The modern workplace is awash with enterprise cloud apps, with employees and organizations alike increasingly seeking greater productivity – but this doesn’t have to mean a decline in security, says Eduard Meelhuysen
Cloud app use has reached astronomical levels – the latest Netskope Cloud Report found an average 483 cloud apps in use in European organizations; more than 21% of organizations use over 1000.
But are organizations fully aware of all the apps in use? Cloud apps are a cost-effective way to boost productivity, but they can put data at risk – especially if unsanctioned.
Cloud storage is the second most popular cloud app category (behind marketing apps), but there’s no guarantee of security. Our report found that 69% of cloud storage apps were not ‘enterprise ready’, scoring a ‘medium’ or below on the Cloud Confidence Index.
So how can businesses benefit from the simplicity and productivity of cloud apps whilst keeping their data secure? Here are five practical steps for companies looking to safely enable cloud storage apps:
Safeguard Sensitive Data in Corporate Cloud Storage
Plenty of organizations choose to harmonize on one-cloud storage solutions like Google Drive, Egnyte, Dropbox, Box or Microsoft OneDrive. These businesses should start by establishing what important data is housed in that app.
According to our data, 8% of files in corporate cloud storage apps violate a data policy of some sort because they contain health information, PII (personally identifiable information), source code or something of similar value or importance.
Standardize on a Single Storage App
If your business isn’t using a single cloud storage solution, choose one based on employees’ views and organizational requirements. Coach employees on the selected app to ensure 100% up-take and ongoing use.
Of the 37 cloud storage apps in the average enterprise, just over one third are enterprise-ready. This figure is based on criteria adapted from the Cloud Security Alliance checklist of security, auditability, and business continuity measures.
“Unless you know what ‘normal’ looks like, it’s next to impossible to spot anomalous activity”
Monitor Cloud Storage App Usage
As well as working out which apps are in use, organizations should also monitor activity to assess risk. Monitor data in transit to and from corporate apps and keep a watchful eye on activity in and around unsanctioned apps.
It’s also important to monitor for any risky or unusual activity, which means building a picture of what ‘normal’ looks like – because unless you know that, it’s next to impossible to spot anomalous activity.
Watch out for app access from employees who have had credentials compromised in a data breach: do you know that the person accessing the cloud storage app is really your employee?
Secure the Ecosystem
The ecosystem of apps around corporate cloud storage apps should also be controlled. For example, apps which provide secure document signing, project management tools or data visualization portals. There are tens of necessary apps in any organization’s cloud which help the business run more smoothly, but some of these apps likely lack enterprise-grade security. If apps aren’t provisioned by IT, then managing them or enforcing policy to control their use becomes more difficult.
Think of Your Users as Clients or Partners
Unfortunately, most employees don’t have much interest in security. So if IT can take the security responsibility away from users, employees can work however they want without risk. Enabling this culture means allowing the business to operate freely, while ensuring that the IT department leads on any security decisions.
In practice, this means that once the business has selected a cloud storage app, IT would then set and enforce granular policies to ensure it’s used securely. One example would be blocking the upload of files which contain certain types of data, such as customer names and addresses. This empowers employees to use their own work styles without putting data at risk.
The European General Data Protection Regulation, set to become law in 2017, is a timely reminder for enterprises to get a grip on their data. Ensuring cloud storage app use is safely enabled is a great place to start, and can avoid hefty fines down the line.
About the Author
Eduard Meelhuysen brings more than 20 years’ experience in high tech security management to Netskope. Most recently, Eduard served as the Northern European director for Aerohive Networks and prior to that he was a director at Imperva.