The call of the mobile device has never been stronger with widespread bring your own device (BYOD) policies and progressively more powerful smartphones and tablets entering the market.
As each new wave of technology evolves though, companies are struggling to ensure the safety of their data, with many devices moving data into cloud services with unknown security controls.
Research firm Telsyte recently found that accelerating adoption of cloud services would see the Australian cloud market more than double from 2014 to 2018, with hybrid models – those combining private and public cloud services – used in 30 per cent of companies by 2018.
In a growing number of cases, these cloud services will be accessed by employees using mobile devices, either provided by themselves or their company. Indeed, mobile devices are increasingly being built with access to cloud storage services in mind: everything from personal documents and photos to user preferences, game scores, video calls and more is being stored online as the mobile world embraces the advantages of cloud computing.
Despite early caution about the use of cloud services in business, the rise of BYOD is forcing many companies to evolve – contributing to the growth in mobile cloud storage usage as cloud hosting becomes an intrinsic part of modern IT strategies.
A recent survey by BT quantified this conflict, noting that 76 per cent of surveyed Australian companies are adopting cloud storage and web applications, but that 40 per cent of respondents are ‘very or extremely anxious’ about the security implications of those services.
Some 62 per cent of the BT respondents have the impression that all cloud services are inherently insecure, and 53 per cent said they had already experienced a data breach incident where their cloud service provider was partly at fault. Despite these concerns, 61 per cent of respondents said they had adopted popular mass-market cloud services, rather than specialised business-focused offerings.
Given these experiences – and the rapid growth in the usage of mobile devices and related cloud services – more and more companies are reassessing the mechanisms by which their data is stored with cloud computing companies. Data triage has become essential in planning cloud adoption strategies, with sensitive mission-critical data often kept internally and public-facing data and services pushed into public clouds to take advantage of their scalability and cost effectiveness.
The mobile threat
Despite its benefits, mobility has challenged IT architects by providing a single interface through which personal and business data is being exchanged. These devices offer an easy way to circumvent long-standing methods of access control that followed physical models by locking down the company network perimeter. When connecting to the corporate network via Wi-Fi, mobile devices may access or copy corporate data without network security defences even knowing what has happened – and it’s a small step for the data to go from there into public cloud services.
Given that cloud services are fast becoming a central point for data storage and information exchange, mobile access represents a significant threat to the security of that data and the integrity of the company network.
It could also lead to liability under the newly introduced Australian Privacy Principles (APPs), which require the protection of customer data and impose significant fines for breaches.
Dealing with devices
So, if you know that the best cloud storage services can be a boon to users and that you’re going to have to deal with cloud security, what can you do about it?
This common question is driving many IT decision makers to refine their cloud backup and cloud security strategies. Aiming to bring control back to cloud services, many IT managers are reining in the mobile explosion with mobile device management (MDM) systems that allow them to remotely track and control smartphones, tablets, laptops and other devices that connect to their network.
MDM technologies – which are often themselves run by cloud technology companies – allow lost or stolen devices to be located, disabled or erased depending on the sensitivity of the data stored on them. They also provide tighter control over what information can be copied to and from the devices.
While modern MDM platforms have improved control over the interaction between mobile devices, corporate networks and cloud hosting providers, other tools are delivering different methods of data protection.
Making cloud security function smoothly and interact with other enterprise systems – applying security equally on everything from laptops and tablets to cloud hosting platforms and cloud backup services – has taken considerable engineering work. However, broad support for new encryption standards is helping mobile and cloud hosting platforms support end-to-end data encryption.
Many companies are pairing data protection with stronger identity and access management (IAM) technologies that limit users’ access rights, based on identity or even location, to prevent mobile access to sensitive cloud data while users are out of the office.
Once encryption is implemented on a device, data can be protected even when it makes its way to the cloud server. It is stored in an encrypted format while in the cloud, rendering it useless to others.
With the right approach, companies can finally address the very real risks posed by the winning, but challenging, combination of mobility and cloud services.