Steps to Safe Cloud Services Adoption
|Submitted on: Tue, 06 Aug 2013 06:44:33||Views: 369|
Enterprises Cloud SaaS and IaaS are an unstoppable force sweeping through organizations large and small at a breakneck pace. The rapid adoption has allowed anyone in an organization with a Web browser and an Internet connection to take over (and pay for) traditional IT department functions such as email, storage and backup, and collaboration tools. As a result of this rapid shift, IT consultancy Gartner estimates that by 2015, 35% of IT spending will come from budgets outside of the IT department. That figure will grow to 90% by the end of the decade. The benefits of these fast-growing cloud services are undeniable and include service agility; wider choice of products; ease of collaboration; fast, cheap deployment, and swapping fixed capital expenditures for variable operating costs that can be ratcheted up or down to meet demand. While enterprises have long leveraged traditional cloud services such as Salesforce.com and Office 365, employees increasingly use popular but lesser known services, such as Evernote (social bookmarking and document sharing) and Prezi (online presentation tools). They also log into SaaS services while at work for personal needs including photo sharing (Instagram), and social media (Twitter). To quickly build and test applications, developers at enterprises rely on cloud IaaS products such as Amazon Web Services, Rackspace and Heroku. From developers to marketers to salespeople, employees are accessing and using these cloud services with or without their IT departmentâs permission or knowledge.
Few, if any, CIOs know exactly how many services are in use on their networks, let alone which services are in use. According to a Jan. 2013 survey undertaken by Symantec, 77% of businesses have suffered rogue cloud deployments or unauthorized uses of cloud services. This lack of information means that IT organizations have no way to secure their networks against risky services or manage and mandate safe cloud service use by employees. IT organizations also struggle to maintain cost control over cloud services and to unify cloud service usage under more economical enterprise-wide contracts. Some of the worldâs largest financial, health care and technology enterprises have successfully deployed Skyhigh Networksâ Cloud Services Manager product suite to leverage the benefits of cloud services and manage employee usage while minimizing the security risks and controlling costs.
The first step towards controlling cloud service usage and minimizing cloud services risk is to gain complete visibility into which services employees are already using. This is no simple task. Estimates of the total number of cloud services functioning right now range from ~2000 to over 5,000. New cloud services emerge every day. Any new application coming onto the market has a significant cloud component for backup and synchronization, at a minimum. It is also important to understand the breadth of the cloud security services universe. For example, if an employee visits a popular industry blog and writes a comment, chances are that the employee has registered and then logged into Disqus, the most popular blog commenting platform. Disqus is actually a cloud service. An employee working on an open source software project probably uses the GitHub repository system to store source code. This is another major cloud service that flies under the radar. Popularity of cloud services varies significantly by region and by platform. While DropBox is a popular sharing platform in the U.S., in Eastern Europe a service called 4Share is far more popular. For these reasons, establishing a solid cloud services policy and management strategy requires complete visibility and understanding of cloud service usage.
The only way to attain this visibility is through detailed log-file analysis, mapping back services accessed to business units and individual users. Initially, this is a âsnapshotâ that provides a baseline of cloud services accessed by employees. Log-file analysis alone is not sufficient. The analysis must be pushed into a simple-to-consume dashboard that allows lesser trained IT administrators to view a list of all services running and key details about those services (type of service, location of physical servers, potential risks of service, etc). For any cloud services management strategy to remain effective over extended periods, the snapshotting process must be moved towards a regularly discovery period done weekly, daily, hourly or even in real-time. This is essential because the cloud services landscape is evolving very quickly and a log-file analysis has a very short half-life both in terms of services accessed but also risk profiles of the specific services and even service details (ports accessed, types of service calls, communications protocols used).
