Symantec Issues Warning on Misuse of Cloud Computing
Symantec, long a voice for security in cloud platforms for business, has issued another warning to businesses. In growing so reliant on cloud computing, it seems the security giant is worried that it is becoming far too easy to use unauthorised cloud services inside an organisation without taking the proper precautions.
In a survey conducted among IT and IS (Information Security) workers, the security giant Symantec found that many employees are setting up what it terms "rogue clouds". These "rogue clouds" are unauthorised uses of cloud platforms and services to carry out company business. Often, these tasks are so small they aren't even noticed by management or the IT and IS departments. Even when they are, they are often not properly evaluated as a security threat, due to the growing ease and acceptance of cloud services in everyday life.
While the term "rogue cloud" sounds ominous, it in fact refers simply to employees who use cloud services like Dropbox, Google Drive, or any of the countless other for work-related purposes. These personal clouds are rarely as well-secured as whatever is set up for the organisation, and can lead to massive data-breaches.
Dropbox, one of the most famous cloud providers, has already suffered several very public security failures. The results included several corporate accounts being infiltrated, and it is suspected that personal/corporate mixed accounts were a main vector for the infiltration. According to Symantec, as many as a quarter of those who fell victim to the last Dropbox attack suffered from corporate website or other web presence defacement.
The optimal solution for businesses, now, is to do two things. First, the importance of only using company-sanctioned platforms and accounts must be stressed to every employee. Because employees are so used to using these services at home and in their personal lives, and because most companies have no official policy towards these "rogue clouds", most employees simply don't know that using these services can be a bad thing.
It is essential that you create a set of company policy guidelines, in conjunction with your security or IT team, about how the company vets cloud service providers, and what the process is to approve the use of cloud vendors. There needs to be a defined set of acceptable providers, and clear guidelines about why employees should not deviate from these trusted sources under any circumstances, and certainly not for convenience.
At the same time, the IT and IS team needs to listen to the needs of the employees and set up sanctioned cloud policies that allow your employees to do what they need to do so easily that the appeal to using a "rogue cloud" is gone. A large part of the appeal of these rogue clouds, it can be surmised, is convenience. An IT policy that emphasises making the jobs of employees easier, rather than a strict adherence to a set of rigid rules, can de-incentivise a lot of the formation of these hybrid personal/work clouds. Having a policy in place to make dynamically changing, or at least temporarily approving, vendors that most closely align to employee needs easier can go a long way towards making your office network more secure. That isn't simply conjecture - enterprises are significantly more likely to have false clouds in place than small and medium-sized businesses.
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.