According to analyst firm Forrester, cloud computing industry is expected to grow to $191 billion by 2020. There are myriad benefits of cloud computing; among them increased employee productivity, faster time to market and lower cost is few to name. Nevertheless, the security of data in the cloud is a primary concern holding back cloud adoption for IT departments. Additionally, employees are not waiting, they are joining the “BYOC” or “Bring Your Own Cloud” movement – bringing their cloud services at work.
What is shadow IT?
In the past few years, there has been accelerated growth in new apps that can help people be more efficient and productive. The forward-thinking perceived the benefits of BYOC and bring in the concept of “Shadow IT”.
Shadow IT is a term often used to describe IT systems and solutions built as well as used inside organisations without explicit organisational approval.
Top 5 risks of BYOC or Bring Your Own Cloud
Some of these perils are linked to weak cloud security measures of the services, such as multi-factor authentication to access the service, or storing data without controls such as encryption.
1. Compliance Violations and Regulatory Actions
Nowadays, most organisations operate under some regulatory control of their information, including one of several other industries and government regulations. Under these mandates, companies must know: Who can access their data, where it is stored and how it is being protected.
Bring your own cloud often violates every one of these principles, putting the business in a state of non-compliance, which can have grave ramifications.
2. Contractual breaches with business partners or customers
Contracts among business partners every so often confine who is authorised to the data and how it is used. When employee without authorisation move restricted data into the cloud, the contracts may be violated, and legal action could supervene.
3. Theft or loss of intellectual property
Enterprises increasingly store sensitive data in the cloud. When the cloud service is compromised, cyber criminals can gain access to sensitive data. Besides the threat of breach, certain cloud services can even pose a risk if their terms and conditions claim proprietorship of the data uploaded to them.
4. Malware infections that give free rein to a targeted attack
Data exfiltration can become the vector of cloud services. The cyber security experts also detected the malware that breached sensitive data via the private Twitter accounts. Cyber criminals deliver the malware using file sharing services and targets practising phishing attacks.
5. Loss of control over end-user actions
When an organization is in the dark about employees using cloud services, those workers can be doing anything, and no would comprehend – until it is too late. For instance, a salesperson who is about to resign from the organisation could download all information on customer contracts and upload it on her personal cloud storage platform. Afterwards, access it when hired by the competitor. This example is one of the most common insider threats today of BYOC in organisations.
Best Practices for organisations in cloud
Every organisation must carefully analyse following factors before moving to the cloud:
- Seek an independent security audit of the host (cloud service provider)
- Make inquiries about exception monitoring systems
- Find out which third parties the firm deals with and whether they can access your data
- Look into available penalties and guarantees
- Be extra vigilant during updates and make sure employees do not suddenly receive access rights they are not supposed to
- Find out whether the cloud service provider will accommodate your security policies
- Be careful to develop strong guidelines around passwords; how they are created, changed and protected
To reduce the perils of unmanaged cloud usage or Bring Your Own Cloud, organisations first need to have a perceptibility into the cloud services in use by their employees. They need to know what data is being uploaded by whom and on which cloud platform. With this information, IT teams can start to enforce corporate governance, compliance and data security policies to protect the sensitive enterprise data in the cloud.