The Consumerization of IT: Are illicit cloud apps risking your business security?
By Barrett Coakley
A Delicate Balancing Act
There is a delicate balancing act going on in organizations between employees adopting cloud applications to help them do their job and IT’s need to secure the corporate network. This often results in employees downloading apps without approval. In fact, a report by Netskope found that there is an average of 461 cloud applications running in the enterprise — almost ten times more than IT had estimated. To change this dynamic, business groups and IT need to work together to meet the productivity requirements of the business while satisfying the security needs of the organization.
One major category of cloud services that has seen widespread “shadow” adoption by employees is file sharing and storage applications. The adoption of these apps is an extension of the consumerization of IT where employees bring applications from their personal life into the workplace. However, file sharing and storage apps bring a heightened level of risk for an organization as employees use these services to store, manage and transfer valuable content in the cloud without the knowledge of IT. These services can be compromised as they do not use enterprise level security protocols or rely on users to implement strong passwords. Also, people can retain access to these drives after a project has finished if privileges are not revoked or an employee can leave with sensitive documents if they change jobs.
An easy file transfer solution that meets the needs of both employees and IT
Employees
To ensure widespread adoption across the organization, and to lessen the chance that employees download an unapproved app, the solution needs to have similar characteristics your employees have come to expect with popular file sharing services. Some of these features include:
- Ease of use: To minimize training and support calls to IT, an application needs to have an intuitive user interface that employees can easily understand and start using with minimal guidance. The management of the app also needs to be intuitive and simple enough that employees can administer the app without IT help, including adding and subtracting users, branding capabilities, and file monitoring.
- Speed: High speed file transfer between offices and locations increases collaboration, shortens workflows, and allows you to handle more jobs. Some solutions cap the bandwidth you can utilize during a transfer or restrict the size of the file you can move, which will impact widespread adoption by employees. The solution needs to easily handle a quick file transfer with no bandwidth restrictions or file size limits.
- Cost predictability: Some services contain variable charges that can change from month-to-month based on items that can be hard to control. This unpredictability makes it hard to budget for each project and can affect your ability to scale based on demand. To minimize unpredictability and support scaling, you need a solution that has a predictable cost structure that allows you to prepare a budget that minimizes surprises that could impact your bottom line.
IT
IT shares many of the same needs as their employees, but also has unique requirements that business groups might not prioritize. Fortunately, the needs of these two groups can both be satisfied with the proper due diligence and clear priorities. For IT, the following items are important in an enterprise application:
- Security: IT has to worry about several security risks associated with transferring and managing assets. The first concern is to protect the network from intrusion. This requires enterprise security protocols such as Active Directory integration, proper authentication procedures, and monitoring tools that include a view into who has permission to access the service. The second priority is to ensure sensitive corporate assets are not compromised. Any solution should provide a level of control, insight and management that allows IT to monitor the movement of files, who has permission to view and transfer files, where the files are stored, and how long they are available to users.
- Minimize support: Many organizations have a mix of on-premise and cloud solutions to store and transfer content. With on-premise solutions, IT is responsible for not only supporting user questions but also maintaining the application for optimal uptime and updates. Depending upon the design of the cloud product, these apps could require IT to maintain the application as well. As such, IT should look for a true SaaS application that the software vendor manages including automatic updates, load balancing, and the ability to automatically scale based on demand with no IT requirements to provision additional hardware or resources.
With file sizes continuing to grow, firms need a clear strategy around file transfer and storage services that involves both the end users’ needs as well as the organizations requirements. Employees need to share these large files to collaborate and speed time to market while IT has an obligation to protect both valuable content and the overall network. If employees and IT work together, they can find a middle ground that provides the security and ease of use both groups desire in a solution.
If you would like to learn more about the way new technologies can transform workflow automation and happen to be in London next Tuesday (July 8), check out IT Broadcast Workflow. IT Broadcast Workflow charts the development and adaptation of file-based operations in European broadcasting companies and will present a range of innovative case studies at their sixth annual event. Signiant is sponsoring this year’s gathering. Come by our table and say hello!