When it comes to enterprise cloud adoption, a number of factors complicate the route to security and success. One of the key factors is the staggering diversity of the cloud computing ecosystem. The number and variety of cloud applications that an enterprise might consider adopting—and the number and variety of cloud applications that might already be in use at the enterprise, unbeknownst to IT—otherwise known as shadow IT – can make getting cloud adoption under control a daunting task. Breaking down cloud applications into a few discreet categories and examining their risks is a good place to start.
There are three main types of cloud applications, each with their own specific concerns.
- Classic shadow IT, in which individual employees or lines of business grow impatient with IT-approved solutions and turn to third-party cloud services to solve immediate business problems, such as the need to share large files within the company or with outside partners. Shadow IT is usually adopted with good intentions but can lead to serious cloud data security problems. Since employees are using the third-party applications without IT’s knowledge or approval, the applications are outside of IT’s visibility and control. As a result, applications aren’t vetted for basic security, and data isn’t monitored for compliance violations. Shadow IT applications must be discovered and evaluated so the best can be safely enabled and the rest disabled.
- Enterprise-sanctioned collaboration applications such as email, file sharing, and conferencing, which the enterprise adopts in order to streamline employee communication and collaboration. Adoption and use of these applications is sanctioned by the organization and supported by IT, and basic security is typically less of a concern. Compliance violations and inappropriate data sharing may still be a problem, however. Solutions like DLP integration must be put in place to prevent workers from sharing sensitive information with unauthorized parties or accessing and storing data in noncompliant ways. Granular visibility and control are key here.
- Business-critical applications that handle critical data and operations must be able to run optimally but also with the highest levels of cloud data security, since they most likely handle the largest volume of sensitive or protected data. Thanks to this large volume of protected information, regulatory compliance is a major challenge: businesses who adopt cloud computing for mission-critical applications must deal with a complex web of data privacy regulations while working to ensure that the measures they take do not disrupt the functionality of the applications themselves.
In any discussion about cloud adoption and the cloud data security challenges that arise, a clear understanding of the assets at stake and the risks to the organization in the event of a breach are vital. Categorizing your organization’s cloud investments is a sound starting point. To learn how to take the next steps towards cloud data security, download our whitepaper: CIO’s Guide to Enterprise Cloud Adoption today.