You can also "mitigate BYOD risks with a hybrid cloud," adds Matthew Dornquast, CEO and cofounder, Code42. "As unsanctioned consumer apps and devices continue to creep into the workplace, IT should look to hybrid and private clouds for mitigating potential risks brought on by this workplace trend," he says. "Both options generally offer the capacity and elasticity of the public cloud to manage the plethora of devices and data, but with added security and privacy — such as the ability to keep encryption keys on-site no matter where the data is stored — for managing apps and devices across the enterprise."
Risk No. 4: Cloud Applications
Solution: "The best defense [against a cloud-based threat] is to defend at the data level using strong encryption, such as AES 256-bit, recognized by experts as the crypto gold standard and retain the keys exclusively to prevent any third party from accessing the data even if it resides on a public cloud," says Pravin Kothari, founder and CEO of CipherCloud. "As many of 2014's breaches indicate, not enough companies are using data level cloud encryption to protect sensitive information."
Risk No. 5: Unpatched or Unpatchable Devices
"These are network devices, such as routers, [servers] and printers that employ software or firmware in their operation, yet either a patch for a vulnerability in them was not yet created or sent, or their hardware was not designed to enable them to be updated following the discovery of vulnerabilities," says Shlomi Boutnaru, cofounder & CTO, CyActive. "This leaves an exploitable device in your network, waiting for attackers to use it to gain access to your data.
A leading breach candidate: the soon-to-be unsupported Windows Server 2003.
"On July 14, 2015, Microsoft will no longer provide support for Windows Server 2003 — meaning organizations will no longer receive patches or security updates for this software," notes Laura Iwan, senior vice president of Programs, Center for Internet Security.
With over 10 million physical Windows 2003 servers still in use, and millions more in virtual use, according to Forrester, "expect these outdated servers to become a prime target for anyone interested in penetrating the networks where these vulnerable servers reside," she says.
Solution: Institute a patch management program to ensure that devices, and software, are kept up to date at all times.
"Step one is to deploy vulnerability management technology to look on your network and see what is, and isn't, up to date," says Greg Kushto, director of the Security Practice at Force 3. "The real key, however, is to have a policy in place where everyone agrees that if a certain piece of equipment is not updated or patched within a certain amount of time, it is taken offline."
Sign up for Computerworld eNewsletters.