The cloud: Mitigating risks as you relinquish control – Hot Tech Online

The cloud: Mitigating risks as you relinquish control

the-cloud-mitigating-risks

According to
Gartner, at least 60 percent of information workers will interact with content
applications through mobile devices by 2015. This shift toward mobile platforms
(smartphones and tablets) is driving much of the consumerization of IT, which
is now impacting how software giants like Microsoft, Google, IBM, and Apple are
approaching the enterprise.

As budgets move
from hardware and infrastructure-centric capital expenditures (CAPEX) toward
service-based models (OPEX), the budget power within many organizations is
moving from the back-office (IT) to the front-office. Even three to five years
ago, the focus of IT was more around centralized IT infrastructure – that’s how
quickly and dramatically this shift toward the consumer has happened. The
software giants are just beginning to recognize that the path into enterprise
budgets is increasingly through these end-user devices, and are adapting their
strategies accordingly.

Enterprise risk

Traditional IT
organizations are risk averse by design. With the goal of keeping systems
stable and scalable, they are slow to respond to end user requests for
productivity upgrades and new solutions, forcing end users to look outside of
IT channels to meet their business needs. Increasingly, that means cloud-based
social collaboration and storage platforms that work across their various work
and personal devices. In many organizations, strict IT governance and security
policies, in effect, encourage the very rogue IT practices they were put in
place to manage, as employees seek out an easier way to get their jobs done.

Gartner predicts that by 2014, “90 percent of organizations will
support corporate applications on a variety of personal devices, from
conventional laptop PCs, media tablets and mobile phones to hybrid or other
kinds of devices that have yet to be made widely available.”
Unfortunately, to meet the increasing user demand for mobile productivity tools
and solutions, companies are often asked (or coerced) to move critical data
(key intellectual property) into the cloud, regardless of whether security and
compliance assurances are in place. The leading cloud storage platforms reject
many of these traditional IT requirements, calling them outdated or irrelevant
to the collaboration workloads they cater to.

Organizations
are often left to fill these security gaps on their own, creating policies for
data governance across the various public cloud platforms without visibility
into what their users are actually doing.

Reporting from
these platforms are generally designed for the individual user – and even when
team-based reports or administrative controls are available, they largely focus
on utilitarian storage and access reporting, with minimal permission controls
and without deep insights into, or control over, the content or actions of the
end users. Without the governance and security tools to manage activities at a
consistent level with other enterprise applications, many organizations run the
risk of a security breach and intellectual property loss.

Collaboration

In a study
looking at the social collaboration habits of 1,000 business and IT decision
makers and 4,000 employees, consulting firm Avanade found that 74%
of end users are using Facebook for collaboration. According to a uSamp survey of 500 mobile business users commissioned by
enterprise mobile apps provider harmon.ie, one in four of those users caused
accidental data breaches when using unsanctioned applications like Dropbox or
Google Docs, translating into 14,937,553 “rogue” business users in the US alone.  , These breaches cost companies nearly US $2
billion to remedy.

Cloud-based
storage and collaboration platforms are not alone – even enterprise platforms,
such as SharePoint, provide very little in the way of social governance
capabilities, relying on their partner MDM and ISV ecosystem to provide these
safeguards harmon.ie just released an Android app that provides secure, full feature
access to Office 365 and SharePoint document collaboration and social features,
with secure containerization provided by 5 MDM providers.

Colligo takes another approach, providing offline access
and proprietary encryption across every platform, device, and version of
SharePoint, whether on premises, online, or in hybrid scenarios. If
enterprise-class content and knowledge management platforms do not yet
adequately track and measure social activities, it is no surprise that the
consumer-based cloud collaboration tools such as DropBox, Google Docs, and Box
are without these controls.

What can organizations do to mitigate risks
associated with the consumerization of IT and the intensification of rogue IT
activities within the enterprise? Some suggestions include:

  • Understand your compliance and governance
    requirements. Begin with a clear understanding of the
    hard-and-fast rules by which you must operate. If you are in a regulated
    industry, for example, be aware of the rules by which your cloud activities
    must be bound.
  • Improve the dialog with your end users. Find out the reasons behind their rogue activities, and try to
    understand if a more secure, scalable and manageable solution is possible.

  • Reinforce your change management policies. Now that you better understand your compliance and end-user requirements,
    provide visibility into the prioritization process – and keep people informed
    on how the system is performing, and where you see security and performance
    issues. Provide visibility to your end users so that they can help self-manage
    the system.

  • Review your cloud options. Know the capabilities of the tools your end users have adopted, and
    look for ways to make them more secure. It may be that there are similar
    features in a more secure platform, so do your research.

  • Where you cannot automate, optimize. In the end, many of these mobile and cloud-based tools are not yet
    mature enough to provide the security and governance features you need, but in
    the interest of end user productivity and happiness, you can instead focus on
    building manual processes, and make ongoing optimization part of your corporate
    governance strategy.

The goal is to
enable improved cloud collaboration without jeopardizing governance protocols.
Successful collaboration in the cloud does not require unfettered access —
security and compliance can be achieved in a cloud model with proper planning.
The key is to go in with your eyes wide open.

Christian Buckley is a four-time author, SharePoint MVP, and technology
evangelist for independent software vendor (ISV) Metalogix. His home
base is Seattle, Washington, but he can be found keynoting events around
the world on enterprise collaboration, social informatics, and business
intelligence topics. He can be reached via Twitter at @buckleyplanet or
on his blog at www.buckleyplanet.com.

About

No Comments

Leave a Comment

Show Buttons
Hide Buttons