Created when business groups implement public cloud apps that are not managed by or integrated into the company’s IT infrastructure, rogue clouds entail several risks. How can organizations weigh and mitigate these risks?
By Anand Naik
It is an established fact now: cloud is indispensable for organizations of all sizes. They are moving ahead with cloud implementations with tremendous zest considering it will lead to reduced capital expenditures, more predictable operating expenditures, easier management, enhanced scalability and better disaster preparedness.
However, in a rush to implement cloud, there are a host of hidden costs unwary organizations may face. These costs are easily avoided with a little foresight and planning, but only if IT knows where to look.
The easiest way of using cloud is through rogue cloud deployments. Rogue clouds – created when business groups implement public cloud applications that are not managed by or integrated into the company’s IT infrastructure – create the risks of confidential information exposure, stolen goods or services, defacement of web properties and account takeover issues
Perhaps the sales manager signs his department up for Salesforce.com without thinking to consult IT. Or perhaps marketing shares important launch materials with outside vendors via an unauthorized Dropbox account. In either case the organization has put sensitive information into the cloud without organizational oversight. It’s a surprisingly common problem, found in 89% of enterprises in India.
Determining the security risk of the rogue cloud can be tricky. While each of the providers can show that the risk of unauthorized exposure of your data is nearly nil, like most security topics, it’s the human element that merits attention. And considering that Information is SMB’s biggest asset, one cannot risk it.
The organization has put sensitive information into the cloud without organizational oversight. It’s a surprisingly common problem, found in three-quarters of all organizations. It also seems to be an issue experienced more by enterprises (83%) than SMBs (70%).Among those who reported rogue cloud deployments, 40% experienced the exposure of confidential information, and more than a quarter faced account takeover issues, defacement of Web properties, or stolen goods or services. So why are organizations doing it? One in five don’t realize they shouldn’t. However, the most commonly cited reason for these rogue cloud projects was to save time and money: Going through IT would make the process more difficult.
Decoding the problem
Why the rogue cloud exists is no mystery. Users want the responsive consumer experience and the business user in a hurry to get compute power will often not wait 30-60 days after filling out the forms that IT requires, waiting for multiple approvals, procurement cycles, and deployment processes. Or they can get what they want provisioned in the public cloud within 24 hours and that too for free to a great extent.
The State Of Cloud Survey revealed that sensitive information was compromised in 57% of Indian enterprises that experienced rogue clouds. The survey found that top rogue cloud issues for SMBs include security, data protection and loss of confidential information. The challenge is escalating, with nearly half (48%) of Indian respondents indicating that rogue cloud deployments are becoming more frequent.
Smart organizations know this. Roughly two-thirds today are saying they are concerned about meeting compliance requirements in the cloud. Interestingly, simply meeting compliance requirements is not enough; an even larger percentage say they worry about being able to prove their compliance.
Organizations have all sorts of assets in the cloud – such as web properties, online businesses or web applications – that require SSL certificates to protect the data in transit whether it is personal or financial information, business transactions and other online interactions. The survey showed companies found managing many SSL certificates to be highly complex. Cloud often requires SSL certificates – for websites, applications, and so on. The final hidden cost revealed by the survey relates to management of these certificates. Most find this area complex: In fact, less than half feel managing cloud-based SSL certificates is easy.
Most organizations are pursuing cloud, and rightly so. Cloud storage is quick to deploy, you pay only for what you use, and you can adjust capacity quickly and easily.
Adopting cloud provides clear benefits. The Symantec 2013 Avoiding the Hidden Costs of the Cloud survey shows that as organizations proceed, they need to pay attention to hidden costs of cloud from day one, or else face costly consequences.
The first point for better use of cloud is focusing on policies and the individuals who all have a stake to make it work, rather than merely the technologies and platforms. The need for speed makes the case for using outside parties, as few organizations have the skills and capacity to tackle the many challenges in building a private cloud. To help you get to the private cloud quickly, consider finding a partner who can guide you through the process.
Cloud computing holds the promise of scalability, agility and efficiency, but in the absence of a rigorous cloud approach, Indian organizations are not able to fully realize the benefits. A policy-based approach focusing on information and people – not just technology or platforms – is critical in mitigating the hidden costs and leveraging the cloud with confidence, whether organizations choose to consume, build or extend cloud infrastructure.
Anand Naik is Managing Director – Sales, India & SAARC, Symantec.