ZDNet defines rogue clouds as public cloud applications that are not managed by or integrated into a company’s IT infrastructure. Some call it BYOA (bring your own application), as employees are deploying their own clouds without consulting with IT. Rogue cloud deployments are usually not done maliciously but rather are done to save time and avoid cumbersome processes.
More common than you may think
Symantec’s survey of 3,236 companies in 29 countries late last year showed that 83% of enterprises and 70% of SMB’s encountered rogue cloud deployments. In India, the numbers were even higher where 89% of enterprises and 92% of SMB’s found rogue clouds.
Why It’s a Problem
When employees circumvent IT and deploy their own cloud solutions, the chance they take proper IT precautions are low. Often they incorrectly configure the cloud and can easily make data available to the public as a result. Symantec found that 40% of companies had confidential information exposed because of rogue clouds.
What You Can Do About It
The trend of BYOA seems to be similar to BYOD in that companies are no longer trying to resist or avoid it, but rather they are (perhaps forced into) embracing it.
To secure rogue clouds at your company, consider the following options:
Security & Privacy Audits: Eric Friedberg compared the rogue cloud phenomenon to the early days of corporate Wi-Fi when employees similarly set up unauthorized and unencrypted hotspots that exposed internal information to people on the street. He credited security and privacy audits to solve those problems and thinks they can solve these problems as well. Understanding what data on your servers is available to the public is important and such audits can help you keep a pulse on this.
IT Policies: Maintaining best IT practices when it comes to the cloud is important. That might mean educating employees on the risks of deploying their own cloud solutions, or training them on the proper way to do so. That may mean setting rules such as requiring the internal control of encryption keys. Just remember that the reason employees engage in rogue clouds in the first place is to save time and avoid cumbersome processes, so figure out how to balance your employees time with the security needs of your company.
Cyber Liability Insurance: To protect against lawsuits that may arise from a security breach, some companies purchase cyber liability insurance. While this is not a solution per say, it might be worth considering to prevent potential losses if something does happen.
Backup: Aside from the other ways to mitigate risks, having a second copy of your information is certainly a great idea, so that if hackers to get in and your data is deleted or corrupted, you still have it when you need it.
We suggest a balanced approach including education, training, putting into practice the right policies and procedures, and a proper backup solution. Have any more ideas to add? Let us know below!