Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Even 'rogue' clouds can be secured, experts say

Taylor Armerding | Jan. 28, 2013
It takes multiple measures layered on top of public cloud services to lock down enterprise data, say security pros

One of the latest challenge for the heads of IT departments is how to secure sensitive company information that employees have shared or stored on public clouds without their knowledge, permission or control. A new survey describes how big of a problem "rogue" cloud use has become.

More than 75 percent of businesses surveyed recently by the security vendor Symantec reported that their employees have shared or stored sensitive company information on public clouds services. The report, "Avoiding the Hidden Costs of the Cloud 2013" ( PDF document), which surveyed 3,236 organizations in 29 countries, found 83% of enterprises and 70% of small- to medium-size businesses (SMB) using such "rogue" service.

The term refers to public cloud services that are not part of a company's IT infrastructure and are being used without the knowledge, permission or control of the company's IT department.

"Perhaps the sales manager signs his department up for Salesforce without thinking to consult IT," the report gives as an example. "Or perhaps marketing shares important launch materials with outside vendors via an unauthorized Dropbox account."

"In either case the organization has put sensitive information into the cloud without organizational oversight," it said.

It has been called "shadow IT" as well, "but we thought rogue is a bit more descriptive," Dave Elliott, a senior product marketing manager for global cloud at Symantec, told CSO Online about the report.

By whatever name, it has either increased markedly in recent years, or IT departments have become more aware of it. "It has become a significant threat in the last couple of years," Elliott said.

The risks of this are not just theoretical. Symantec reported that among the survey respondents that reported rogue cloud deployments, 40% experienced the exposure of confidential information, and more than a quarter faced account takeover issues, defacement of Web properties, or stolen goods or services.

Also, 40% reported that they had lost data in the cloud and had to restore it from backups. "Two-thirds of those organizations saw recovery operations fail," the report said.

Other recent surveys have come to similar findings. A report released about two months ago by Nasuni, an enterprise storage management company, said that 20% of business users surveyed said they used Dropbox to share and store work documents. Half of those did it even though they know it violated company policy. And the worst offenders were those near or at the top of the corporate ladder.

A major cause of the problem, say experts, is that rogue clouds are easier and more convenient to use than in-house services. "The most commonly cited reason for these rogue cloud projects was to save(time and money: Going through IT would make the process more difficult," the Symantec report said.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.