All this talk about big data this month has us questioning the security of it all, especially when data lives in cloud, as most of it does now. A new report from SkyHigh about the risk cloud services present to organization sheds new light on our concerns.
Is the Cloud Putting Your Information at Risk?
The Cloud Services Adoption and Risk Report reveals that organizations lack the information to understand and mitigate a broader set of risks posed by the use of cloud services. Furthermore, it highlights the need for more security, compliance, governance.
According to the report:
- 2,204 cloud services are in use by over 3 million users
- 545 cloud services are in use by an organization on average
- the highest number of cloud services used by an organization is 1,769
To say that companies have a lot of information stored in the cloud is an understatement. Considering how much they rely on the cloud, you'd think that they are making strategic decisions about what services they use and the security they use to protect it. You'd be wrong.
The report shows that not only do IT departments decide which cloud services to block based on productivity loss, rather than the risk the applications present, but that low risk services (back up and archiving, social media and file sharing) are blocked 40% more than high risk services (content sharing, development and tracking). To add insult to injury, among the top 10 most popular file sharing apps, 40% are considered to be high risk.
Putting Our Trust in the Cloud
So what cloud services are organizations using? And which present the greatest security risks? It won't come as a surprise that organizations are using a bevy of commercialized cloud services, like DropBox and Box to store and share files. While these services are great, it's clear that most organizations have neither upgraded to the enterprise versions of these services nor have they considered how employees may be using them to share confidential documents. As well, it seems that the enterprise is extremely trusting of free tools, which may often have the greatest vulnerability. There's no denying that tools like AddThis, Google Analytics and Facebook can be helpful, but they're not especially built for the enterprise. Relying on third party tools can be tricky, but not all are designed to protect information.
What can organizations do to mitigate their risk? It will help to take inventory of all the cloud services your company is using. You might be surprised how many there are as well as how easy it is to use them without permissions. Companies, then need to figure out how much and what types of information are being stored, shared or otherwise archived in the cloud. Examine the risks of each service - who owns the information once it's uploaded? who has permission to access? how vulnerable are these services and what can be done if data has been breached? It may become quite apparent that though many of these cloud apps are popular, easy to use and improve productivity, they may not be worth the risk in the long term.
The more aware companies are about what services are being used and the risks they present, the more they can make better informed decisions about which services to block and manage. The cloud is not inherently dangerous. But each service is not designed for all users. Companies need to evaluate the cloud based on the security of their information before using, or else suffer the consequences.