Steps to Safe Cloud Services Adoption
|Submitted on: Tue, 06 Aug 2013 06:44:33||Views: 392|
Enterprises Cloud SaaS and IaaS are an unstoppable force sweeping through organizations large and small at a breakneck pace. The rapid adoption has allowed anyone in an organization with a Web browser and an Internet connection to take over (and pay for) traditional IT department functions such as email, storage and backup, and collaboration tools. As a result of this rapid shift, IT consultancy Gartner estimates that by 2015, 35% of IT spending will come from budgets outside of the IT department. That figure will grow to 90% by the end of the decade. The benefits of these fast-growing cloud services are undeniable and include service agility; wider choice of products; ease of collaboration; fast, cheap deployment, and swapping fixed capital expenditures for variable operating costs that can be ratcheted up or down to meet demand. While enterprises have long leveraged traditional cloud services such as Salesforce.com and Office 365, employees increasingly use popular but lesser known services, such as Evernote (social bookmarking and document sharing) and Prezi (online presentation tools). They also log into SaaS services while at work for personal needs including photo sharing (Instagram), and social media (Twitter). To quickly build and test applications, developers at enterprises rely on cloud IaaS products such as Amazon Web Services, Rackspace and Heroku. From developers to marketers to salespeople, employees are accessing and using these cloud services with or without their IT departmentâs permission or knowledge.
Few, if any, CIOs know exactly how many services are in use on their networks, let alone which services are in use. According to a Jan. 2013 survey undertaken by Symantec, 77% of businesses have suffered rogue cloud deployments or unauthorized uses of cloud services. This lack of information means that IT organizations have no way to secure their networks against risky services or manage and mandate safe cloud service use by employees. IT organizations also struggle to maintain cost control over cloud services and to unify cloud service usage under more economical enterprise-wide contracts. Some of the worldâs largest financial, health care and technology enterprises have successfully deployed Skyhigh Networksâ Cloud Services Manager product suite to leverage the benefits of cloud services and manage employee usage while minimizing the security risks and controlling costs.
The first step towards controlling cloud service usage and minimizing cloud services risk is to gain complete visibility into which services employees are already using. This is no simple task. Estimates of the total number of cloud services functioning right now range from ~2000 to over 5,000. New cloud services emerge every day. Any new application coming onto the market has a significant cloud component for backup and synchronization, at a minimum. It is also important to understand the breadth of the cloud security services universe. For example, if an employee visits a popular industry blog and writes a comment, chances are that the employee has registered and then logged into Disqus, the most popular blog commenting platform. Disqus is actually a cloud service. An employee working on an open source software project probably uses the GitHub repository system to store source code. This is another major cloud service that flies under the radar. Popularity of cloud services varies significantly by region and by platform. While DropBox is a popular sharing platform in the U.S., in Eastern Europe a service called 4Share is far more popular. For these reasons, establishing a solid cloud services policy and management strategy requires complete visibility and understanding of cloud service usage.
The only way to attain this visibility is through detailed log-file analysis, mapping back services accessed to business units and individual users. Initially, this is a âsnapshotâ that provides a baseline of cloud services accessed by employees. Log-file analysis alone is not sufficient. The analysis must be pushed into a simple-to-consume dashboard that allows lesser trained IT administrators to view a list of all services running and key details about those services (type of service, location of physical servers, potential risks of service, etc). For any cloud services management strategy to remain effective over extended periods, the snapshotting process must be moved towards a regularly discovery period done weekly, daily, hourly or even in real-time. This is essential because the cloud services landscape is evolving very quickly and a log-file analysis has a very short half-life both in terms of services accessed but also risk profiles of the specific services and even service details (ports accessed, types of service calls, communications protocols used).
