Organizations are rapidly moving critical data into the cloud, yet they still have serious concerns about security and other business risks. Read Bob Dimicco’s blog to learn several important steps companies can take to mitigate the risks of cloud services, such as uncovering shadow IT, assessing data security, and instituting cloud-specific employee policies.
Do any web search on the inhibitors of moving to cloud and you’ll find a primary challenge rises to the top—business risk. The benefits of cloud often outweigh risks, which is why more and more business information is being shared in the cloud. In fact, 50% of Global 1,000 companies will have customer data stored in the public cloud by 2016 according to Gartner.
The rapid transition of critical data into the cloud and the use of SaaS for business processes mean that organizations need to have a solid approach to manage the business risks of cloud. We have worked closely with customers and Cisco’s own IT department to identify some initial steps that organizations can put in place to mitigate the risks of cloud services with IT governance.
Revise how your company data classification system applies to cloud services.
Businesses typically have already established a tiered classification system including private, confidential, public, etc. This system needs to be revised to detail what and how information should be shared in the cloud. These policies also need to take into account any regulatory or compliance requirements.
Communicate an employee policy specific to cloud service usage.
Recently, I was speaking with a large healthcare provider about what policies they had that outlined what employees could share in the cloud. The customer’s IT group believed that a general company code of conduct safeguarded them. However, as the conversation progressed they realized that their current policies were not explicit as to how this applied to cloud.
Employee policies need to clearly outline what can and cannot be shared with approved corporate cloud vendors. For example, even though a vendor like Salesforce.com or Box.com might be approved, an organization may not want certain confidential information to be shared with an outside vendor. Additionally, these policies also need to address personal use of cloud services (file sharing services, for-free email accounts, etc.). These policies need to be periodically communicated to employees as well as how their actions might be monitored to ensure compliance.
Discover and determine the risk profile of shadow IT.
According to a recent Forrester study, 43 percent of respondents believed shadow IT practices were major threats to their respective organizations. It is critical to discover and classify the services being used that have not been approved by IT. Once identified, there are typically three approaches to handling the risks of shadow IT.
1) Assess and onboard critical cloud applications.
2) Block risky cloud applications with secure web gateways or data loss prevention solutions.
3) Monitor applications and as-a-service usage with alerts for unusual activity.
Establish a data security assessment process for new cloud services.
A vital way to ensure that business data is kept safe is to have a thorough risk assessment process as cloud vendors and services are brought on-board. This process should take into account the following five elements:
- Initiation – Establish what elements of your business a vendor will be involved in and what data will be shared with the vendor. Will they handle confidential/private information or only public data?
- Data encryption and integration – Test the encryption of data as it passes from the organization to the vendor as well as how the data will be stored at the vendor’s data center. Understand how a vendor would integrate with your systems (creating single sign-on, pull corporate data, etc.).
- Vendor data security policies – Can the vendor uphold the policies for protecting your corporate data based on the classification system defined above, and do so the same way or better than your IT department would? Evaluate the vendor’s disaster recovery plan, compliance and regulatory processes, and identity and access controls.
- Vendor stability and proprietary policies – According to Gartner, 1 out of 4 cloud service providers will be out of business in two years. This is largely due to financial instability or acquisitions. Businesses need to ensure that vendors they choose to work with are financially stable. Find out how the vendor would handle your data in the event of a business closure or acquisition. Additionally, do they use a proprietary technology approach that might lock you into using them? Insist that vendors use an open source approach that would help you transition to a new vendor if an SLA was not met or if the vendor was acquired or went out of business.
- Ongoing vendor monitoring – Establish a process to regularly review vendors (annually for those dealing with business critical processes, less regularly for those with less impact).
These are some initial steps to managing the business risks of cloud. However, businesses that are looking to reap the benefits of cloud and avoid risk must put in place a lifecycle approach to manage cloud services.
We recently introduced Cloud Consumption Optimization, an annual subscription service that helps customers govern their cloud adoption from end-to-end and continually monitor cloud use. Learn more about how we can help you govern cloud and manage cloud risks at http://www.cisco.com/go/cloudconsumption
During a panel on IoE in Business last week, Stanley Black & Decker announced the results and estimated productivity savings, upside revenue, and risk cost avoidance of a new Connected Factory Wireless implementation conducted with Cisco and AeroScout Industrial. In partnership with AeroScout, we’re excited to share the details on how Stanley Black & Decker has transformed manufacturing operations with IoT.
Visit our post on the IoE Blog where Patrick Gilbert, AeroScout Industrial and I share details about Stanley Black & Decker’s plant in Reynosa, Mexico and best practices that helped Stanley Black & Decker improve labor utilization by 12 percent, increase throughput by around 10 percent, and reduce material inventory carrying costs by 10 percent.
Read the full article Stanley Black & Decker: Connecting Internet of Everything, One Line at a Time
Written By Wayne Cullen, Senior Manager, Service Provider Architectures
Along with cloud computing, M2M, collaboration, and hoodie sweatshirts, virtualization is a trend du jour. Like all trends, it’s based on an old idea (dating back to the mainframe era) that has now been reimagined for new purposes. One of the newest roles for virtualization is network functions such as those in switches, routers, and network appliances, including firewalls and load balancers—thanks to Network Functions Virtualization (NFV). And this is just the beginning of what is going to be virtualized in your network.
Being a Selective Virtualizer
Virtualization can provide some big cost savings and reduce network complexity. But virtualization is like chocolate. You eat too much and some bad things can happen. The early days of virtualization (when servers were virtualized) provide a cautionary tale. Server virtualization lowered CapEx but led to skyrocketing operational costs because much more complex processes—hence highly-skilled staff—were required.
The lesson: Be selective in virtualizing your resources and functions. And focus your time optimizing your network to lower TCO with a flexible, adaptable infrastructure as part of your virtualization efforts.
How and Where to Optimize Your Network for Virtualization
- Reduce Read More »
A friend of mine recently joined the rest of us in the 21st Century by getting his first smartphone. Although it was a long time coming, he’s now tweeting, checking Facebook, and tracking his favorite baseball team, the Colorado Rockies, like the rest of us.
Although my friend isn’t a techno-grouch by any means, the way consumers use smartphones to interact with companies is driving a transition in the customer care industry. Not only are consumers increasingly communicating with businesses via new mechanisms such as mobile, but they’re interacting for new reasons. Using the web and social media, today’s consumers learn much more about products and services before they reach out to a business to ask a question or resolve an issue. Gone are the days of “one size fits all” contact centers. Expert, personalized customer care is now the rule rather than the exception.
Modern Customer Collaboration (or Customer Interaction, Customer Engagement, Customer Experience, or even “contact center”) solutions are meeting this challenge by evolving to address not only my friend’s new-found customer service requirements, but the ongoing needs of consumers who stepped into the 21st century long before he did.
Support for current and future mobile applications is critical. Just about every company Read More »