With every new innovation comes a new challenge, and cloud is no exception. It seems clear by now that the key challenge of the cloud innovation is security.
Cloud adoption is growing massively in the enterprise, both in its sanctioned and unsanctioned (shadow IT) forms, and so are cloud security issues. Which do you need to watch out for at your organization? Here are three of the biggest ones.
- Easily guessed or stolen passwords
Whether sanctioned or unsanctioned, just about every cloud application will require each user to register and select a password. These user credentials are a front-line defense against unauthorized access to private data and must be chosen carefully and protected diligently. Unfortunately, while enterprises can control the strength of the passwords employees use to access corporate resources, they cannot control employees’ choice of passwords on unauthorized services. And not everyone will choose a truly strong password, or keep it private and unguessable. In fact, many people’s personal password management practices are sadly lacking. If your employees are adopting cloud services outside of IT’s control, their poor password management can leave corporate data vulnerable to theft.
- Improper information sharing
In today’s enterprise, it’s not uncommon for employees to collaborate with outside partners on mutually beneficial projects. Productive partnerships are often critical to growth and expansion. But how, exactly, are your employees collaborating with their outside partners? External collaborators won’t have a company email account or access to corporate file sharing infrastructure, after all, and that means that IT may not have visibility into data shared with third parties. In many cases, employees or their outside partners will set up a shared folder on a cloud-based file sync and share service in order to more easily organize information and drafts. Are all your employees up to date on your organization’s or your industry’s data privacy and regulatory compliance requirements? Uncontrolled information sharing with external collaborators can put protected information at risk of exposure.
- When accessibility makes data accessible to more than just the authorized parties
Finally, one key benefit of public cloud computing is the anytime/anywhere/any device data and application accessibility that the cloud provides. Employees can now be productive just about anywhere they go. They can upload the latest sales figures or customer records from their table at Starbucks or log in to Salesforce to update an invoice while waiting for their flight at the airport. This boosts productivity, but when employees are using unsanctioned cloud apps to remain productive while on the go, it can also boost risk. Unsecured connections are a gold mine for hackers eavesdropping on public Wi-Fi traffic. One unlucky login and a cybercriminal could have your employee’s login credentials, which can be used to steal or expose sensitive corporate data. IT can require a VPN connection or other private, encrypted access protocols for corporate resources and applications, but not for the cloud apps it doesn’t know about.
These are just three of the major security challenges that make shadow IT such an urgent topic in today’s security conversation, and as you can see, none of them arise from employee malice. In fact, all three of the issues above originate in a well-meaning employee’s desire to be as productive and as available as possible.
Shutting down all cloud use isn’t the answer, as we’ve discussed on this blog before. Your employees are going wild with cloud adoption because they feel a need for it. Instead of attempting to reverse progress, it’s time to listen to what your employees’ shadow IT adoption patterns are saying. That way, you’ll know exactly what kind of applications you must enable in order to cut down on shadow IT and its dangers at your business.
Want to learn more about taking back control of cloud visibility, DLP, and compliance? Check out the practical approaches we suggest in this CipherCloud cloud data security webinar today.