Four Ways to Mitigate Mobile and Cloud Data Leaks

Your CEO may be paranoid about WikiLeaks, but his mobile device and cloud computing are the real threats to corporate security

CIOs push data into the cloud. Employees post ever more personal and professional information on social-networking sites. And as the WikiLeaks organization talks about releasing secret information about Swiss bank accounts—on top of rumors that it may disclose documents from a large bank in the United States—CIOs find themselves reviewing internal policies and answering questions about security from their CEOs.

“Oh yeah, we’ve had a lot of questions,” says Srini Cherukuri, senior director of IT operations at Matson Navigation, a $1.2 billion ocean shipping company. And, he admits, he doesn’t yet have all the answers. The same CEOs who fret about WikiLeaks also expect to do company business on their shiny new personal smartphones and tablets. That’s a bigger threat, Cherukuri says.

Frank Modruson, CIO at Accenture, agrees. No technology or policy can reliably prevent a leaker from leaking, he says. “WikiLeaks is more of an HR and legal issue than a technology one. Somebody who was trusted shared information he wasn’t supposed to.”

Banning consumer devices at work won’t stop people from using them, Modruson says, which creates a bigger risk. “The most difficult things to secure are the things you don’t know you have.”

Insider threats always exist, but consumer technology and cloud computing present a more urgent risk that CIOs must mitigate. Here are four tips:

Have a smartphone policy. Employees lose smartphones and CIOs have to worry about the corporate data stored on those lost devices. In the absence of tools that can remotely erase just the business information from missing smartphones while leaving personal data untouched, Matson Navigation has had to enact a harsh policy. That is, if you lose your phone, Matson erases all the data on it. At the same time, Cherukuri encourages employees not to download company data onto their personal devices. He predicts it’ll be another year before vendors come up with reliable “scalpel” software that lets IT departments erase individual pieces of information from a phone.

To continue reading this article register now

The CIO Fall digital issue is here! Learn how CIO100 award-winning organizations are reimagining products and services for a new era of customer and employee engagement.