“Listen to your users, give them what they need…. A ‘don’t use the cloud’ memo isn’t going to cut it.”
Security is top of mind for most organizations looking to migrate to the cloud, but there’s another threat vector to consider: cloud creep. Even a company with sufficient security protocols in place for its formal cloud services may face exposure from services like Facebook, Dropbox, and Pandora entail.
“Just because you have a positive position on IaaS doesn’t mean you have a sufficient risk posture around off-the-shelf services,” Jason Ha, national manager of security practices for Dimension Data, said.
On average, Ha finds in security audits that companies have six times the cloud exposure they thought they did.
But there’s not an easy solution. Simply blocking access to social media sites may temporarily fix the problem, but it might block legitimate sites, and employees can find workarounds. And there’s no escaping the cloud: even if a company has a “no-cloud” policy in place, the spate of recent data breaches shows the pitfalls of that approach.
So what is a company to do? The first step is to have a cloud policy in place, followed by an effort to deploy approved, monitored applications. It’s not an easy fix, but the key is to stay ahead of the curve and to give your staff options that are within your control.