IBM might have signed onto a limited version of the “Bring Your Own Device” policy currently gripping many companies, but it has reportedly banned employees from using certain cloud-based apps such as Dropbox.
According to a widely circulated May 21 story in Technology Review, IBM not only forbids Dropbox and cloud services such as Apple’s iCloud, but has put its proverbial foot down on smartphone-generated WiFi hotspots, as well as the practice of auto-forwarding work email to personal email accounts. “We found a tremendous lack of awareness as to what constitutes a risk,” Jeanette Horan, IBM’s chief information officer, told the publication.
When approached for comment, an IBM spokesperson said: “No comment as the story speaks for itself.”
The introduction of commercial cloud services into an enterprise context has become a source of consternation for many an IT professional, and not only on the security front. Dave Robinson, an executive with online-backup firm Mozy (and one of its first employees), suggested in an interview that many clients adopting his company’s products want very specific functionality.
“You do get into one-offs, where one organization’s environment is different from others,” he said, “and they use niche software, and that forces us to make decisions; in some instances, we might do a one-off work.” In general, he added, companies want “a very robust administrative dashboard” in addition to strong security and the ability to set policies.
Those requirements haven’t stopped companies from gravitating toward software originally designed for consumers. “About 70 percent of our business is B2B [business-to-business], and 30 percent is consumer,” he said. “It was 100 percent consumer in 2007.” The challenge in that context is to keep the core product simple and streamlined, in contrast to many pieces of enterprise software that offer dashboards loaded with dozens of very granular controls and options.
Dropbox declined to discuss its business market or security.
Security remains a top concern for businesses thinking of adopting cloud-based consumer apps. “That can cover everything from data safety/recovery to securing data in transit and at rest to whether a vendor can meet a company’s compliance requirements,” Charles King, principal analyst at Pund-IT, wrote in an email. “The same issues touch most cloud services/service providers, but the issues are more important by orders of magnitude in the business world than they are in the consumer space.”
For companies with particularly stringent requirements, such as IBM, it seems the go-to solution is to either ban consumer-centric apps and services, or else institute very specific security policies that regulate those products’ behavior.
Image: Dukes/Shutterstock.com
The way that technology has permeated our lives makes IT much less scary for the semi-tech savvy person. IT policies used to be handed down like commandments from above. We now know a lot of those policies are often BS. That's not to say there isn't good reason for them, often there's very good reason. But many of us now regularly hack to create work-arounds that meet our individual needs - hence Dropbox and other less-than-secure apps in the workplace.
There are solutions out there for both the enterprise and SMB/Soho/personal use needs. @SFTP I've heard of the Globalscape tool - Tappin I think (?). Low cost, secure, easy to use tools need to be provided for use by employees. But individuals need to do their homework as well to understand the threats and use solutions to reduce risk. It's the world we live in now. The need for data/doc/file access directly drives proliferation of corp and personal data, BYOD, etc. Safe and secure access, not policy, is what's needed.
- spam
- offensive
- disagree
- off topic
LikeIt's scary how employees are using Dropbox to bypass security rules within organizations. Worse yet are the IT folks who are bending their security regulations due to pressure from employees.
Fortunately, there are other ways to have Dropbox functionality while maintaining security. I work for Globalscape (a secure file transfer software company) and we have a secure, mobile solution where IT admins can specify the specific data that employees can access via their mobile device. This data is not stored in the cloud but is accessible from any device.
Dropbox isn't the only solution out there.
- spam
- offensive
- disagree
- off topic
LikeNaso540
i can't disagree more. as a developer, i am trying my best to teach people around me that dropping our intellectual property (docs, builds, etc) on dropbox is stupid. seems the major motivator is to bypass security policies, such as email attachment stripping. there is simply no reason we need to throw our security policies out the window for a minor file-transfer convenience. any tech-saavy organization (in my case, a startup) should do exactly what IBM did, and ban it.
-todd hodes
- spam
- offensive
- disagree
- off topic
LikeTo me this is a clear signal that the traditional Enterprise IT services for most larger companies aren't keeping pace with the user experience. For years, enterprise IT has been going through waves of outsourcing, financial goals to stay flat $ YoY, do more with less. The reality is if you aren't embracing the services like the ones cited here, you aren't keeping pace with user expectations. The trick is to ensure the service providers and policies for use are tight and you'll actually realize improved $ cost/unit as well.
- spam
- offensive
- disagree
- off topic
LikeThanks for including the stock photo. I would have no idea what this story is about if not for that picture of a plastic folder with an egg-timer glued on to it.
- spam
- offensive
- disagree
- off topic
Like