IT world have an interesting article on what they're calling the 'stealth cloud'. It's not an exactly new concept - mostly bigger companies have had to deal with the 'shadow IT' problem for some time now.
However the recent proliferation of cloud service providers has the potential to greatly exacerbate the problem. As organizations already struggle with governance and meeting requirements such as SOX, PCI-DSS, Privacy Laws and industry regulation; having business units run out and sign up to external SaaS/Cloud services to fast track projects sounds like a disaster (if not a lawsuit or breach fine) waiting to happen...
Many of these services are pitched at consumers, who use them and enjoy the benefits of the likes of cloud file storage or a personal online knowledge base and these same consumers come to the office and want the same services at work.
So how do you combat the problem? There's no easy answer (like just about everything in Security!) but a combination of education/communication - ensure the managers of the business units understand why storing confidential corporate documents via dropbox is risky - and being prepared to be able to formally evaluate the security and risks of the SaaS/Cloud providers to allow resulting decision made out in the open may go a long way to easing the headache.
It's been said before but is worth saying again, most business computer users have no understanding of security. In a recent conversation an office worker was somewhat shocked to hear that email was not 'secure' or even particulary 'private'. Education and communication are the keys and probably the best way to combat those pesky Shadow IT ninja or Stealth Cloud Shinobi! (since they won't let me bring a katana to work...)
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment