Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CIO discovers the 'terrifying' reality of cloud apps running wild

Tom Kaneshige | May 12, 2014
Rogue cloud services are ripping gaping holes in the security fabric of most companies, putting the CIO in a tough spot. But as the fallout from the Target attack shows, IT and business leaders will go down together if the breach hits the fan.

Of course, it's easier said than done. Making matters worse, there seems to be a disparity over the CIO's business savvy, an absolute requirement to be a cloud consultant.

A recent Red Hat survey showed 78 percent of tech executives rating their knowledge of the business as either "excellent" or "good," and 66 percent saying their receptiveness to new ideas coming from business units as "excellent" or "good." Yet an explosion of rogue cloud services underscores what many line-of-business managers think about CIOs: untrusted blockers to business process who must be kept out of the loop.

At the heart of this busy intersection lies the risk of data loss and the odds of falling out of compliance, which skyrockets with cloud services. How perilous is the situation? Just follow the logic.

Organizations on average use 759 cloud services, up from 626 last quarter, according to Skyhigh data based on 8.3 million users. Overall, of the 3,571 cloud services found in Skyhigh's database, only 7 percent are deemed enterprise-ready. What's worse is that 5 percent are considered highly risky. All tallied, one out of three cloud services was vulnerable to Heartbleed

It's Going to Get Worse

Barbarians are at the gate, too. Malware writers have taken dead aim at cloud services trafficking in business critical data: 16 percent of companies had anomalous cloud access to services storing data such as credit card numbers, health records and Social Security numbers, which means malware was used to surreptitiously access business services like Salesforce or Workday, according to Skyhigh.

For the most part, CIOs can't do anything about it. As in the case of Creative Artists Agency, the vast majority of cloud services fly under the CIO's radar. On average, the IT department is aware of only 5 percent to 8 percent of cloud services used at the company.

"This is not conjecture, not hyperbole, not me getting sentimental — this is fact-based data," says Skyhigh CEO Rajiv Gupta. "This is the risk you're undertaking right now."

Even cloud services known by CIOs aren't necessarily safe havens. WinMagic's security survey found that 35 percent of IT decision makers allow employees to use personal cloud storage in the workplace. Only six in 10 said their company has enforced encryption capabilities for tablets and mobile phones.

At the end of this road, huge dollars hang in the balance. The average cost of a data breach for a company in the United States jumped from $5.4 million last year to $5.9 million this year, according to the Ponemon Institute.

Perhaps unfairly, CIOs are on the hook to ensure security and compliance are upheld from leaky cloud services, as well as rogue cloud services they don't even know about. CIOs can't control — as in, block — many of the rogue cloud services; they can only advise line-of-business managers about risk.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.