Periscope is an Enterprise Security Risk

Periscope, a live video streaming app that Twitter bought, has the potential to create a huge security hole for organizations.

Periscope, a live video streaming app that Twitter bought last month, has been making waves across the world--except in enterprise security departments. And that makes it a ticking time bomb.

What is Periscope? It's an app your staffers can download and use to live stream any event in your office. Think your next board meeting, your CEO dressing down someone, the HR team deciding who's going in the next round of layoff, you get the idea.

But so what? Security risks stemming from mobile video have been around since phones got cameras. The difference with Periscope is that video is being live-streamed, eating into an enterprises ability to do damage control.

"The risk has always been there with mobile phones," says Parag Deodhar, Chief Risk Officer and CISO, Bharti AXA General Insurance. "But it's amplified now. Now it's live."

Should Periscope go to the top of your list of security challenges, just now? Depends on who you ask. No one's been hit by a Periscope-style sting operation--yet. But, just like when social media first came about, it's only a matter of time. Right now Periscope is only available on the App Store, though it's threatening to be released on the Play Store.

"It's a serious problem," says Ashish Mishra, the CISO at a large retailer.

Not everyone agrees with that assessment. "In my personal opinion, this is another case of an innovation that could turn into a risk. But I don't rate this has a high challenge," says Nandkumar Saravade, an independent security advisor. "Spy cameras and other video recording equipment has been around for some time."

Meanwhile, Periscope has been getting a lot of interest. On the App Store, Periscope is in the top 30 downloads in the US, and the top 50 in the UK. In India, it's not in the top 145 most popular App Store downloads, which is probably why it hasn't yet made waves in CISO circles in India.

"It's not being discussed. Not yet. Periscope is very new and it's still not reached Indian shores," says Deodhar.

"If and when this reaches broad adoption, the job of the CIO will get harder. Anything happening inside the "walls" of your enterprise (virtual and physical) can be live streamed. Risk just skyrocketed," says Brian Vellmure, a management consultant.

So what can CIOs or CSOs do? It's tricky and right now there are no clear answers. If the app's on a company phone, an MDM solution could be used to create a geo-fence and ensure that cameras are shut off within a fence.

The challenge with that is that 60 percent of Indian organizations don't use an MDM, according to CIO India research. And, in any case, a lot of people have two phones, or use personal phones at work, on which enterprises can't really apply security policies.

"MDM is fine but with personal phones, it becomes an issue," says Saravade.

Another approach could be to control live-streaming apps like Periscope from the network. But how do you control a personal phone using 3G? Cellular jamming is another option, but that would affect productivity.

You could, of course, call for a ban on personal phones, "but that's probably the last decision you'll make in that organization," says Mishra laughing.

Saravade says that tackling such a challenge requires maturity and education. "Security assurance depends on a framework which includes people, processes, and technology." It's important, he says, to ensure a company's privacy policy expands to take live streaming apps like Periscope into account. The next step is to educate users about the policy and enforce it.

He also believes that the law, which he says is maturing fast in India, needs to catch up with innovations like Periscope. Currently the IT Act covers voyeurism, but not the broadcasting of confidential company data.

Someone's going to blow the whistle on the whistling app; the question is: Will it be before or after an embarrassing incident?

Join the CSO newsletter!

Error: Please check your email address.

Tags Periscopesecuritytwitter

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sunil Shah

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts