Perhaps you have come across the term ‘Rogue Cloud’. Technically speaking, it is not the cloud itself that is operating outside the norm but the users.
A rogue cloud user is an individual (or group) within a larger organization who utilizes public cloud services for work-related purposes without knowledge, permission or management of the organization’s IT department.
Recently, there has been an explosion of the popularity of public cloud services such as Google Drive, Microsoft Sky Drive and DropBox. In an effort to be more productive, employees may utilize these public clouds to store sensitive data and confidential documents. An estimate released in 2012, claims the number of Dropbox users at 50 million and given the service is low or no cost, it is most likely that number is climbing.
In a recent survey of over 3000 organizations worldwide commissioned by Symantec, more than 75% of those businesses who responded admitted that rogue cloud deployment was an issue. Among those, 40% reported the disclosure of sensitive information with 25% experiencing a loss of goods or services, hacking or similar issues.
So what’s wrong with an employee being more productive, you say? Plenty.
- Security Issues
How secure is your company’s information on a public cloud? Who knows?
Last summer, Dropbox acknowledged a security breach. From the Dropbox blog:
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.
A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.
Also last summer, hackers breached Wired writer Mat Honan’s iCloud and Amazon public cloud account and as he put it on his blog – destroyed his entire digital life.
As you can see, there are potential security issues that arise from storing data on a public cloud rather than keeping it within a business’s secure internal network or private cloud
- Backup Issues
Obviously, documents and data stored on public clouds are not contained within in an organization’s normal backup procedures, exposing the potential for loss of critical data. Mission critical data can be lost or misplaced. Or what happens if the data is in the public cloud account of an employee who is abruptly dismissed from his/her position?
So how do you avoid these pitfalls?
- Create and enforce an Internet security policy
A well-written Internet security policy should cover:
- Define restrictions of employee use & suitable behavior (acceptable vs unacceptable sites, sharing copyright materials, etc.)
- Outline procedures that should be followed to protect and manage your systems and data
- Assign responsibilities so everyone knows their respective tasks
- State the consequences if the policy is disregarded
Once written, it is important for management to review the policy with employees explaining the reason for its implementation, methods of enforcement and penalties for breaching the agreement.
Your company’s Internet security policy should be revised periodically to be sure it is keeping up with the latest technologies and new categories of pitfalls and threats.
- Implement a private cloud solution
A private cloud allows you and your employees to access your company’s applications and documents from anywhere safely and securely thus eliminating the need for public cloud utilizations. The ability to share and edit documents in real time between multiple users is an added bonus.
Benefits to a well-designed customized private cloud solution include:
- Reduced maintenance cost
- Reduced equipment cost
A private cloud is the clear choice for organizations looking to reap the benefits of cloud computing without compromising critical security policies or overall system flexibility.