Financial giant Investec has underlined the dangers posed by the bring your own device (BYOD) culture in organisations, covering hardware such as smartphones and tablets but also software services based in the cloud.
David Cripps, chief information security officer at Investec, said at the ISC2 Security Congress in London that Investec has signed up for around 15 cloud services.
However, an audit found that this number was actually "a lot higher" as staff were using myriad other services to do their jobs, regardless of the security problems this could cause.
"If you’ve never done an exercise to find out what your staff are doing, I recommend it," Cripps said.
This is a concern as the vast majority of cloud services lack basic security protocols.
"Of the 3,000 or so cloud services out there, only five percent have ISO certification and only 10 percent allow some sort of two-factor authentication," warned Cripps.
On the hardware side, Cripps noted that the boundaries between devices, specifically Microsoft’s Surface Pro, are blurring even more and creating new questions and problems.
"What is the Surface? Is it a portable device or a laptop? What camp does it fall into? Should we do full disk encryption, or use virtualisation? It’s the first sort of boundary device that we don’t know what it is,” he said.
Cripps also noted that data retention, and understanding where specific data is being held, is vital for organisations working in heavily regulated industries, but that it is getting increasingly complicated.
He referred specifically to 'litigation hold', where a company is ordered not to delete any data that may be relevant to an impending legal case.
"In the past you could put a flag against the data in a mainframe and say ‘do not delete’. Now, we are in a world where we don’t know where the data is, who is processing it or who is controling it. It makes 'litigation hold' a nightmare,” he said.
Cripps urged organisations to seek out the Information Commissioner's Office guidance on BYOD, which gives advice on key areas such as having policies in place, helping management understand the risks of BYOD, and the storage and accuracy of data.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone