With the Christmas festivities well and truly over, many people are hitting the gym, embarking on a ‘dry’ January or counting the calories in preparation for the summer.
For businesses, this can also be a good time to re-evaluate and take stock. The use of cloud services has risen dramatically during the past year, much of which is driven by employees downloading applications that help them do their jobs more effectively. This has undoubtedly led to a more productive workforce, but it has also left the IT department somewhat in the dark on the true extent of cloud use and the extent of corporate data residing in the cloud.
On average, IT departments underestimate the use of cloud services by 10 to 20 times and, while the average organisation has accessed a staggering 831 services, many of these may not actually be in active use. Whether it’s because a service was never a good fit for the organisation and a better alternative has been found, or because usage and demand have gradually declined over time, cloud services often become ‘shelfware’.
>See also: 6 predictions for cloud security in 2015
Shelfware isn’t good news for businesses. It not only means purchased licenses are not utilised, but it also heightens risk to a business’s data. For example, those cloud services may contain confidential data, left unmonitored and susceptible to a breach. What’s more, cloud services may be accessed through shared emails and shared passwords, increasing the risk to data.
As former employees start new jobs but still have credentials to access old cloud services – there’s a risk of insider threat. Whether inadvertently or through malicious intent, these users increase the potential for data exposure, which could violate data protection legislation or compromise corporate secrets. It’s essential that companies streamline their cloud services and ensure that all services in operation have new passwords which are distributed on a strictly need-to-know basis.
Many organisations have multiple similar services in use, for example where different departments have each started using alternative cloud storage providers. This can impede, rather than enhance, collaboration and confuse employees who need to manage passwords for multiple services. There is a huge opportunity for employees to become more productive with cloud services, but having too many across the organisation can often negate the benefit as employees struggle to share content.
A healthy cloud portfolio
There are thousands of cloud services available, and each needs to be assessed in terms of security and enterprise-readiness. Organisations can use available cloud registries to understand the risk to the business and to educate their employees.
It is critical, however, that businesses understand banning cloud services is not the way forward. While you may block the services you know, employees will inevitably look for alternatives, which are likely to pose even greater risk to the organisation.
Instead, understanding the causes behind shadow IT is one of the most powerful tools companies have to stay abreast of internal cloud adoption. Not only does a proactive approach allow the company to understand what employees need to get their job done more effectively, but it ensures that there is a secure, standard service that employees can turn to.
>See also: What’s on the horizon for cloud?
With an acceptable cloud-usage policy, employees can trust the services, and the company, in return, can trust its employees to limit the company’s exposure to risk. Furthermore, with sanctioned services, companies can negotiate favourable license agreements and eliminate the ‘shelfware’ that was once left festering.
So, while you’re ploughing through the inevitable January blues this year, spare a thought for your cloud services. It is possible to protect your data while allowing employees to do their job effectively. In fact, by managing where data resides you can make it even more valuable to employees. Consolidating a cloud portfolio allows employees to focus on revenue-generating activities, all while creating a more cohesive relationship between IT and employees.
Sourced from Nigel Hawthorn, Skyhigh Networks