t seems like the momentum is really swinging to allow employees to do whatever they want in terms of accessing the web, as long as they are getting work done. So, you’re empowered to use most Public Cloud apps like Box.net, Salesforce.com and even Gmail. Now, you can really get things done, right?
Public Cloud Services Are Demanding Attention From Security Teams
Well, not so fast. There are a growing number of risks, and some real regulatory compliance issues for business managers and executives to deal with in this area. You might not realize it, but they are starting to lose sleep over all the great new cloud-based and mobile tools you’ve decided you need in order to get your job done.
They have an uneasy feeling that something could go wrong. In fact, it seems like just a matter of time. Will the next security breach come from a hacker, or from an employee accidentally sharing some business document that should have been kept confidential?
The Key Questions You Need to Address
So, I have a few questions for you to ask of your IT management team:
1- Do you know how you’re going to meet all of the compliance requirements that the Executive Committee has passed down (or is about to pass down) regarding controlling and monitoring corporate employee access to outsourced services – including Public Cloud services like the ones above?
2- Do you know what kinds of information passing to external partners and employees outside the network perimeter are at risk from unauthorized disclosure and abuse by employees?
3- Do you know what vulnerabilities are most likely to expose your external data flows to accidental and intentional threats?
4- Do you know how you will control, monitor and contain external flows to mobile devices used by employees?
5- Would you like a few tips on how to simplify these very tough questions, so that some of them might actually go away?
Here’s Where You Can Find Some Hints On How To Answer Those Questions
If the answer to any of these is NO, then you might want to suggest that a senior IT manager attend my webcast this week (Wed. April 2, 2014 at 1:00pm ET), where I’ll be exploring these questions, and proposing some answers that could collapse these issues into a much smaller set of challenges than your organization is currently facing.
Or, You Can Just Hope For The Best
On the other hand, if they’d rather spend their waking hours pondering every vulnerability in every mobile operating system and every cloud service provider, that’s up to them. But if that’s the case, I expect that it won’t be long before your access to those essential services you rely on to do your job might become interrupted sometime soon, as audits or hackers bring to light the web of vulnerabilities and unprotected data flows.
(…Cue the scary organ music…)
Click HERE for information on the upcoming webcast mentioned above. If the date is passed by the time you read this, please contact me at the email below to find out when you might be able to catch another session.
The Streetwise Security Coach