Of all the technological advances made in the last few years, cloud computing is one of the most beneficial for businesses, allowing enterprises to increase collaboration, flexibility and agility while reducing costs. The competitive advantages offered by the cloud have been well known for some time, but it seems that many organizations are still at a loss as to the best way to secure their cloud investments.
According to CloudTweaks contributor Gareth Cartman, less than 10 percent of businesses know what their employees are doing in the cloud. Shadow IT, or the practice of downloading and utilizing unauthorized applications and programs, has become an increasingly serious problem with the emergence of cloud computing. Employees have their own preferred cloud app that they use on their personal devices, and many will continue to use that program on enterprise devices without consulting the IT department about security.
Lax application policies creating security lapses
In a survey regarding business use of the cloud, 50 percent of companies reported having no policies in place to deal with acceptable use of cloud applications. With no rules dealing with best practice for cloud services, staff members are likely to run wild with the programs they use, putting the enterprises at great risk for a data breach or malware infection.
“We expect IT to have a governance role, and to make sure that users are using technology appropriately to solve business problems,” said Jim Reavis, CEO of the Cloud Security Alliance. “And also that they’re complying with all the regulations and that customer information is controlled and protected.You have individuals in the organizations being their own IT administrator, their own CIO. And that can be very problematic.”
While shadow IT can pose a threat to an organization’s security, trying to completely wipe out the practice is almost impossible. Everyone has their own way they like to accomplish their daily tasks, and forcing people to use programs they don’t like can be a major drain on productivity. Instead, take inventory of the apps being used by employees and find the most common ones. After making sure they’re safe for use, add them to a list of acceptable programs and bar apps not on that list from being downloaded or used on enterprise networks. This practice, known as application whitelisting, allows organizations to accommodate the preferences of their employees while still keeping internal networks and data secure.