My iPhone apps as of February 2010
My iPhone apps as of February 2010 (Photo credit: dougbelshaw)
Do we see this threat in our company?

20-July-2014
-----


by Quentin Hardy


SAN FRANCISCO - As is the case with many busy people, Delyn Simons's life has become an open phone app of commingled corporate and personal information.

"I've got Dropbox, Box, YouSendIt, Teambox, Google Drive," says Ms. Simons, a 42-year-old executive, naming some of the services on her iPhone that store memos, spreadsheets, customer information and soccer schedules.

She and her colleagues at Mashery, a 170-employee company that helps other companies build more apps, also share corporate data on GroupMe, Evernote, Skype and Google Hangouts. "From the standpoint of corporate I.T.," she says, "my team is a problem."

While the company's most confidentila information is encrypted and available only to authorized, executives, John Oberon. Mashery's information technology chief, who is supposed to keep track of company data, said, "there's only so much you can do to stop people from forwarding an e-mail or storing a document off a phone."

Once the data leaves the corporate network, protecting it becomes much harder. Searching for the name of almost any large company, plus the word "confidential," yields supposedly secret documents that someone has taken from the company network and published.

Netflix, the streaming video service, recently found employees using 496 smartphone apps, primarily for data storage, communications and collaboration. Cisco Systems, which powers much of the Internet with computer networking gear, found several hundred apps, as well as services for shopping and personal scheduling, touching it own network via employees.

"People are going to bring their own devices, their own data, their own software applications, even their own work groups," drawing off friends and contractors at other companies, said Bill Burns, a director at Netflix. "If you try and implant software that limits an employee's capabilities, you're adding a layer of complexity."

Even without proof of compromised accounts, the loss of confidentiality can cost a company both money and reputation.

Some apps onto which employees may move company information, like Facebook, are well known. Others, like Remember the Milk, used for completing tasks, or Cloud Elephant, a data backup service, are news even to some of the experts in I.T. Skyhigh Networks,which recently started monitoring personal use of apps, has counted more than 1,200 services used in corporate networks from personal devices.

Skyhigh signs up for each service, along with 1,000 others that have not yet touched a corporate network, and researches them for security issues, like whether people can share data anonymously, or how easy it is to get inside the system and obtain another customer's data. The company then tunes a customer's corporate network to allow services to have different degrees of access to information.

"We have to be careful how we inspect for security vulnerabilities, since we don't want to get arrested ourselves," says Rajib Gupta, Skyhigh's chief executive.

The problem of data leakage is as old as someone taking a carbon copy home on the weekend. What is different now is how people can take data with a finger swipe, and how little they know about whether a service has malware.

Companies do not want to stand in the way of "life splicing," as the intermingling of home and work tasks is known, because it mostly plays in a company's favor. They just want more security.


-----
Taken from TODAY Saturday Edition, April 06, 2013