Public Cloud Computing Adoption - Its Happening Whether You Like It or Not
In a recent Hitachi Data Systems post, blogger Hu Yoshida highlighted a Skyhigh Networks cloud adoption survey (PDF) on public cloud usage in the enterprise. The results? The average enterprise has 738 public cloud services in use as of Q2, 2014.
That number is up from 545 in Q3, 2013, which means that organizations are adopting the public cloud whether IT likes it or not. Shadow IT, BYOD, and the proliferation of cloud services and applications are all to blame. Eliminating access may improve network security, but keep in mind that most employees use these services to improve their productivity. In fact, PricewaterhouseCoopers found that among the 100 companies it considers top performers, IT controls less than 50 percent of corporate technology expenditures, according to the company’s Digital IQ survey.
Walking this tightrope between controlling network security and undermining corporate performance, agility, and productivity isn’t an easy task, but security can’t and shouldn’t be taken lightly. According to Skyhigh’s Cloud Adoption and Risk Report for Q3 2013, familiar and low-risk services are blocked 40 percent more often than high-risk services. Broken up by industry segment, some of the most commonly blocked services include Apple iCloud, Skype, Google Drive, Dropbox, bitly and PayPal, while high-risk services like CloudApp, SockShare, RapidGator or MovShare are rarely blocked.
To help your organization manage network security in light of these cloud adoption factors, start with these five questions:
- Which devices will be allowed? It might be wise to create a list of approved devices that meet your security requirements. You’ll want to make sure that approved devices haven’t been hacked or modified which could lead to unnecessary computer network security exposure.
- What company data can be accessed? Remember, these are personal devices and applications used for company work. Given the mobility of devices and your lack of control in terms of out-of-office use, you’ll want to either restrict or encrypt all sensitive data.
- What apps will be allowed? More and more apps are making the news for privacy violations and other non-disclosed device access. Apps are potential doorways through which information (and data) can be accessed. It might be wise to do some homework on the risks posed by some applications, whether they’re accessed by a mobile device or company PC.
- Will password logins be required? Some people use the built-in pin login features on their personal devices, but others do not. Plan accordingly. For cloud apps accessed from the office, be sure employees are using complex passwords or cloud-based authentication.
- What will your IT support cover and what will it not? If an employee has a technical issue with an employee-owned device, will IT troubleshoot and provide assistance? Decide and incorporate this into your written IT policy early on to avoid any misunderstandings. Likewise for public cloud apps; if they are not approved for use in the organization, what will IT support cover when help is needed?
Public cloud adoption, BYOD, and other potential network security risks are here to stay, so getting a handle on them proactively is the new normal.