By John Thielens, CSO, Axway
The Megaupload incident surprised a lot of people, especially because the FBI shut down the site even though thousands of individuals – including some from other divisions of the federal government – were depending on it for data storage. The problems resulting from the incident point to the consumerization trend known as “BYOA” or “Bring Your Own Apps to work.” This trend is not so much about bringing consumer devices onto the network (BYOD), though – it’s about bringing consumer behaviors onto the network.
Employees are simply trying to get their jobs done. And since employees are also consumers in a connected, Internet-driven world, they have gotten very good at utilizing services such as data storage or data exchange at home, doing their work, and then synchronizing the content. So it’s no surprise that when they log in at work they expect the same options and services, and realize that they don’t have them. But they do have Internet connectivity that enables them to connect to what they need – so they start bleeding their expectations over the line.
There are numerous potential risks when employees use these consumer services instead of proper corporate (or in this case, government-sanctioned) services. Some risks are well-known, such as inadequate security, and accidental data disclosure or data leaks. But the problem around government employees using Megaupload was more one of “collateral damage” – that is, federal employees were using a site that was actually a relatively secure “file locker in the sky,” but other people were using it to securely but illegally distribute copyrighted movies and other pirated material. This illegal activity was discovered, the site was shut down, and everyone’s content was lost due to the illegal actions of only some users.
For the government, this is a prime example of the unintended consequences that can result when there is no detailed, rationalized, CIO-led and IT-driven process for selecting corporate services, with attendant contractual relationships.
To prevent this type of scenario in the future, the CIO must elevate his/her game and challenge IT to fully analyze IT usage patterns and tools across the organization. A detailed understanding of employee needs must be developed – including some type of monitoring of where employees are going on the Web – so that better services, with greater security and control, can be provided.
The type of file sharing that happened on Megaupload is not the only BYOD/BYOA challenge CIOs are facing, but it’s one of the many IT security challenges Axway solves for organizations every day. Whatever technology trend is under scrutiny, the bottom line is that IT cannot afford to be reactive. In order to protect the organization, IT must proactively partner with employees and take consumerization trends seriously. This effort may make things tougher for IT, but in the end, protecting the organization and empowering employees to get the job done is what it’s all about.