IBM recently announced they had banned employees using cloud-based applications including Dropbox, Apple’s iCloud and Microsoft Skydrive. Even Siri on the iPhone is on the list since spoken queries could be stored and accessed by third parties.
The ban has been implemented following IBM’s policy of allowing employees to use their own devices. Personnel working outside the office could use their own hardware rather than depending on that provided by the company.
The policy did not reduce costs. It created new challenges since the software wasn’t controlled by IBM and many employees were unaware of the potential security risks of file sharing, open wifi and webmail systems. IBM’s primary fear was that confidential commercial information could be lost — especially when many of the popular solutions are operated by their direct competitors.
The Cloud is Inherently Risky
It doesn’t matter what claims are made, web-based applications have always been a security risk (as recently demonstrated by LinkedIn). Few of us know where our data resides, how secure it is, or who can look at it. Even if you did know, your data is still sitting on a publicly accessible network; it’s a target for snoopers.
The only real security is the volume of data stored. If someone managed to access Dropbox’s back-end, it may be difficult to identify files belonging to a specific user. Locating a juicy document within many petabytes of data wouldn’t be easy.
Reading Between the Lines
I’m a little skeptical about IBMs announcement. If you’re really concerned about security, the last thing you do is reveal company policies. IBM claim to have banned Dropbox so you can guarantee a number of confidential documents were sitting on Dropbox’s servers at some point. They’re possibly still there.
In addition, IBM is an IT consultant — with their own cloud solutions offering “security-rich virtual environments”. In other words, you should consider hiring IBM because they understand the cloud and your company’s security concerns. Although it’s not stated directly, IBM has raised doubts about the services run by their competitors.
It’s a clever piece of indirect marketing which I’m helping to spread further!
You Can’t Stop Human Nature
In my opinion, IBM’s cloud-banning policy won’t work. If they expect employees to work outside the office, those people must copy confidential documents from IBM’s systems and put them elsewhere. If cloud applications are banned, employees will simply copy files to laptops or USB drives. Is that more secure?
IBM’s employees used Dropbox and other cloud applications because they were practical. It doesn’t matter what security protocols IBM puts in place; people will find ways circumvent those policies if it makes their working lives easier.
Does your company restrict cloud usage? Have you experienced data loss or security breaches using a web application? Comments welcome…
Craig BucklerCraig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.
