Welcome!

@CloudExpo Authors: Flint Brenton, Elizabeth White, Pat Romanski, Liz McMillan, Dean Madison

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Post

How Free Apps Can Destroy an Organization By @IanKhanLive | @CloudExpo #Cloud

How popular apps with a dark side may open the doors of destruction for your organization before you grab your morning coffee

How to Destroy an Organization in Three Ways with Nothing but Free Apps

I didn't want to be so dramatic, but I couldn't help but be completely honest as well. The end possibility is that your entire organization may suffer the fate as Sony Pictures, Target, Anthem and others that have been shaken by hacks and vulnerabilities in their networks. In some cases it has been analyzed that hackers sat in for months stealing data, until they chose to tell everyone about their presence. That's probably one of the reasons that websites like WikiLeaks are constantly able to churn document after document, exposing one thing or the other. Without supporting any of these and staying neutral, enterprise IT does face a daunting task of protecting the fort from everything out there. It's not that enterprise IT is not doing their job. The fact remains that end users within organizations are causing a huge disruption by adding consumer-level apps to their work life. The advent of BYOD and a harmless Wi-Fi connection to your work Internet is all that is needed for the hacks to start happening.

Document Sharing Applications
Consumer grade applications such as Google Drive, Microsoft Sky Drive. Box.net, and Dropbox are amazing applications. You get a tremendous amount of storage space online, they integrate with your Android or Apple phones and essentially provide a high level of convenience for the consumer. In the business environment, they open up a loophole that's an IT department's nightmare. Apps like Dropbox within an enterprise keep a door open for anyone that a document has been shared with. Once employees leave the organization they may still have access to the links, which even if encrypted would render them useless for other users. On the other hand consumer EFSS (Enterprise File Sync & Share) applications like Box are vulnerable due to it not being secure. Yes, the right encryption at multiple levels may reduce the impact. The same goes for Google Drive and others. Mind you we still haven't discussed anything about a private or public cloud. The public cloud framework is excellent, but may not work if you are hesitant to share documents on a server that's not private. Overall document management, EFSS and consumer grade solutions pose the highest risk for any organization. The problem is also that multiple users will create accounts and use different solutions, so it's not uncommon to see users within departments uploading documents on multiple file sharing websites.

Social Applications
Social applications such as Facebook, Twitter and WhatsApp are changing the way we communicate. I use all three for different things and I can't get enough from all of them. Although highly useful, many such applications may pose a risk to your organization's security in many ways. For social media users it's more a matter of policy and to be able to get users to follow protocol when in their corporate environment. Twitter and WhatsApp are apps that need more of an IT usage policy and governance for sharing links, documents and other enterprise digital assets. Of course add-on applications on Facebook may not offer the highest level of security and in fact may be a loophole for spammers and malware cybercriminals to get into your organization and take away from the productive time your employee could have. The effects of malware on employee productivity are highlighted in the Ponemon Institutes Research Report, which mentions that phishing scams can cost an average organization as much as $3.7 million in lost productivity time.

Gaming
Games are addictive and I personally don't believe that we should stop playing them. However, we do need to be selective with the games we download. Here is an example. While Angry Birds may have been one of the most popular games of all times, a Chinese version of the game has been reportedly infected with the XcodeGhost Malware. On the Apple China store, over 25 more games and apps have been compromised by the malware. This is just one incident where a vendor took responsibility. There could be many more that we don't even know about yet. Using any affected app on a smartphone or device that is being used in the enterprise environment opens the door to malware spreading to other machines and devices. The potential threats could be the opening up of ports, time-activated viruses or opening the doors for cybercriminals to sneak in.

Where to Go from Here
Determining and securing all risks to the enterprise at an IT level is a challenging task. This is constantly being made more difficult through decisions and vulnerabilities that employees are making, most of the times in good faith but without the right information. Unfortunately such actions sometimes cost us millions of dollars to undo the damage. For IT managers it's a challenging time ahead as our technology mix evolves to be more complex, and for users it's a time to reflect upon what they use and why. There is definitely a growing need for end users and policy makers to work together and collaborate for a more stable and stronger organization.

More Stories By Ian Khan

Ian Khan leads Innovation & Marketing initiatives at Solgenia, a global Cloud services provider with more than 3500 enterprise customers globally that includes Top Fortune 100 and Fortune 500 companies. An advocate of Cloud computing and a thought leader driving change within the industry, Ian is a catalyst for collaboration and Cloud solutions.

He has written for multiple industry publications, presented at various industry events worldwide, and brings more than 15 years of in depth technology experience across various industries.

Ian is a PMP Certified Project Manager, MCSE, and an Instrumentation Technology engineer.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
What is the best strategy for selecting the right offshore company for your business? In his session at 21st Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, will discuss the things to look for - positive and negative - in evaluating your options. He will also discuss how to maximize productivity with your offshore developers. Before you start your search, clearly understand your business needs and how that impacts software choices.
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
IBM helps FinTechs and financial services companies build and monetize cognitive-enabled financial services apps quickly and at scale. Hosted on IBM Bluemix, IBM’s platform builds in customer insights, regulatory compliance analytics and security to help reduce development time and testing. In his session at 21st Cloud Expo, Lennart Frantzell, a Developer Advocate with IBM, will discuss how these tools simplify the time-consuming tasks of selection, mapping and data integration, allowing devel...
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
Today traditional IT approaches leverage well-architected compute/networking domains to control what applications can access what data, and how. DevOps includes rapid application development/deployment leveraging concepts like containerization, third-party sourced applications and databases. Such applications need access to production data for its test and iteration cycles. Data Security? That sounds like a roadblock to DevOps vs. protecting the crown jewels to those in IT.
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.