Any IT professional who has heard “send it to my Gmail” echo across the office will know how impossible it is to keep employees from using outside applications for work when those provided don’t quite meet their needs.
The odd email may not be the cause of much lost sleep, but because cloud computing and software-as-a-service can offer some serious business applications and huge amounts of data storage for modest cost, dangers may lurking with the rouge use of cloud applications.
At the same time, there is growing interest in cloud apps for business, so CIOs need to work with suppliers and internal departments to mitigate risk.
Security concerns among information chiefs fall into two areas. Firstly, how to secure data? While ‘in-flight’ between client and application host data are commonly secured by HTTPS or other secure channels, often provided by vendors. Data in use is also a concern, but here, the use of encryption is less common. Meanwhile suppliers have to make progress on the secure disposal of data.
The second security concern is about access. When staff are use multiple apps from a range of providers, the temptation will always be there to use the same password. Incredibly, some still stick their password on a note on the desk. Managing usable, secure single sign-on across multiple apps is a real challenge.
Fortunately there are checklists available to help guide CIOs through the cloud of security issues.
One, from Forrester, suggests breaking down security into:
· Data protection
· Vulnerability management
· Identity management
· Physical and personnel security
· Application security
· Incidence response
It lists a range of questions with which IT leaders can probe suppliers, such as: “Do you perform background checks on all relevant personnel? How extensive are they?” It also lists technical standards suppliers should comply with.
While the cloud does raise IT security issues, it is worth remembering that in-house IT has been plagued by its own problems. Viruses, hackers and poor data management are more frequent than many would like to admit. The secret to cloud security could be in carrying what you have learnt internally into the outside world.