We blogged about Cloud Proliferation back in October of 2013, and again about Shadow IT back in February. In those blog posts we cited some interesting statistics that, if you’re in IT or responsible for network security, probably gave you a case of the shivers:
In their Digital IQ survey, PricewaterhouseCoopers found that among the 100 companies it considers top performers IT controls less than 50 percent of corporate technology expenditure.
A Stratecast Frost and Sullivan report (PDF) found that more than 80 percent of survey respondents admit to using non-approved SaaS applications in their jobs… and while a particular SaaS application may not have been approved by IT, it likely is being overtly or tacitly supported by the employee’s own department. This indicates that corporate and departmental policies or practices may clash—with the department winning.
A recent spate of articles on cloud proliferation at organizations suggests that, while the stampede to the cloud is real and troublesome for IT, some organizations are doing something about it. SafeNet’s 2014 Global Authentication Survey found that there has been a 50 percent jump in preference for cloud-based authentication. In addition, 53 percent of the respondents said that mobile devices have limited access to corporate resources.
Adding to the cloud push is BYOD (Bring Your Own Device), which is surely continuing to grow with the advancement of tablets and multi-function laptops. As the perimeters of their networks continue to blur, IT personnel have to ask themselves ‘what steps do I need to take to a) keep my lines of business operating at their most efficient while b) protecting data and other corporate assets from external threats?’
This isn’t an easy question to tackle. Cloud computing and BYOD offer companies a competitive advantage. Data, applications, and other tools are now readily available to help drive business success. Restrict these access points for the sake of network security and competitors gain the advantage; open up cloud access at the sake of network security and the company could potentially suffer. This fine line is a tightrope that IT and network security personnel need to navigate carefully.
The key is developing a robust cloud and BYOD policy, and you can start by asking five questions:
- Which devices will be allowed to access the corporate network and which will not?
- What company data can be accessed and downloaded to the device?
- What apps will be allowed and which will not?
- What type of passwords/logins or authentication protocols will be required?
- What will IT support cover and what will it not?
As Jeff Kagan, an independent IT analyst, said in a recent CIO article, “These are still the early days of corporate cloud services use. Companies lack rules for the technology and users are more eager than IT try it out. This is the wild, wild West.”