Gain Service Insight and Analysis
The second step towards putting in place a strong cloud services management strategy is gaining insights into which services present the most risks. This is possible and relatively simple once an IT organization has obtained full discovery of all services in use. At that point, the IT security team should bucket the services into broad categories in order to compare similar services and perform comparative risk analyses. For example, employees in one unit may be using Box.net while those in another use Google Drive while those in another use SugarSync and 4Share. Box.net may present a very low risk while 4Shared is a very high risk. SugarSync, in comparison may be an acceptable risk. Once those risk assessments are completed, IT and cloud security services managers should identify the services with the lowest risk in a category and consider establishing a commercial relationship with the provider. With or without such a relationship, the IT security team can promote the lesser risk services across your employee pool while discouraging or blocking the use of higher risk services in the same category. Just like the log-file analysis and visibility exercises, cloud services risk assessment is a continuous activity that may require temporary halts or lockdowns on specific services. For example, the recent password breach at Evernote increased risk of that service until the breach was addressed. Enterprises using Evernote should have reassessed their Evernote usage to minimize their risk exposure.
By sequentially following the methodology explained in this article, CIOs can quickly gain control of their cloud services exposure. More importantly, CIOs can transform their role inside the organization from that of a naysayer to a business enabler and an inclusive contributor to improved business operations via smarter cloud services usage and proactive cloud service selection. A well-executed cloud services strategy, used in conjunction with specialized tools such as Skyhigh Networksâ Cloud Security Manager, can deliver significant business benefits while actually improving enterprise IT security through full transparency and visibility. for more details visit http://www.skyhighnetworks.com
» Latest news on : Security
» Google News for: Steps to Safe Cloud Services Adoption
Lates tweets about Computers / Security
From @jamesdarwin101 on Fri Nov 16 07:46:55 EST 2018|
RT @mr_spongebob15: Some pictures of MYX VJs!
Dami mong security Sharlene!☹️💞
From @ThunderGawdKen on Fri Nov 16 07:46:55 EST 2018
RT @mattzap: CAN CONFIRM: Julian Assange has been charged, and prosecutors revealed it inadvertently in a court filing https://t.co/ndCo7PH…
From @housenga on Fri Nov 16 07:46:55 EST 2018
RT @JillWineBanks: Julian Assange has been charged, prosecutors reveal inadvertently in court filing https://t.co/kjkU6pR94K
From @susan_mangione on Fri Nov 16 07:46:55 EST 2018
RT @JudithCJones2: @LindaMusgrove9 @wvakitty @LiQuiDQuB @bjo9728 @dkfoster17 @UncleSamatha @AMBAMERICA @Real_AzKyle @gilli5 @ZeeInTheMoment…
From @cotetenplus on Fri Nov 16 07:46:54 EST 2018
RT @kbts_sci: いったい何が…。米ニューメキシコ州の山中の天文台が先週から謎の閉鎖中。職員らが退避させられ、ＦＢＩや米軍が臨場したそうです。関係者の口は堅く、何らかの捜査が行われている模様。現場は１９４７年のＵＦＯ事件で知られるロズウェルに近く、謎が謎を呼ぶ展開に。…
From @Yuzzpy on Fri Nov 16 07:46:54 EST 2018
RT @gigazine: サイバーセキュリティー担当大臣にも関わらず「PCを触らない」「USBが何か知らない」日本の政治家に世界中が騒然
From @lifeofwomen on Fri Nov 16 07:46:54 EST 2018
RT @LogicomDisti: Migrate your customers to the most powerful #SMB portfolio today. Whether it’s #switching, routing, #wireless, security o…
From @darrenoleary825 on Fri Nov 16 07:46:54 EST 2018
RT @GazaTVNews: 💥Breaking News💥
At least 2 Palestinian protestors have just been killed by Israeli sniper gunfire east of Gaza, as Palestin…
From @AmaClete on Fri Nov 16 07:46:53 EST 2018
RT @MollyJongFast: The greatest scam since Amway. https://t.co/opYqAmqBto
From @m49D4ch3lly on Fri Nov 16 07:46:53 EST 2018
RT @R3sp_Cyb3r: Cyber Feminist: Enterprise Security ‘Needs More Diversity’ - https://t.co/QP8Z5GmG4A
Copyright © 2008 - 2011 VIC Consulting - WEB Development, website promotion & SEO services
Autos neuves et usagées |
Ottawa used cars, furniture & real estate |
Toronto Computers Security