Welcome!

@CloudExpo Authors: Pat Romanski, Elizabeth White, Yeshim Deniz, Rishi Bhargava, Automic Blog

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Post

How Free Apps Can Destroy an Organization By @IanKhanLive | @CloudExpo #Cloud

How popular apps with a dark side may open the doors of destruction for your organization before you grab your morning coffee

How to Destroy an Organization in Three Ways with Nothing but Free Apps

I didn't want to be so dramatic, but I couldn't help but be completely honest as well. The end possibility is that your entire organization may suffer the fate as Sony Pictures, Target, Anthem and others that have been shaken by hacks and vulnerabilities in their networks. In some cases it has been analyzed that hackers sat in for months stealing data, until they chose to tell everyone about their presence. That's probably one of the reasons that websites like WikiLeaks are constantly able to churn document after document, exposing one thing or the other. Without supporting any of these and staying neutral, enterprise IT does face a daunting task of protecting the fort from everything out there. It's not that enterprise IT is not doing their job. The fact remains that end users within organizations are causing a huge disruption by adding consumer-level apps to their work life. The advent of BYOD and a harmless Wi-Fi connection to your work Internet is all that is needed for the hacks to start happening.

Document Sharing Applications
Consumer grade applications such as Google Drive, Microsoft Sky Drive. Box.net, and Dropbox are amazing applications. You get a tremendous amount of storage space online, they integrate with your Android or Apple phones and essentially provide a high level of convenience for the consumer. In the business environment, they open up a loophole that's an IT department's nightmare. Apps like Dropbox within an enterprise keep a door open for anyone that a document has been shared with. Once employees leave the organization they may still have access to the links, which even if encrypted would render them useless for other users. On the other hand consumer EFSS (Enterprise File Sync & Share) applications like Box are vulnerable due to it not being secure. Yes, the right encryption at multiple levels may reduce the impact. The same goes for Google Drive and others. Mind you we still haven't discussed anything about a private or public cloud. The public cloud framework is excellent, but may not work if you are hesitant to share documents on a server that's not private. Overall document management, EFSS and consumer grade solutions pose the highest risk for any organization. The problem is also that multiple users will create accounts and use different solutions, so it's not uncommon to see users within departments uploading documents on multiple file sharing websites.

Social Applications
Social applications such as Facebook, Twitter and WhatsApp are changing the way we communicate. I use all three for different things and I can't get enough from all of them. Although highly useful, many such applications may pose a risk to your organization's security in many ways. For social media users it's more a matter of policy and to be able to get users to follow protocol when in their corporate environment. Twitter and WhatsApp are apps that need more of an IT usage policy and governance for sharing links, documents and other enterprise digital assets. Of course add-on applications on Facebook may not offer the highest level of security and in fact may be a loophole for spammers and malware cybercriminals to get into your organization and take away from the productive time your employee could have. The effects of malware on employee productivity are highlighted in the Ponemon Institutes Research Report, which mentions that phishing scams can cost an average organization as much as $3.7 million in lost productivity time.

Gaming
Games are addictive and I personally don't believe that we should stop playing them. However, we do need to be selective with the games we download. Here is an example. While Angry Birds may have been one of the most popular games of all times, a Chinese version of the game has been reportedly infected with the XcodeGhost Malware. On the Apple China store, over 25 more games and apps have been compromised by the malware. This is just one incident where a vendor took responsibility. There could be many more that we don't even know about yet. Using any affected app on a smartphone or device that is being used in the enterprise environment opens the door to malware spreading to other machines and devices. The potential threats could be the opening up of ports, time-activated viruses or opening the doors for cybercriminals to sneak in.

Where to Go from Here
Determining and securing all risks to the enterprise at an IT level is a challenging task. This is constantly being made more difficult through decisions and vulnerabilities that employees are making, most of the times in good faith but without the right information. Unfortunately such actions sometimes cost us millions of dollars to undo the damage. For IT managers it's a challenging time ahead as our technology mix evolves to be more complex, and for users it's a time to reflect upon what they use and why. There is definitely a growing need for end users and policy makers to work together and collaborate for a more stable and stronger organization.

More Stories By Ian Khan

Ian Khan leads Innovation & Marketing initiatives at Solgenia, a global Cloud services provider with more than 3500 enterprise customers globally that includes Top Fortune 100 and Fortune 500 companies. An advocate of Cloud computing and a thought leader driving change within the industry, Ian is a catalyst for collaboration and Cloud solutions.

He has written for multiple industry publications, presented at various industry events worldwide, and brings more than 15 years of in depth technology experience across various industries.

Ian is a PMP Certified Project Manager, MCSE, and an Instrumentation Technology engineer.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
MongoDB Atlas leverages VPC peering for AWS, a service that allows multiple VPC networks to interact. This includes VPCs that belong to other AWS account holders. By performing cross account VPC peering, users ensure networks that host and communicate their data are secure. In his session at 20th Cloud Expo, Jay Gordon, a Developer Advocate at MongoDB, will explain how to properly architect your VPC using existing AWS tools and then peer with your MongoDB Atlas cluster. He'll discuss the secur...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, will present a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to m...
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
"delaPlex is a software development company. We do team-based outsourcing development," explained Mark Rivers, COO and Co-founder of delaPlex Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and atten...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
Imagine having the ability to leverage all of your current technology and to be able to compose it into one resource pool. Now imagine, as your business grows, not having to deploy a complete new appliance to scale your infrastructure. Also imagine a true multi-cloud capability that allows live migration without any modification between cloud environments regardless of whether that cloud is your private cloud or your public AWS, Azure or Google instance. Now think of a world that is not locked i...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...