April 15, 2021

I.T. Managers Struggle to Contain Corporate Data in the Mobile Age

“I’ve got Dropbox, Box, YouSendIt, Teambox, Google Drive,” says Ms. Simons, a 42-year-old executive, naming just five of the many services on her iPhone to store memos, spreadsheets, customer information and soccer schedules.

She and her colleagues at Mashery, a 170-employee company that helps other companies build even more apps, also share corporate data on GroupMe, Evernote, Skype and Google Hangouts. “From the standpoint of corporate I.T.,” she says, “my team is a problem.”

And how. “My peers are killing me,” says John Oberon, Mashery’s information technology chief, who is supposed to keep track of company data. While the company’s most confidential information is encrypted and available only to authorized executives, he said, “there’s only so much you can do to stop people from forwarding an e-mail or storing a document off a phone.”

Chinese hackers are one problem. But so are employees who put company information online with their smartphones and tablets.

Once the data leaves the corporate network, protecting it becomes much harder. Searching for the name of almost any large company, plus the word “confidential,” yields supposedly secret documents that someone has taken from the company network and published.

Netflix, the streaming video service, recently found employees using 496 smartphone apps, primarily for data storage, communications and collaboration. Cisco Systems, which powers much of the Internet with computer networking gear, found several hundred apps, as well as services for shopping and personal scheduling, touching its own network via employees.

“People are going to bring their own devices, their own data, their own software applications, even their own work groups,” drawing off friends and contractors at other companies, said Bill Burns, the director of information technology infrastructure at Netflix. “If you try and implant software that limits an employee’s capabilities, you’re adding a layer of complexity.”

Almost no service is invulnerable. In 2011, Chinese hackers obtained access to hundreds of United States government accounts on Google’s Gmail. Last July, Dropbox, one of the most widely used storage services, reported a loss of data from a large number of customers. Without special instructions, customer sales information in the online service of Salesforce.com can be moved to private accounts at Box. On Saturday, Evernote said user names, e-mail address and encrypted passwords had been stolen in an attack, requiring the passwords of more than 50 million accounts to be reset.

In 2011, Juniper Networks found more than 28,000 samples of mobile malware, mostly for capturing and transferring information like passwords. In January this year, Florida’s Juvenile Justice Department reported that 114,538 youth and employee records had disappeared when a mobile storage device with no password was stolen. The state will pay for a year of credit monitoring for everyone whose data was lost.

Last September, a customer notified Rite Aid that he could obtain other customers’ names, addresses and prescription records from the company’s mobile app. (Rite Aid says the problem has been fixed and that it is not aware of any data loss.)

Even without proof of compromised accounts, such losses can cost a company both money and reputation. According to the Securities and Exchange Commission, unauthorized disclosures of confidential information, whether from unsecured devices, leaky apps or poor cloud security, must be announced publicly if the information could affect a company’s stock price.

Some apps onto which employees may move company information, like Facebook and Amazon, are well known. Others, like Remember the Milk, used for completing tasks, or CloudElephant, a data backup service, are news even to some of the experts in I.T. Skyhigh Networks, which recently started monitoring personal use of apps, has counted more than 1,200 services used in corporate networks from personal devices.

Article source: http://www.nytimes.com/2013/03/04/technology/it-managers-struggle-to-contain-corporate-data-in-the-mobile-age.html?partner=rss&emc=rss

Data Grows, and So Do Storage Sites

Now, gaining access to personal files is a chore for people who own an arsenal of computers, smartphones and tablets.

The annoyance of e-mailing documents to themselves or saving their work to a thumb drive has given new life to an old idea — online storage. People simply save their Word documents, spreadsheets and photos in “the cloud,” a Web-based file cabinet accessible from any device that has an Internet connection.

A number of companies focused on online storage are quickly gaining users and attention. New investment is driving a boomlet in the niche business, adding to an already lengthy list of competitors: Dropbox, YouSendIt.com, Cx.com, Box.net, 4Shared and SpiderOak. Apple may do something similar with its iCloud service, to be introduced on Monday.

Google began acclimating people to the notion of storing documents in the cloud with its Google Docs feature in 2005.

