WINTER 2016

106 THE DISTRIBUTOR’S LINK
JOE DYSART ROGUE CLOUD USE: VULNERABILITY AWAITING PLUNDER FOR FASTENER DISTRIBUTORS from page 8
Similar studies are uncovering similar devil-may-care
attitudes towards the public cloud. A Nasuni report, for
example, found that 20% of the 1,300 of management and
staff surveyed regularly used DropBox to share and store
work-related documents. And more than half of those
surveyed did so even though they knew the practice directly
violated company policy.
Plus, a study released by NetIQ, an enterprise software
firm, found that 70% of IT execs believe public cloud services
pose a serious risk to sensitive company data.
Besides risk off-site, public cloud
use can also result in major
security breaches within the walls
of a company, according to
security pros, since hackers can
easily insert malware into the files
of a public cloud account that
they’ve breached, according to
Jacob Williams, principal
consultant, CSRgroup Computer
Security.
Essentially, that malware is
immediately downloaded to a
company’s network or employee’s
hard drive the next time that public
cloud account sync’s with the
employee’s computer. Often, that
happens the very next time that
employee logs into his/her public
cloud account after it has been
breached.
All that auto-syncing can also
create additional risk for a fastener
distributor if an employee is
working with multiple devices.
Subscribers to Apple’s iWork for
iCloud, for example – a suite of apps for the creation of
documents, presentations and spreadsheets – are treated to
auto-syncing of that iCloud data with every Apple device they
own, according to Richard Walters, CTO, SaaSID, a Web
application security provider.
In such scenarios, company IT may not even be aware
that company data has been breached, since that data may
walk out the door on an employee’s iPhone that has not been
secured for use on the company network.
Security pros also worry that unsecured storage of critical
ABOVE: GOOGLE DOCS IS ANOTHER CLOUD
CONVENIENCE THAT WORRIES SOME IT SECURITY
DIRECTORS.
BELOW: MICROSOFT'S OFFICE 365, BASED IN THE CLOUD,
COULD PRESENT SECURITY CONCERNS FOR SOME
FASTENER DISTRIBUTORS.
company data in the public cloud represents a severe risk
when an employee moves onto another company or
organization – especially with an employee who is unhappy at
work, and is planning an unannounced departure.
“Specifically, how do you know if malicious insiders are
forwarding sensitive information to themselves, where it will
remain available even if they’re fired?” says Dan Ring, director
of global communications, Sophos, a computer security firm.
Not surprisingly, public cloud services – as well as third
party security providers -- are the first to counter that they’re
on the job, and working to make
public cloud apps more secure.
But security pros are skeptical.
They cite a major security breach at
Dropbox in 2012, when scores of
IDs and passwords were stolen at
other Web sites, and then used –
with some success – to break into
the Dropbox accounts of the
victims.
Moreover, tech lifestyle
magazine The Verge recently
exposed a gaping hole in Apple
iCloud security. It enabled anyone
with access to a user’s email
address and birthday – easily
available on the Web – to reset the
password to that user’s account,
and then gain access to their
iCloud account.
Apple quickly plugged the
vulnerability. But one wonders how
long the breach-waiting-to-happen
would have persisted without a
spotlight from a third party.
Someday, the rising concern over
the vulnerability of the public cloud may produce security
safeguards that rival those found on enterprise-grade
networks.
But in the meantime, security pros advise fastener
distributors to get the word out to employees, and to bone up
on state-of-the-art best practices of working in the cloud.
A good place to start is the Cloud Security Alliance’s
“Security Guidance for Critical Areas of Focus in Cloud
Computing – one of a slew of cloud security primers in CSA’s
research domain (www.cloudsecurityalliance.org/research).
JOE DYSART