A Sophos on-stand survey* of 214 visitors to Infosecurity Europe - 24-26 April 2012 - has revealed that, out of more than 200 respondents, nearly half (45 percent) use consumer cloud services, such as Dropbox, for work purposes - indicating a growing demand for cloud services in the workplace. However, in the same survey, 64 percent thought that these sorts of consumer cloud services present potential security issues, demonstrating that, while people understand the security risks these services can present, there is a general failure by businesses to control their use.
Other findings from the research included:
- Nearly a third (32 percent) of respondents said that they were allowed to use personal mobile devices for work, but there was no control imposed by the IT department
- Nearly half (49 percent) of respondents said that wireless networks in their place of work were protected but only by a single or small number of passwords
“Businesses need to recognize the huge demand there is for cloud services such as Dropbox and take a proactive approach to incorporating these into security policies,” said Chris Pace, product specialist at Sophos. “Storing, sharing and exchanging files in the cloud for business purposes is seeing a rapid adoption due to the convenience and additional storage capacity it offers to employees. What businesses need to remember however, is that this additional way of dealing with information inherently poses additional security vulnerabilities that need to be addressed before valuable data is compromised.”
“There are some basic limitations of a digital ‘do-it-yourself’ approach. The main concern is that, because the infrastructure of consumer-orientated solutions like Dropbox doesn't support enterprise-grade requirements, many businesses are currently just handing control to the user, leaving it to them to make a judgment on the risk they are posing to corporate data,” argued Pace. “Simple precautions such as web-based policies using URL filtering, application controls that can be applied to cloud products, and data encryption that provides a layer of security across the board, should be introduced as standard if companies wish to reap the benefits of cloud, while mitigating security risks.”
Sophos has produced a whitepaper, 'Fixing Your Dropbox Problem', offering advice to businesses on the issue.
Pace concluded “the survey also shows that wireless security is an issue. Everyone wants to use it because it’s flexible and easy, allowing laptop users to connect anywhere in the office. But wireless solutions are inherently complex. Instead of businesses setting up a standard wireless router that connects to the internet, with everyone using the same or a limited number of keys, they should be looking for ways to integrate wifi into their existing network security, giving them both better value and control.
*Poll conducted on the Sophos stand at Infosecurity Europe 2012 24-26 April 2012 of 214 people