In recent years I have written various articles warning of the risk related to uncontrolled cloud storage solutions usage in the corporate world.
Evernote is a popular online note storage solution which is often used by mobile users. You could see it as a cut down version of Dropbox as it is more restrictive to what one can store online.
It got hacked a few days ago, as reported by the Verge, what was stolen includes usernames, email addresses and encrypted passwords. We don’t know what password algorithm they used and how hard/easy/feasible it is for the hackers to crack them, but the company behind Evernote now asks *all* its (millions) users to reset their passwords.
This should really serve as a wake up call, to check what policies and controls are in place to prevent your users to transfer all sorts of corporate documents outside of your corporate security controls. If Evernote is used within your company, and those passwords were cracked, how different would it be from having those users loosing unencrypted USB sticks or unencrypted laptops containing corporate documents? Not all users would have access to sensitive data, but those who do should certainly not be free to use any cloud storage solutions they like without extra security controls.
With the increase popularity and demand of BYOD and Mobile Devices, are you restricting your HR, VIP, Financial department users when it comes to syncing data in the cloud? do you know what data is leaving your company to Dropbox? Skydrive? GoogleDoc? … Evernote?
If you don’t, now would be a good time to find out… before a government data privacy agency asks you!