Protect Yourself Against the Next Security Flaw in the Cloud—Understand Shadow IT
Recently, a bug in Internet Explorer made it possible for hackers to take over a user’s computer causing government agencies to suggest using a different browser. The Heartbleed flaw opened the door for encrypted data to be intercepted. These latest challenges highlight one thing inherent to any application—whether on premise or in the cloud—it is not if but when the next flaw or bug will present exposure risks to your business. The key is to be prepared with a solid response strategy.
In two short years, 50% of Global 1000 companies will have customer data in the cloud according to Gartner. With more and more critical information moving to the cloud, IT needs to understand how cloud providers are responding to protect their data and users when these security challenges present themselves. For cloud services that IT is aware of, businesses can establish service level agreements and other safeguards to protect the integrity of their information.
But what about cloud services IT doesn’t know about?
From our customer engagements, we have found that there are 5-10 times more cloud services typically being used than are known by IT. Thus, for the wide majority of cloud services being used by your business, there are no safeguards. To be prepared for the next security flaw, it is critical that you identify your shadow IT and create a strong risk mitigation and response strategy.
With Cisco Cloud Consumption Services, we can help you discover shadow IT. Using collection tools in the network, we discover what cloud services are being used by employees across your entire organization. However, identifying your shadow IT applications is only the first step. To adequately address the potential costs and risks of cloud, you need to establish a lifecycle approach to manage your cloud adoption. We can help you identify and manage cloud security risks and compliance issues and recommend ways in which you can reduce your risks due to flaws or service outages. We can also help you establish better processes and procedures for managing cloud applications from adoption through termination, including evaluating cloud vendors and helping you create strong security and risk policies and SLAs.
Armed with information about how your organization is using cloud, you can work to respond more quickly to security flaws through restricting access, improving internal communications, or working with service providers to establish the right safeguards. Without that knowledge, you remain at risk of your data being exposed. Learn more about how to understand your cloud usage and identify risks to your business at www.cisco.com/go/cloudconsumption.