IT has moved out of the enterprise data center and into the cloud. Employees work from anywhere and access business data using personal devices such as tablets, phones, and laptops as BYOD is becoming more widely adopted. While the technology to support this new way to work has evolved, security protocols haven’t kept up and legacy network security vendors are scrambling to find an answer to this increasing trend.
OAuth is a very good security standard that has been carefully designed to balance user experience and security and is a solid security protocol that has been used across many apps. OAuth is a standard many SaaS vendors support for REST API access. When something is as popular as OAuth, it quickly becomes an attractive target for hackers and bad guys, like with yesterday’s Google Docs attack.
A recent New York Times article about Uber shared some damaging revelations about the company’s CEO, Travis Kalanick, and how Uber leveraged data from an app called Unroll.me
As Apple eats away at Microsoft Windows’ market share and mobile apps replace desktop applications and websites, the case for usability seems to be written in stone. Everyone wants to use various devices to easily accomplish any task. But with that ease of use comes unintended consequences. “Easy-to-Use” can easily become “Easy-to-Misuse.” Recent high profile security breaches, like the Panama Papers, have legal professionals thinking twice about transitioning their services to easy cloud-based services:
Until recently, computer security was viewed as though it were a medieval battle scene, like the one in Monty Python and the Holy Grail: The employees barricaded inside, under siege by an unruly army of hackers (or Trojan Rabbit) who are trying to spread viruses to infect and weaken the people inside.
Recently, ARS Technica published a scathing article, “Clinton’s e-mail scandal another case of the entitled executive syndrome,” which focuses on Shadow IT as a matter of fact:
With IT department resources and budgets stretched thin, employees are taking IT matters into their own hands. Even though these employees aren’t expected to be technical experts, they have the de facto responsibility to uphold IT security. The people tasked with upholding security are mostly unaware of the risks, or not concerned enough about the risks to change their habits.
There is more than just hype when businesses discuss their transition to the public cloud. Cloud apps help businesses improve operations faster than ever before, and as a result, public cloud use is rapidly becoming a business standard. But optimism is blinding some business executives, leaving cloud security risks unaddressed. The rapid expansion in public cloud use isn’t followed with a similarly rapid expansion in cloud security.