The EPA doesn’t know what clouds it has – and neither do you

Grazed from InfoWorld. Author: David Linthicum.

Do you know how much cloud computing is really going on in your organization? If you’re like IT management in most companies and government agencies, you don’t have a clue. For example, the Environmental Protection Agency (EPA) doesn’t know how many cloud computing contracts it has or how secure they are, according to a recent audit by the agency’s inspector general, in a report released last week.

In at least one instance, the EPA may not have had access to a subcontractor’s cloud for investigative purposes. Worse, that same subcontractor was not compliant with the Federal Risk and Authorization Management Program (FedRAMP), which sets security standards for cloud providers. Most IT leaders don’t have a real understanding of how many cloud computing (or other technology) resources are being used — and to what extent — right under their noses. It’s called "shadow IT" for a reason: Those technologies are in the shadows…

Why don’t most enterprises and government agencies understand the full use of cloud computing in their own organizations? Because it’s so easy to become a public cloud subscriber. While the EPA has to deal with special regulations applicable only to government agencies (thus the audits), enterprises have to deal with industry compliance issues that are just as risky if violated — perhaps more so…

Read more from the source @ http://www.infoworld.com/d/cloud-computing/the-epa-doesnt-know-what-clouds-it-has-and-neither-do-you-247150