And online backup or storage services like MobileMe from Apple, Windows Live SkyDrive from Microsoft, Mozy from EMC and SugarSync are now familiar. What’s changed is that more people have discovered a need for them.

Aaron Levie, chief executive of Box.net, an early online storage company based in Palo Alto, Calif., said that the increased adoption of mobile devices and ubiquity of online connections had created a bigger need for companies like his.

Nearly 60 percent of adults with online access own at least two Internet connected devices, according to Forrester Research. Just under 3 percent, or 4.5 million people, have at least nine different gadgets. If that seems to be a lot, think about this: a person may have a home computer and a work computer, and other members of the family may each have computers. Then count smartphones and tablets, and it’s not hard to get to a large number of machines.

“It just sort of clicked,” Mr. Levie. “There ended up being a tremendous amount of interest.”

“Our vision is to simplify millions of peoples’ lives,” said Drew Houston, chief executive of Dropbox, where 25 million users upload files at the rate of 300 million a day. “You don’t have to worry that you have some files on your Mac, some stuff on your work computer and then some more on your iPhone.”

A growing number of people believe him. Dropbox stores 100 billion files on its servers. Box.net says it has six million users while Mozy says it has three million.

Meanwhile, storage companies benefit financially from a constant decline in costs as servers and data storage devices get cheaper each year. Leasing server space is five to eight times cheaper than when Box.net started in 2005, Mr. Levie said.

The sales pitch for online storage is that it lets users make changes to a Word file, for example, so that there is a single version available from both their work and home computers. It is a process known as synchronization, or sync for short. Users can also collaborate on a documents with colleagues or share video clips and photos with friends.

Many online storage services let users store a minimal amount of data free of charge. For more space, users pay up to $20 a month. (Dropbox gives users who enlist more customers additional storage.) Saved files are accessible from any Internet connected device.

Backing up files is a side benefit. Users no longer risk losing their children’s photos if they forget their mobile phone in a cab or their homework if their hard drive crashes.

George Hamilton, an analyst with Yankee Group, said that online storage largely appealed to tech-oriented consumers, although it has been gaining more mainstream adoption recently.

But one thing still gives most consumers the willies: security. While there are no known cases of purloined or exposed documents on these services, well-publicized hackings and thefts at big companies like Sony, RSA Security and the e-mail marketing firm Epsilon Data Management worry the late adopters. “I wouldn’t want to put anything with a Social Security number on a cloud-based storage service,” said Mr. Hamilton.

A security expert did recently complain to the Federal Trade Commission about how Dropbox encrypted files on its service. Dropbox’s employees could get access to unencrypted files, he said, and he accused the company of failing to disclose this.

Mr. Houston called the criticism a “rite of passage” and emphasized that Dropbox takes security very seriously, including prohibiting employees from rooting through user files. However, the company, like any other, must turn over data if it is legally required to do so.

In general, Dropbox likens its protections to what banks and the military use. Files saved with Dropbox are encrypted during transmission to Amazon.com’s servers, which the company leases. After reaching their destination, those files are divided into discrete blocks, no bigger than a few megabytes. Those blocks are then individually encrypted in storage.

Mr. Houston says he saves nearly everything to Dropbox including copies of his driver’s license and passport.

“I have five or six laptops, and they are totally interchangeable,” he said.

The field is flooded with competitors in part because no one company has a clear advantage in the market, which spans both consumers and business customers.

Two months ago, Amazon introduced Cloud Drive for storing all kinds of files, including digital music. Cx.com, another service, premiered in January with financing from TomorrowVentures, a venture capital company controlled by Eric E. Schmidt, Google’s chairman and former chief executive.

Brad Robertson, chief executive of Cx.com, which has around 200,000 users and which is free as it tests its service, said he was not intimidated by all the competition. Focusing on security will help set his company apart from rivals, he said.

“If you take search or e-mail, or any feature where you have new products in the marketplace, you have a while before each one finds its uniqueness,” said Mr. Robertson, whose company is based in Palo Alto, Calif. He acknowledged that eventually “some get gobbled up and go away.”

Article source: http://feeds.nytimes.com/click.phdo?i=e2fb862d7625d3db1a373414cc747fdb