Refer-BYOSAAS (bring Your Own Software As A Service) and its security issues
4 views
Skip to first unread message
S P Indore
Mar 6, 2014, 9:58:59 PM3/6/14
to iipsdc-project-discussions, Computer Science Research Group, ashok sharma
http://www.slideshare.net/lsaghafi/prof-lili-saghafi-lecture-on-the-threat-within-it-security
important issue of BYOSAAS (bring Your Own Software As A Service) and
its security issues. IMNSHO, much of this kind of thing comes down to
the unethical view of their staff that many businesses have. one of
the basic premises of many theories of ethics is that humans are never
a means to an end but an end in themselves. Much of business regards
their staff as tools to be used at minimal cost. This means not
training people properly, particularly in IT issues. If you train
people, then you have to pay them (and otherwise treat them) well,
otherwise other businesses may well poach them with offers of higher
pay or better conditions, and you lose your investment in their
training. When computers were only used for work purposes and hardly
anyone had one at home, you could get by with minimal training. Now,
though, you need to re-train people to have a different attitude to
work IT than they to do to their own usage. Butisntead of investing in
proper Workplace IT training, many companies have reduced not
increased their IT training because everyone knows how to use
computers these days - they all have them at home,and in their
pockets. If businesses treated staff less as replacable worker units
and more as integral parts of the (human) organisation, including
proper training (which includes the WHY as well as the WHAT and the
HOW) on corporate IT systems AND had relatively easy to use IT systems
of their own which provide secure andusable communications tools, then
they wouldn't have to worry about people using dropbox to insecurely
share the company's confidential data.
Researchers are implementing a somewhat more secure system for file
sharing at our work space which functions under a peer 2 peer
paradigm.
Have you experimented with BitTorrent Sync as an alternative to
conventional cloud SaaS file sharing? http://www.bittorrent.com/sync
One more issue-Some engineering clients have been using
http://www.filesharehq.com to share files.
One additional note: You touched on the security piece but also note
that Dropbox has been hacked before and that they are also acquiring
other companies. Imagine what new internal eyes have access to that
data when one is acquired.
>>> File Share HQ still appears to function under essentially the same process, technology and structure as Dropbox, Box.net, Google Drive (okay, maybe not drive because of the whole proprietary GFE thing), etc.--right?
http://www.slideshare.net/lsaghafi/prof-lili-saghafi-lecture-on-the-threat-within-it-security
>>>>Somehow Secure File Sharing for the Enterprises when all setups considered. Trial version is here.
http://www.syncplicity.com/trial/enterprise-edition?id=SEM-BRAND&gclid=CNCN0-TS_rwCFcyhOgod6V4AQA
>>>Question-Michael: What would you suggest for a file share that is secure, platform agnostic, handles large drawing files, and has full control and audit capabilities?
Ans-->
It all depends on the value of your data, how much you use and what platforms.
(you want to support TRS80? DEC VAX? SDS940? what does platform
agnostic mean anyway?).
I would use a private cloud (my own server, data center,
infrastructure) if using regulated data. Your own sharepoint server,
with whole disk encryption, https access only, heavily enforced access
control, windows, mac, android, iphone. Linux can mount a dav file
system. what more could you want?
A fall back position would be to make sure the cloud company was HIPAA
compliant, SSAE16 certified EU Safeharbor certified and was willing to
sign a BA agreement (if health care)
this is NOT Microsoft office365. This is NOT microsof't sharepoint in the cloud.
Option #2, Citrix sharefile.
HIPAA compliant/has a privacy statement.
But then again, if a loss of data availability, no expectation of
privacy or no data integrity won't cost much if there is a problem,
and you don't mind risking jail time for HIPAA violations, keep what
you have. Your linkedin profile says your company is HIPAA compliant.
