“The App That Scares Me The Most is Evernote” #GTEC13

Comments

evernote-password-change

At GTEC 2013, Citrix’s Chief Security Strategist, held a session titled “MDM: How to Develop and Implement Policies to Manage and Secure Mobile Devices”. There was a lot of really interesting discussion around the changing pace of mobile adoption and how IT should handle common problems such as BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device).

One of the more interesting quotes from the session was: “the app that scares me the most is Evernote”. This quote came from a discussion around apps and how to protect data given the explosion of consumer apps and data storage fragmentation. Why does it scare IT so much? It’s actually a very pragmatic reason.

The reason Evernote is such a concern for IT is simple. It’s a powerful note taking tool, used by mostly executives, with notes synced on multiple devices, outside of IT’s control, in a cloud storage system that’s unapproved.

Imagine the kind of data that could exist on Evernote that could leave an organization vulnerable. Passwords, memos, files, and information that could seriously compromise an organization are all potentially stored on Evernote and IT has no insight.

Now, this problem doesn’t apply to Evernote specifically, but it highlights a major problem with the app economy. If IT can’t keep up with the pace of startups and productivity tools, executives are inevitably going to break the rules and put data where it doesn’t belong. Eventually, IT will have to come up with a blanket solution for all apps and hardware, that protects the organization while giving executives the tools they want to use.

  • Derek Konigsberg

    The real problem with all these new “cloud services” is that they only offer the option of you hosting your data on their servers. And while alternative solutions do exist that let you host data on your own servers, they’re almost always vastly inferior.
    Hopefully someday companies like these will start offering their server side suite as a package too, but everyone is moving too fast (and too light) that I don’t see that actually happening anytime soon.

  • http://papogp.com Diego Nei

    Or they can “pull a BlackBerry” and do things the way BES does: Give the encryption keys to the IT department. That way the service can’t access your data, even if it’s hosted on their servers and if anything leaks, it won’t be readable.