Ben Kepes writes about an infosec panic:

Bitglass, a company that is all about protecting organizational data, wanted to see the impacts of widespread use of public wi-fi, alongside the use of unsanctioned file sharing solutions…

…Bitglass’ threat research team tested two real-world scenarios—public wi-fi use and sharing of data from within a cloud app. The assumption being that the combination of public (and, one assumes, at-risk) wi-fi and cloud file sharing apps (shock, horror, cue the “cloud is risky” FUD) would deliver a double blow of cataclysmic risk.

Source: Public WiFi plus cloud file sharing: A recipe for InfoSec panic? « The Diversity Blog 

Kepes goes on to talk about his experience of using public wi-fi. He says he uses it a lot and has never run into trouble.

That makes sense, but it misses something. Kepes is motivated. He owns a business. He has enough experience, knowledge and sense to steer clear of obvious traps.

You, I and Kepes might be sensible. You cannot assume everyone using an enterprise computing app on a mobile device will be as careful or as savvy.

No amount of training or awareness programmes will change that.

Risky, but not that risky

Organisations are at risk from careless use of public wi-fi. As Kepes points out the level of risk might not be high.

There is a simple way to deal with the risk. Build VPN functionality into every heavy-duty mobile enterprise app so that users have a secure, encrypted end-to-end link from their mobile device to the server handling their data.

VPNs are not expensive, they are not hard to build. They don’t impose much of a performance overhead.

Enterprise software companies can absorb the cost, a few cents per month, into their pricing model. It would make sense for them to guarantee the security with an insurance policy against data being hijacked between a mobile device and the server.

Kepes’ main point, is that spreading fear, uncertainty and doubt undermines cloud computing, which, in general, is far more secure than old school computing models. You might not expect cloud infrastructure vendors to address mobile access risks, but it should be a top priority for an enterprise SaaS business.

This story was first posted at billbennett.co.nz

%d bloggers like this: