Ernst & Young has shed some light on the impact cloud and the bring your own device (BYOD) trends are having on companies' abilities to comply with software licensing and data protection laws.
The advisory firm's fraud investigation and dispute services division uses IT forensics to help firms get to grips with regulatory compliance issues, investigate data breaches and, generally, safeguard their business assets.
As the number and type of devices in the workplace grows, this means there are lots of other places we can look for evidence.
Speaking to IT Pro, Simon Placks, the division's director, explained: "Forensics is all about looking underneath the surface and getting a really good idea about how someone's using their machine.
"It's quite easy to see if someone has a piece of pirated software installed on their system now, but forensics can reveal what was on that computer three weeks ago and where it came from, even it's been deleted, for example."
Although the BYOD trend means there is now a wider range of machines being used in the workplace to analyse, Placks said it also makes it easier to trap employees that are using software they should not be.
This is because, even if the user thinks they have wiped the device, there are usually telltale traces of the software left behind.
"As the number and type of devices in the workplace grows, this means there are lots of other places we can look for evidence.
"People might know how to delete their tracks on a Windows system, but they might not know how to do that on an iPad," he added.
BYOD often poses software licensing issues for firms, because it makes it harder for them to keep track of the number of licenses they have within their organisation.
"Most companies do not want to be non-compliant, because pirated software can have all sorts of malware on it...but the complexity of managing all their software deployments and licensing regimes means things sometimes fall through the cracks," he explained.
"For instance, a lot of companies had to restructure during the downturn and whenever companies go through that kind of process, it poses problems for their software estate."
Keep it in the cloud
From a data security standpoint, the proliferation of cloud storage providers is also a major cause of concern for Ernst and Young's clients, revealed Placks.
"[The cloud] has become the new way to take data out of an organisation. Webmail services are a bit like USB ports, in that they can be locked down or you can block access to half a dozen of the most common providers," he explained.
"In the case of cloud storage services, there are so many vendors and providers out there, it is very difficult for IT to lockdown all of those exit points."
However, by monitoring what data is being moved into these cloud-based repositories, it is not difficult to work out whether or not employees are up to no good.
"If an employee is using a cloud storage service, it will leave a trail on their system," Placks added.
