Online Security In The Workplace

Workplace Cloud Security

Our workplaces are changing and much of it for the better. Increased flexibility – pushed by cloud services – is behind many of the changes. Home working, increased collaboration – it’s all good, and it’s all delivering significant business benefits.

We know that. That’s so 2013.

But fewer than 10% of businesses know what their employees are doing on the cloud. They call it ‘shadow IT activity’ – in other words, activity that is happening on the cloud, within the business, which cannot be accounted for as secure.

Consider the disgruntled employee with access to company passwords through Google Drive or the careless employee with Dropbox access to supposedly secure files. Consider perhaps the careless celebrity with photographs in iCloud.

It’s in the shadows because we don’t know the threat. In fact, many of us don’t even know if we’ve been compromised or not.

The threat and the opportunity

For me, this is both a threat and an opportunity for IT. In the most opportunistic of terms, IT can stake out its position as the guardian of corporate security here. If the cloud has taken away much of IT’s responsibility – and potentially has put IT at risk within an organisation – then the risk of shadow activity within the business should give IT the chance to re-establish a position.

And there’s a business case – worryingly so. The threat is that our data could walk out of the door because we’re using file sharing and collaboration tools, often without regulation. Shared passwords, shared access – it may all increase productivity but unmonitored, it represents a significant risk.

50% of organisations questioned in this survey said that they don’t have a policy on acceptable cloud usage. With employees connecting to personal devices and carrying on the work either on their commute or at home, it’s almost impossible to restrict unauthorised SaaS usage – so would a policy help?

Governance – but what kind of governance?

Certainly, governance would be of benefit. Without IT’s overseeing of SaaS activity, the business benefits of cloud activity are almost wiped out by the risk of being compromised. There are businesses who have ceased to trade as a result of compromised data – so a balance has to be struck.

Innovation and agility need to be pursued, and it’s IT’s task to provide this environment. Therefore, shadow IT could very well be not just accepted but embraced, within a fast-paced environment. But governance goes beyond ensuring passwords are regularly changed and that leavers’ access is removed. It’s about a framework that guarantees both innovation and security. If we’re going to use the cloud to its full capability, we need to eliminate as many of the risks as possible – or the business case goes out of the window.

By Gareth Cartman

Disaster Recovery Plan.png
Disaster Plan.png
Data Bed.png
Growing Up.png
Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Matrix
When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...
JK Chelladurai
Usage-Based Pricing We are now in an era where many businesses are flipping their business model and shifting from subscription-based pricing to usage-based models, to better cater to the modern ‘pay-as-you-consume’ buyer. So what exactly ...
Dmitry Chekalin
How Much Should a Modern Website Cost? A website is a valuable instrument for growing your business. Your website presents your brand to users. Also, it compels your prospects to become your customers. So, how ...
Stacey Farrar
Effective Data Migrations The cloud service industry is experiencing substantial growth. Gartner forecasts that spending on public cloud services will grow to $494.7 billion in 2022, up 20.4% from 2021. In 2023, end-user spending is ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.