Five Signs Your Cloud Computing Security Is Out of Control

June 12, 2012 Off By David

Grazed from Midsize Insider. Author: Josette Rigsby.

There is almost universal agreement that cloud computing is a good thing. It can simplify administration, help control cost, and even expand the capacity of technology teams to deliver services. However, even with all the many benefits of cloud computing, the cloud can introduce challenges. Computerworld reports that many technology leaders are beginning to realize that software-as-a-service (SaaS) adoption is reducing their control of enterprise data.

According to Computerworld, technology departments are discovering that they cannot control access to popular cloud applications like Salesforce, Box, and GoogleApps because in many cases, the department that purchased the application handles provisioning. The articles goes on to identify five signs that signal IT has lost control of security for cloud applications:..

End users start sticking Post-It notes everywhere with their login credentials;
Employees leave the company, but their access to cloud-based applications stays in place;
Managers aren’t approving access to hosted applications for new employees;
Nobody is monitoring SaaS applications to ensure that access permissions stay consistent with changing employee positions, roles and responsibilities;
You are losing sales to the new employer of a salesperson who long ago left the company.

Although these scenarios may sound extreme, they describe exactly what is occurring in many businesses each day–especially in the small and midsize business sector. Technology leaders transitioning to cloud services must keep security in mind. Transferring responsibility for application hosting doesn’t mean IT departments can wash their hands of the responsibility to protect company information.

Organizations that fail to address SaaS security promptly are not just making the issue more difficult to address; they are also increasing the risk of a data leak or all-out breach. Exposing sensitive data is more than an inconvenience. It can result in lost revenue opportunities, difficulty creating partnerships, and even regulatory fines.

In ideal situation, organizations should proactively define guidelines and a process for granting rights to cloud-based applications and communicate the importance of adherence across the organizations. However, IT departments rarely operate in an ideal environment. Correcting lax SaaS security is a challenge, but it’s not impossible.

IT departments can begin by creating an accurate inventory of the SaaS applications in use within their organization, and then incrementally incorporate the applications into their security processes. It is important for IT teams to partner with other departments and "sell" the benefit of having consistent security practices instead of attempting to mandate participation. A heavy-handed approach will only encourage users to rebel against policies.

Cloud computing is here to stay, and so are vendors and users that bypass IT. The faster technology leaders accept this reality, the faster they can begin to manage it. What’s the alternative? Sit back and wait until your company becomes a news story due to a security failure.

CategoryNews

Telcos and the Cloud: Brave New World?

AWS now stores 1 trillion objects in S3