Ernst & Young lifts lid on cloud and BYOD compliance challenges


Ernst & Young has shed some light on the impact cloud and the bring your own device (BYOD) trends are having on companies' abilities to comply with software licensing and data protection laws.

The advisory firm's fraud investigation and dispute services division uses IT forensics to help firms get to grips with regulatory compliance issues, investigate data breaches and, generally, safeguard their business assets.

As the number and type of devices in the workplace grows, this means there are lots of other places we can look for evidence.

Speaking to IT Pro, Simon Placks, the division's director, explained: "Forensics is all about looking underneath the surface and getting a really good idea about how someone's using their machine.

"It's quite easy to see if someone has a piece of pirated software installed on their system now, but forensics can reveal what was on that computer three weeks ago and where it came from, even it's been deleted, for example."

Although the BYOD trend means there is now a wider range of machines being used in the workplace to analyse, Placks said it also makes it easier to trap employees that are using software they should not be.

This is because, even if the user thinks they have wiped the device, there are usually telltale traces of the software left behind.

"As the number and type of devices in the workplace grows, this means there are lots of other places we can look for evidence.

"People might know how to delete their tracks on a Windows system, but they might not know how to do that on an iPad," he added.

BYOD often poses software licensing issues for firms, because it makes it harder for them to keep track of the number of licenses they have within their organisation.

"Most companies do not want to be non-compliant, because pirated software can have all sorts of malware on it...but the complexity of managing all their software deployments and licensing regimes means things sometimes fall through the cracks," he explained.

"For instance, a lot of companies had to restructure during the downturn and whenever companies go through that kind of process, it poses problems for their software estate."

Keep it in the cloud

From a data security standpoint, the proliferation of cloud storage providers is also a major cause of concern for Ernst and Young's clients, revealed Placks.

"[The cloud] has become the new way to take data out of an organisation. Webmail services are a bit like USB ports, in that they can be locked down or you can block access to half a dozen of the most common providers," he explained.

"In the case of cloud storage services, there are so many vendors and providers out there, it is very difficult for IT to lockdown all of those exit points."

However, by monitoring what data is being moved into these cloud-based repositories, it is not difficult to work out whether or not employees are up to no good.

"If an employee is using a cloud storage service, it will leave a trail on their system," Placks added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.