce security<br />
safeguards that rival those found on enterprise-grade<br />
networks.<br />
But in the meantime, security pros advise fastener<br />
distributors to get the word out to employees, and to bone up<br />
on state-of-the-art best practices of working in the cloud.<br />
A good place to start is the Cloud Security Alliance’s<br />
“Security Guidance for Critical Areas of Focus in Cloud<br />
Computing – one of a slew of cloud security primers in CSA’s<br />
research domain (www.cloudsecurityalliance.org/research).<br />
JOE DYSART