IT professionals are struggling to secure data in the Cloud, and part of the problem is that security standards for most third-party cloud applications are just not yet up to enterprise standards.
Lieberman Software surveyed 140 attendees at this year’s Microsoft Ignite 2016 conference, gathering an insiders perspective on cyber security trends and the impact of the cloud on IT operations. The survey revealed that IT professionals find it “difficult” to secure data in the cloud, and that poor security practices in the cloud play a part in this fear. Companies should not be offloading their security responsibilities to cloud providers, but more and more organisations are starting to do this, under the mistaken belief that security standards in the cloud are as stringent as what they’ve come to expect from on-premise solutions.
A large portion of survey respondents (43%) admitted that they do not change their credentials in the cloud as frequently as they do on premises. This kind of behavior is a red flag pointing to a larger problem: that basic security protocols may be harder to enforce in cloud solutions.
Most respondants (73%) said in the survey that they prefer to keep sensitive corporate data on premise rather than in the cloud, for greater control. But it’s more than likely that this data is already in the cloud. We know this because the growth in mobility and the Cloud have led to the growing problem of Shadow IT. Data flows through endpoints and into the cloud with no IT oversight most of the time.
Obviously, the cloud isn’t going away, and the solution is not to restrict cloud use and hamper productivity. Instead, the solution is to bring that cloud data out of the Shadow. First, understand the drivers behind Shadow IT, which are often altruistic: a desire for productivity, adaptability and scalability. Recognize that business-level Cloud decisions are inefficient and contribute to the problems with securing data in all the little pockets where it lives. Next, translate that understanding into a strategy that embraces the cloud, with clear executive-driven guidance on organizational cloud use. Support your policies with technologies that provide automated alerts and remote capabilities to remediate threats.
As we outlined in our post, How to Use Absolute DDS to Identify At-Risk Data in Cloud Applications, technologies such as Absolute DDS can help you enable the use of cloud applications in line with your data security policies. Using Absolute DDS, you can identify devices with cloud storage software and detect devices with at-risk files being stored (on the device or in the cloud). You can proactively respond to the presence of at-risk data with remote data delete capabilities. Using custom alerts, you can enforce policies on which cloud applications are used and how, understanding that different users will have different permissions when it comes to data access.
To learn more, get started with your free evaluation version of Absolute DDS today.