When is the last time you had an IT Risk Assessment? if you were using
filesharehq at the time, ask for your money back
--
Thanks and kindest regards*
Shaligram Prajapat*
*
*---------------------------------------------------------------------------
*Associate Professor (MCA , M.Tech(IT) )Programme
*
*International Institute Of professional studies,
Devi Ahilya University indore(MP)-India
(o) 91-0731-2474090
*--------------------------------------------------------------------------
e-mail:shaligr...@dauniv.ac.in
www.iips.edu.in
www.dauniv.ac.in
important issue of BYOSAAS (bring Your Own Software As A Service) and
its security issues. IMNSHO, much of this kind of thing comes down to
the unethical view of their staff that many businesses have. one of
the basic premises of many theories of ethics is that humans are never
a means to an end but an end in themselves. Much of business regards
their staff as tools to be used at minimal cost. This means not
training people properly, particularly in IT issues. If you train
people, then you have to pay them (and otherwise treat them) well,
otherwise other businesses may well poach them with offers of higher
pay or better conditions, and you lose your investment in their
training. When computers were only used for work purposes and hardly
anyone had one at home, you could get by with minimal training. Now,
though, you need to re-train people to have a different attitude to
work IT than they to do to their own usage. Butisntead of investing in
proper Workplace IT training, many companies have reduced not
increased their IT training because everyone knows how to use
computers these days - they all have them at home,and in their
pockets. If businesses treated staff less as replacable worker units
and more as integral parts of the (human) organisation, including
proper training (which includes the WHY as well as the WHAT and the
HOW) on corporate IT systems AND had relatively easy to use IT systems
of their own which provide secure andusable communications tools, then
they wouldn't have to worry about people using dropbox to insecurely
share the company's confidential data.
Researchers are implementing a somewhat more secure system for file
sharing at our work space which functions under a peer 2 peer
paradigm.
Have you experimented with BitTorrent Sync as an alternative to
conventional cloud SaaS file sharing? http://www.bittorrent.com/sync
One more issue-Some engineering clients have been using
http://www.filesharehq.com to share files.
One additional note: You touched on the security piece but also note
that Dropbox has been hacked before and that they are also acquiring
other companies. Imagine what new internal eyes have access to that
data when one is acquired.
>>> File Share HQ still appears to function under essentially the same process, technology and structure as Dropbox, Box.net, Google Drive (okay, maybe not drive because of the whole proprietary GFE thing), etc.--right?
http://www.slideshare.net/lsaghafi/prof-lili-saghafi-lecture-on-the-threat-within-it-security
>>>>Somehow Secure File Sharing for the Enterprises when all setups considered. Trial version is here.
http://www.syncplicity.com/trial/enterprise-edition?id=SEM-BRAND&gclid=CNCN0-TS_rwCFcyhOgod6V4AQA
>>>Question-Michael: What would you suggest for a file share that is secure, platform agnostic, handles large drawing files, and has full control and audit capabilities?
Ans-->
It all depends on the value of your data, how much you use and what platforms.
(you want to support TRS80? DEC VAX? SDS940? what does platform
agnostic mean anyway?).
I would use a private cloud (my own server, data center,
infrastructure) if using regulated data. Your own sharepoint server,
with whole disk encryption, https access only, heavily enforced access
control, windows, mac, android, iphone. Linux can mount a dav file
system. what more could you want?
A fall back position would be to make sure the cloud company was HIPAA
compliant, SSAE16 certified EU Safeharbor certified and was willing to
sign a BA agreement (if health care)
this is NOT Microsoft office365. This is NOT microsof't sharepoint in the cloud.
Option #2, Citrix sharefile.
HIPAA compliant/has a privacy statement.
But then again, if a loss of data availability, no expectation of
privacy or no data integrity won't cost much if there is a problem,
and you don't mind risking jail time for HIPAA violations, keep what
you have. Your linkedin profile says your company is HIPAA compliant.
When is the last time you had an IT Risk Assessment? if you were using
filesharehq at the time, ask for your money back
--
Thanks and kindest regards*
Shaligram Prajapat*
*
*---------------------------------------------------------------------------
*Associate Professor (MCA , M.Tech(IT) )Programme
*
*International Institute Of professional studies,
Devi Ahilya University indore(MP)-India
(o) 91-0731-2474090
*--------------------------------------------------------------------------
e-mail:shaligr...@dauniv.ac.in
www.iips.edu.in
www.dauniv.ac.in
Reply all
Reply to author
Forward
0 new messages