IT just turned off iCloud Drive and syncing. Feels like I had the rug pulled out from under me

My entire workflow is completely broken. I’m at a loss for what to do now.

2 Likes

Wow, that’s awful, I’m sorry. Any chance you can have a conversation with them to understand why and if the decision could be revisited? Of all things to turn off, that seems like a strange one!

1 Like

If they think they are getting away with not having a conversation about this, they are sorely mistaken!

2 Likes

I’m so sorry. Let us know if we can help with crowd sourcing a respone or supportin URLs about security, etc.

Good idea. If this is due to a general tightening of security they may change their mind. If it due to some contractual requirement with a third party they probably can’t. Couldn’t hurt to ask, politely.

2 Likes

I believe that there is nothing much to be done. It saddens myself when I find people working with computers with disabled USB ports, but it’s for a reason. The amount of data people indiscriminately get out of their work devices is staggering – specially when after delivering your resignation! Depending on the size of the company, being certificated in stuff like ISO27001 or SOX compliance is required either by clients or by your own legal & finance team.

So it begins with antivirus, then it’s about device remote management and platforming, and finally you get a full suite of data leak prevention tools that selective enable access to the corporate Office 365 or Google Workspace services.

Edit: not to say @KevinR was trying to extract sensitive data. He’s just collateral damage :frowning: If I was in the case I would probably leave the company as fast as I could, but of course that may or may not be possible. Here’s hoping for some clemency from IT!

1 Like

I worked in an IT team (in healthcare) and can understand the justification. Part of it may be security - locking down to only authorised, tested, managed data stores - there’s little need to “allow” anything else. Automatically synced iCloud data may be on multiple devices - who is to say all devices are adequately secured? Allowing local storage increases the burden on IT to audit personal devices too.

We had a situation where someone was storing data on their own cloud, lost some of it and - of course - there was no backup.

There’s also access to data, particularly but not exclusively personal data. In Europe, UK and - as a result of contacts/local legislation/legal action elsewhere - there may be a legal requirement to produce all information pertaining to a particular project or person when required by a court. That is impossible if the data is scattered across private cloud accounts. Sometimes you also need to dispose of information within a given time period too - not possible if people hang onto it or have backups going back years.

3 Likes

Yes, enterprises are locking down as good as they can. While leakage of corporate data is a real issue, we also don’t want anything nefarious like malware leaking in the other direction - from a personal cloud to the inside of an otherwise pretty well secured perimeter.

The BYOC solutions are becoming harder and harder to use in a work context, but at least, the tools now available to enterprises from Google, Microsoft and others are finally getting pretty usable.

2 Likes

I think this will become more common in future. Our IT, guided by Microsoft, is already putting soft warnings in place. It’s not possible to use another email client, only outlook. And keep documents on OneDrive. It’s awful for productivity but anything goes under the guise of cybersecurity

The “smart” ones do it before resigning. A couple of times I’ve predicted that someone was leaving when they exported huge amounts of information out of a database or downloaded massive folders of information.

In both cases this was reported to HR and disciplinary procedures were invoked.

It always amazes me how few people read their contract of employment. “I created this info, so it’s mine” nope your contract states that it belongs to the company, if you take it, it’s stealing and gross misconduct.

2 Likes

Zero Trust seems to be a buzzword at the moment to “allow” BYOD, but the remedies in place often don’t cover data leakage.

1 Like

I’ve seen external hard drives with encryption keypads. That looked like a good idea until the ex-employee could take the device with him to another job and nobody was the wiser. This person had slide decks for everything you could imagine, and this was coming from one of the MBB firms, talk about data leakage (there was no personal data there, only industry slide decks). That’s why the “nuke everything” option seems so attractive, power users be damned.

1 Like

Indeed.

Many of my clients have tools in place that monitor when unusually large amounts of data are being transferred between drives or devices. This is often a sign of what’s to come.

The other thought I have is that, depending on your role, you may want to get your department supervisor / division manager / whatever “the boss above you” looks like to help, if possible. You arguing with IT about your laptop is one thing. Your department head arguing with other department heads about IT’s decisions costing him money is a whole different thing.

May or may not work, but sometimes it’s helpful to have the correct people having the arguments. :slight_smile:

Its pretty difficult to explain in terms of monetary value the loss in performance due to not having iCloud access, to be honest.

Thanks everyone! I’m following up with IT about it. It seems crazy that we can’t have secure systems that are also compatible with people’s workflows. At what point are we going to realize that we are getting worse at what we do in the name of locking everything down? I realize security is important, but it seems like the quality of our work and the individualized workflows that allow each of us to be the best that we can is always sacrificed in the name of security. I feel like this is a real problem that is going to become more and more of an issue.

It’s a difficult balance. I totally understand the need for security, but IT departments seem to be incapable of explaining what they’re doing, why they’re doing it, and when. And heaven forbid they ever actually ask their users what is needed!

Instead, they just hand down decisions and create a lot stress and extra work. I have academic clients who are not allowed to have a admin account on their office Mac. Fine, but that means IT needs to be super-responsive when a problem needs to be fixed or an app update needs to run. But no, it often takes days for a response, and there seem to be serious problems that they never manage to fix.

In that case, they’ve created such a locked-down system that people just bring their own computers which means that everyone is even more exposed than before. It’s baffling, quite honestly. I’m sure part of the problem is that IT is understaffed and poorly managed and trained — the understaffing is a chronic problem in the corporate world as well.

@KevinR , I hope you can get some answers!

3 Likes

It is, but it’s also too later in a BYOD setting. The data’s already gone.

This, and yes - the rest of your post really, Margareta. The total lack of communications is what really irks me too. Like, one morning, suddenly all attachments I send to my client was encrypted by default. Yes, the original recipient could open it, but when she forwarded my deliverable within her team, guess what. No, they couldn’t open it - security see.

Still, listening to the Security Now podcast (since 2005) has made me aware of how terribly bad our security really is, and nobody wants to be the sysadmin on duty when hackers make off with your entire internal system.

1 Like

This is a sign of the times and the consumerisation of IT.

Do companies want people having their own individual workflows, or are they happy to impose their own if it meets their needs?

I think that if push comes to shove, the security needs of the organisation will trump individual’s wants as cyber security policy can determine whether a company falls victim to attacks and how quickly they recover (if at all)

Blocking 3rd party syncing over the internet, Removable media and personal email access is pretty standard in most medium to large organisations.

2 Likes