Oleg Shilovitsky responded to my post on Intel’s position on the cloud. In his response I was a bit floored to realize what a danger employee rebellion has become and the obvious lack of security methodology at many places that would allow this to even happen. Here is an article he wrote about this.
As an aside here I am coming to the conclusion that with the advent of Google Glass creating a whole new category of corporate espionage potential not only will you have to prevent “Glassholes” at work you should probably terminate “Bring Your Own Devices” too. But this is a separate issue that will have to be enforced by any security conscious company. As a philosophical thing here I am appalled at the idea of Google Glass and the erosion of privacy both for people and companies this abomination represents. The jeopardy Glassholes represent in so many ways staggers the imagination. Just like street view but only on steroids and following you everywhere and anywhere you are whatever you are doing and a Glasshole is present in public in private and at the workplace. And somewhere Google has a record of everything and don’t doubt for one second that the audio and visual recording capabilities of this stuff will be used by Google when the wearer does not request it. Or a hack job from somewhere will turn it on at demand from an external source just like the one for the iPhones a while back. Just like Adobe did by enabling audio and camera recordings without asking permission to do so a while back. The singular common preventable problem here is access to external elements like the internet or cell phone networks
What I address here today is yet another reason to prohibit any design and manufacturing data access to the cloud and apparently the only method that is going to work is complete isolation from the peril the cloud represents. Look, Dropbox is a cloud thing on cloud servers and you read the fine print and they make no guarantees of security and there will be nothing to make your IP loss whole to compensate your company for it’s loss. It is just another convenience for people to use for file transfers that sadly happens to be just another shopping cart for whomsoever will and has the talent to do so. Verizon does a study on this called Data Breach Investigations Here is one http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Please note the graph on page 16.
The vast, like 98% or so, of your clear and present danger according to them is external. While they don’t break it down this specifically I would assume that employees using Dropbox and the data being hacked from Dropbox would constitute itself in the external threat category even though it’s origin was an employee. But truthfully it’s origin was that this employee had access to the cloud with your data and the only method of prevention would have been NO CLOUD ACCESS AND NO ACCESS TO ANY EXTERNAL NETWORK. I question the 98% figure as seeming to be high but have no way of doing so with knowledge so I am going to have to accept their numbers.
Add yet another way to the myriad of ways that the cloud is your enemies best friend and your competitors best expenditure of “Research and Developement” funds.