Turbulence In The Cloud

By Author: skyhighnetworks
Total Articles: 54
Comment this article

The journey to the cloud is well underway, and it’s easy to see why when 84% of CIOs report cutting application costs by moving to the cloud. But if your company does not manage its journey to the cloud deliberately by selecting the lowest-risk cloud services, it could be putting its data at risk. In fact, 2013 saw a 38% annual increase in incidents of loss, theft, and exposure of personally identifiable information (PII) in the cloud. In order to reap the benefits of the cloud while minimizing risk, organizations must employ a methodology to identify and select enterprise-ready services.

Some services, such as Salesforce and Office 365, are extensively vetted during a formal procurement process. However, the average company now uses 626 different cloud services and many of these services are free or low-cost services employees find and purchase on their own like Dropbox and Evernote, which haven’t been vetted by IT.

The good news is that the risk of every cloud service can be measured by performing an audit of the cloud provider. To do this, IT and security teams need a standardized way to assess these ...
... services. Based on the Cloud Security Alliance (CSA) Cloud Controls Matrix, there are five categories of attributes to evaluate: data, user and device, service, business, and legal risk. This checklist summarizes those recommendations and offers a standardized way to identify enterprise-ready cloud services. By following this checklist you’ll be able to enable utilization of the cloud for your organization while also mitigating risk.

“Ralph Lora, the CIO of Clorox, riffing off the antagonistic concept of ‘Shadow IT’, has implemented an approach he calls ‘Shallow IT.’ This allows for the wide testing and nurturing of consumer-grade and adopted solutions in the enterprise, done in a calculated but flexible way, proving out all new enterprise apps to help power the $5.5B company.”

Author :

Skyhigh Networks, the cloud access security company, enables companies to embrace Cloud Analytics Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information on Shadow IT to Visibility and Cloud Control, visit us at http://www.skyhighnetworks.com/shadow-it/ or follow us on Twitter@skyhighnetworks.