Melpomene - Fotolia

Gartner warns of IoT threat to corporate data stored in personal clouds

Market watcher cautions IT managers to beware the risk IoT and virtual personal assistants pose to corporate data stored in 'personal clouds'

IT departments are being urged to tweak their security strategies to protect the rising amount of corporate data being stored and processed within the “personal clouds” of company employees.

Market watcher Gartner is warning IT managers not to ignore the risks posed by the growing popularity of virtual personal assistants (such as Apple’s Siri or Microsoft’s Cortana), wearable devices and the internet of things (IoT) to the security of corporate data.

The risk is greatest when it comes to work-related data stored within apps and services that staff can access from any device – an environment Gartner has termed the “personal cloud”.

Stephen Kleynhans, research vice-president at Gartner, said: “This is a collection of content, services and tools that users assemble to fulfil their personal digital lifestyle needs across any device. Each user’s personal cloud is unique and evolving, as the user’s daily needs change and as suppliers and products come and go.”

Within these environments will be a vast collection of content, data, services and tools that are used by employees in both a personal and work capacity, to which virtual personal assistants will increasingly have access, Gartner said.

“Virtual personal assistants often have access to not only personal data, but also to potentially sensitive corporate data as information about meetings, employee travel and business operations may be exposed,” the market watcher said.

“Gartner expects [such assistants] will evolve to have different contexts – a personal one, a corporate one and perhaps even a group or team one. This will enable IT organisations to exercise some control over one context while still permitting a level of freedom to the user.”

But it advised organisations not to roll out a blanket ban on the use of such tools on data protection grounds, because it is likely to result in staff bypassing IT to use them.

Read more about cloud security

The growing number of internet-connected devices could expand individuals’ personal clouds, said Gartner, as more information from them is fed back to the apps employees use on their smartphones, tablets and PCs.

This could potentially make it difficult for IT managers to distinguish between work and personal data and, in turn, open up a wide range of new data security and privacy considerations.

“While strong authentication technologies are only the first step towards longer-term approaches to securing both user and corporate data, they do form an important initial step in the chain,” Gartner added.

“Over the long term, this situation will change, and identity will be established in the device using strong multifactor methods, then used to establish secure sessions with various services.”

Read more on Mobile apps and software