Technology Sectors

Market Sectors

Is iCloud the next big security challenge?

Wed, 2011-11-02 11:21 AM
By: Paula Skokowski

Paula Skokowski

The line between work and play just got a little blurrier, and the potential for a data breach a lot higher, with the launch of Apple’s iCloud. If you are unfamiliar with iCloud, it is a set of free cloud services, including iTunes in the Cloud, Photo Stream and Documents in the Cloud, that work with an iPhone, iPad, iPod touch, Mac or PC to store content in iCloud.

When content changes on one device, all other devices are automatically updated. A wonderful service for consumers; however, for government agencies iCloud has the potential to wreak havoc. 

Enterprise cloud computing options such iCloud and the proliferation of mobile devices in work environments have created a challenge for IT departments, as they struggle to maintain control over how business data is accessed and shared. When government employees and contractors bring these devices into the workplace, these services can quickly become a security and compliance nightmare. Similar to Dropbox, iCloud was designed for consumers; therefore, it lacks the necessary security for stored information and offers no oversight or management control over information that is shared. Because IT has no visibility or control over the information being accessed or shared, it is impossible to know just how exposed an organization is to a data breach.

As data breaches continue to top headlines and penalties for non-compliance continue to climb, now is not the time to ignore security vulnerabilities. Government agencies require more than just a freemium, public, multi-tenant cloud solution. Enterprise solutions should support a variety of deployment options for virtual environments, including VMware, Citrix XENserver, Microsoft HyperV, public, private and hybrid cloud environments, FIPS 140-2 certified deployment and also on-premise physical installation. The solution should allow you to mix-and-match different deployment modes and integrate as one solution.

Enterprise-level solutions provide IT administrators with the necessary visibility and control to monitor and manage what information is being accessed, by who and when, so the enterprise can comply with industry regulations such as SOX and HIPAA that require monitoring and reporting systems to be in place. Utilizing security controls, IT administrators and business users can set policies to prevent files from being forwarded to unauthorized users.

Meeting the needs of enterprises requires choice of where to store data, particularly sensitive information. Government agencies with an enterprise-level collaboration and file sharing solution in place for mobile devices find the temptation for employees and contractors to use free iCloud and Dropbox-type applications is eliminated. IT administrators can manage and audit file sharing, ensuring that users are complying with security policies; and IT managers and compliance officers can be confident that compliance mandates are being met.

Paula Skokowski is the Chief Marketing Officer of Accellion, a provider of secure file sharing and collaboration solutions. She can be reached at:

paula.skokowski@accellion.com

 

Tags:
 
  • Share/Save
  • Email this page
  • Printer-friendly version
 

Recent Webinars

Powerful Cyber Intelligence: Deep Analytics and Big IT Data
Thu, 04/26/2012 - 2:00pm - 3:00pm

Extracting real-time intelligence from Big Data with deep analytics is valuable but dif

Upcoming Events

Event Details Dates of Event
SANS Security West 2012 May 10 - 18
SANS Toronto 2012 May 14 - 19
SANS Secure Indonesia 2012 May 14 - 19
Emergency Management Seminar May 15 - 15
Counter Terror Expo US May 16 - 17
Emergency Management Seminars May 17 - 17
SANS at iTWeb Security Summit 2012 May 17 - 18
New Fire & Emergency Communications Codes Educational Seminar May 18 - 18
Managing Your Physical Security Program: Collaborate and Manage Smarter May 21 - 24
SANS Brisbane 2012 May 21 - 26
CEIC 2012 (Computer and Enterprise Investigations Conference) May 21 - 24
NERC CIP Compliance Training May 24 - 24
NESCO Town Hall: Security Risk Management Practices for Electric Utilities May 30 - 31
Advanced Hands-On CAMEO Training Jun 4 - 6
Security Program Design: A Critical Infrastructure Protection Model Jun 4 - 5
Facility Security Design Jun 4 - 6
SANS Rocky Mountain 2012 Jun 4 - 9
F5 Government Technology Symposium Jun 6 - 6
SEL Modern Solutions Power Systems Conference Jun 6 - 8
Second Annual Citizen Engagement Seminar Jun 12 - 12
ASIS Assets Protection Course: Functional Management (APC III) Jun 18 - 21
SANS Malaysia 2012 Jun 18 - 23
Data Center Brainstorm 2012 Jun 19 - 19
SANS Forensics and Incident Response Summit 2012 Jun 21 - 27
Vanguard Security & Compliance 2012 Jun 25 - 28
SANS Canberra 2012 Jul 2 - 10
SANSFIRE 2012 Jul 7 - 15
Executive Protection Jul 9 - 10
Military Vehicles Exhibition & Conference Jul 10 - 13
NERC CIP Compliance Training Jul 12 - 12
Security Force Management Jul 16 - 17
Physical and Logical Security: Advanced Applications and Economics Jul 16 - 19
Investigative Interviewing Methods Jul 18 - 19
SANS Thailand 2012 Jul 23 - Aug 4
SANS San Francisco 2012 Jul 30 - Aug 6
College & University Police & Investigators Conference Jul 31 - Aug 3

Full 2012 Calendar