Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CIO discovers the 'terrifying' reality of cloud apps running wild

Tom Kaneshige | May 12, 2014
Rogue cloud services are ripping gaping holes in the security fabric of most companies, putting the CIO in a tough spot. But as the fallout from the Target attack shows, IT and business leaders will go down together if the breach hits the fan.

CIO Michael Keithley has held the top tech post at Hollywood talent company Creative Artists Agency for nearly a quarter of a century, so you'd think he knows just about everything going on technically at the firm. He thought so, too.

Keithley figured there were 50 or so cloud services running on Creative Artists Agency's global enterprise network, but decided to make sure.

He ran Skyhigh's cloud security software that shines a light on shadow IT, and the report spit out an outrageous number: more than 1,600 cloud services in play. Some of the nastiest sites came out of the Eastern Bloc and were clearly trying to trick people to give up sensitive data.

"CIOs can tell business managers, if you choose to take the risk ... and the data is compromised, it's going to be you and me in front of the board of directors, not just me alone." — Rajiv Gupta, Skyhigh

"Once you get over the shock of the gap, you look at the risk profiles of those services, and that's just downright terrifying," Keithley says.

CIOs Become Cloud Enablers

Rogue cloud services have ripped open gaping holes in the security fabric of a company, putting both the firm at grave risk and the CIO in a tough spot. However, rogue cloud services also show the critical need for a tech-savvy consultant — or cloud services broker — to patch holes, maintain compliance, negotiate cloud contracts and enforce service level agreements, since many cloud service providers deliver shoddy service, reports Research in Action.

Faced with a massive amount of rogue cloud services, Keithley's first instinct was to block them — but that would solve nothing. After all, IT's history of blocking unfamiliar technology most likely spawned these rogue cloud services in the first place. Instead, Keithley needed to change the reputation of his IT department from a blocker to an enabler.

For starters, Keithley enlisted chief counsel to educate employees on why the most high risk cloud services needed to be shut down; let the lawyer be the bad guy, not the CIO.

With medium to low-risk sites, Keithley's team created a more compelling alternative. Some 60 rogue cloud services were of the file, sync and share variety, meaning they trafficked potentially sensitive corporate data.

Keithley sent out an RFP, settled on Box and ironed out an enterprise licensing agreement. Then he integrated Box with single sign-on and added provisioning and connectivity to the HR system so new employees would automatically be given a Box account.

Getting Line of Business Buy-In

Keithley pitched the Box package to line-of-business managers and other key influencers, asking them to use this instead of their rogue cloud service. The managers bought in, and that's how Keithley became a cloud enabler. CIOs need to acknowledge that their role is changing, he says, and so they must evolve or up on the scrap heap, known as the other kind of CIO — that is, "career is over."

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.