Richard Thomas, CEO of Highlight says we shouldn’t get hysterical over cloud security, but change our opinion of how we view Cloud Applications.
While your IT team works diligently to manage the enterprise IT systems it has so carefully built, individuals within the business can easily bypass IT and sign up to cloud applications. Keeping track of exactly where your business-critical data lives then becomes extremely challenging.
Recent studies find that seven out of ten UK workers use cloud technologies that are not supervised by their company (Cloudstanding.co.uk, May2016) and nearly one in four organisations have no idea which “unofficial” apps are running on their IT infrastructure (Cloud Security Alliance Jan2015).
Many users adhere to the principle that it’s easier to ask for forgiveness than to obtain permission. Compared to waiting for the enterprise IT department to provide similar functionality, there’s really no contest.
But the price is ‘Shadow IT’ whereby the IT department has no picture of which applications are being used to run the business and they certainly can’t manage, support or protect the IT infrastructure. Not knowing where sensitive data is held also leads to issues of compliance, data protection, privacy and security.
You may think the lunatics have taken over the asylum but there are compelling and rational reasons for using unsanctioned applications to run a business. In fact, adopting a cloud app to rapidly answer a business critical need is often the competitive advantage enterprise needs. The reality is that the trend toward cloud apps is more or less irreversible because the benefits are too great.
The solution is for enterprises to make informed decisions on which apps are sanctioned and unsanctioned, , so that risks can be sensibly assessed and weighted against business benefits. This requires solid information, and a willingness to learn to live with this new reality.
Fortunately, network packets never lie. They tell the full and unalloyed story of which applications – internal or in the cloud - are in use and where that traffic is flowing around the business. Characterising application traffic like this is an important step in defining policies that allow a company to reap the benefits of cloud whilst minimising the risk and costs of unmanaged and unsanctioned app usage. Gaining insight is a pre-requisite to taking control.
This article was featured in the October 2016 issue of Networking Plus Magazine.
- Written by Daniel North
- Published: 01 November 2016