January 12, 2015

Online Security In The Workplace

By Gareth Cartman

Workplace Cloud Security

Our workplaces are changing and much of it for the better. Increased flexibility – pushed by cloud services – is behind many of the changes. Home working, increased collaboration – it’s all good, and it’s all delivering significant business benefits.

We know that. That’s so 2013.

But fewer than 10% of businesses know what their employees are doing on the cloud. They call it ‘shadow IT activity’ – in other words, activity that is happening on the cloud, within the business, which cannot be accounted for as secure.

Consider the disgruntled employee with access to company passwords through Google Drive or the careless employee with Dropbox access to supposedly secure files. Consider perhaps the careless celebrity with photographs in iCloud.

It’s in the shadows because we don’t know the threat. In fact, many of us don’t even know if we’ve been compromised or not.

The threat and the opportunity

For me, this is both a threat and an opportunity for IT. In the most opportunistic of terms, IT can stake out its position as the guardian of corporate security here. If the cloud has taken away much of IT’s responsibility – and potentially has put IT at risk within an organisation – then the risk of shadow activity within the business should give IT the chance to re-establish a position.

And there’s a business case – worryingly so. The threat is that our data could walk out of the door because we’re using file sharing and collaboration tools, often without regulation. Shared passwords, shared access – it may all increase productivity but unmonitored, it represents a significant risk.

50% of organisations questioned in this survey said that they don’t have a policy on acceptable cloud usage. With employees connecting to personal devices and carrying on the work either on their commute or at home, it’s almost impossible to restrict unauthorised SaaS usage – so would a policy help?

Governance – but what kind of governance?

Certainly, governance would be of benefit. Without IT’s overseeing of SaaS activity, the business benefits of cloud activity are almost wiped out by the risk of being compromised. There are businesses who have ceased to trade as a result of compromised data – so a balance has to be struck.

Innovation and agility need to be pursued, and it’s IT’s task to provide this environment. Therefore, shadow IT could very well be not just accepted but embraced, within a fast-paced environment. But governance goes beyond ensuring passwords are regularly changed and that leavers’ access is removed. It’s about a framework that guarantees both innovation and security. If we’re going to use the cloud to its full capability, we need to eliminate as many of the risks as possible – or the business case goes out of the window.

By Gareth Cartman

Gareth Cartman

Gareth Cartman is Director of Digital Marketing at Clever Little Design, and has written for a wide range of publications, from HR.com, Yahoo Small Business, ComputerWeekly and Wired Insights. His background is in technology, HR and marketing, and he’s also a Dad of two, an Evertonian and a Boston Red Sox fan.
Anastasios Arampatzis

Insider Threats: The Trojan Horses in Intellectual Property Theft

The Invisible Enemy In the rapidly evolving landscape of global business, intellectual property (IP) stands [...]
Read more
Derek Slager

2024 IT Trends: Using AI to Optimize Your First-Party Data Strategy

2024 AI Optimization Trends IT professionals are in for another challenging year thanks to advancements [...]
Read more
Alex Fink, CEO of the Otherweb

AI is Eating the World: The Evolution of Content in the Age of AI

AI is Flooding The World In the constantly evolving landscape of technology, “AI is eating [...]
Read more
Lex Hegt

How Can Organizations Effectively Monitor and Analyze Their Azure Billing Data?

Monitor and Analyze Azure Billing Data With the ever-increasing investments in Azure, many organizations struggle [...]
Read more
Steve Prentice

Episode 16: Bigger is not always better: the benefits of working with smaller cloud providers

The benefits of working with smaller cloud providers A conversation with Ryan Pollock, VP Product [...]
Read more
Jeremy Smillie

Securing the Future: Insights from DevSecOps Expert, Jeremy Smillie

Welcome to another insightful discussion on CloudTweaks. Today, we have the privilege of delving into [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.