Gain Service Insight and Analysis
The second step towards putting in place a strong cloud services management strategy is gaining insights into which services present the most risks. This is possible and relatively simple once an IT organization has obtained full discovery of all services in use. At that point, the IT security team should bucket the services into broad categories in order to compare similar services and perform comparative risk analyses. For example, employees in one unit may be using Box.net while those in another use Google Drive while those in another use SugarSync and 4Share. Box.net may present a very low risk while 4Shared is a very high risk. SugarSync, in comparison may be an acceptable risk. Once those risk assessments are completed, IT and cloud security services managers should identify the services with the lowest risk in a category and consider establishing a commercial relationship with the provider. With or without such a relationship, the IT security team can promote the lesser risk services across your employee pool while discouraging or blocking the use of higher risk services in the same category. Just like the log-file analysis and visibility exercises, cloud services risk assessment is a continuous activity that may require temporary halts or lockdowns on specific services. For example, the recent password breach at Evernote increased risk of that service until the breach was addressed. Enterprises using Evernote should have reassessed their Evernote usage to minimize their risk exposure.
By sequentially following the methodology explained in this article, CIOs can quickly gain control of their cloud services exposure. More importantly, CIOs can transform their role inside the organization from that of a naysayer to a business enabler and an inclusive contributor to improved business operations via smarter cloud services usage and proactive cloud service selection. A well-executed cloud services strategy, used in conjunction with specialized tools such as Skyhigh Networksâ Cloud Security Manager, can deliver significant business benefits while actually improving enterprise IT security through full transparency and visibility. for more details visit http://www.skyhighnetworks.com
» Latest news on : Security
» Google News for: Steps to Safe Cloud Services Adoption
Lates tweets about Computers / Security
From @GallowayGalleg1 on Sat Feb 16 03:36:32 EST 2019|
RT @thehill: Mueller has evidence Stone communicated with WikiLeaks: filing https://t.co/ixUPHAMi6h https://t.co/qNZ0TCozjE
From @MzLeyla on Sat Feb 16 03:36:31 EST 2019
RT @renoomokri: Don’t compare 2015 postponement to @MBuhari’s #CoupAgainstNigeria. In 2015, National Council of State met and was briefed b…
From @JakovoHoHo on Sat Feb 16 03:36:30 EST 2019
@sevslv @just_security Interesting indeed Not least that a justification of a controversial punitive institution th… https://t.co/QwxeEBteq3
From @CookDirkH on Sat Feb 16 03:36:30 EST 2019
RT @Report_Antisem: Geschmacklos: Securityfirma eines #Neonazis bewacht Gedenkstätte #Sachsenhausen - Bei der Gedenkstättenstiftung ist man…
From @shailes43254705 on Sat Feb 16 03:36:30 EST 2019
@AdityaRajKaul What are waiting for in striping the security of huriyat pigs and cut off diplomatic ties..
From @prosun01 on Sat Feb 16 03:36:30 EST 2019
PM on Pulwama Attack: We have given security forces full freedom to respond
via NaMo App https://t.co/dMsnQxbBUU
From @JMandeville3 on Sat Feb 16 03:36:30 EST 2019
RT @TexBlueCollar: @KamalaHarris Do you have walls around your house? Do you know the best security strategy is to limit unknown entry and…
From @brandycooklyn on Sat Feb 16 03:36:30 EST 2019
really loving these 30somethings with cushy gigs and job security who put the "in" in "industry in-crowd" getting f… https://t.co/8jFb9aofeP
From @sulthon_m82 on Sat Feb 16 03:36:30 EST 2019
RT @iqbalmt06: The Best Smart Leader Security Systems for Indonesian 2019-2024.
From @suraj618 on Sat Feb 16 03:36:30 EST 2019
RT @ExSecular: What a joke .. I don’t trust her .. she cud have got arrested him .. she is responsible for 44 deaths plus her son’s death .…
Copyright © 2008 - 2011 VIC Consulting - WEB Development, website promotion & SEO services
Autos neuves et usagées |
Ottawa used cars, furniture & real estate |
Toronto Computers Security