ALL >> Computers >> View Article
Steps To Safe Cloud Services Adoption
Total Articles: 54
Enterprises Cloud SaaS and IaaS are an unstoppable force sweeping through organizations large and small at a breakneck pace. The rapid adoption has allowed anyone in an organization with a Web browser and an Internet connection to take over (and pay for) traditional IT department functions such as email, storage and backup, and collaboration tools. As a result of this rapid shift, IT consultancy Gartner estimates that by 2015, 35% of IT spending will come from budgets outside of the IT department. That figure will grow to 90% by the end of the decade. The benefits of these fast-growing cloud services are undeniable and include service agility; wider choice of products; ease of collaboration; fast, cheap deployment, and swapping fixed capital expenditures for variable operating costs that can be ratcheted up or down to meet demand. While enterprises have long leveraged traditional cloud services such as Salesforce.com and Office 365, employees increasingly use popular but lesser known services, such as Evernote (social bookmarking and document sharing) and Prezi (online presentation tools). They also log into SaaS services while at work for personal needs including photo sharing (Instagram), and social media (Twitter). To quickly build and test applications, developers at enterprises rely on cloud IaaS products such as Amazon Web Services, Rackspace and Heroku. From developers to marketers to salespeople, employees are accessing and using these cloud services with or without their IT department’s permission or knowledge.
Few, if any, CIOs know exactly how many services are in use on their networks, let alone which services are in use. According to a Jan. 2013 survey undertaken by Symantec, 77% of businesses have suffered rogue cloud deployments or unauthorized uses of cloud services. This lack of information means that IT organizations have no way to secure their networks against risky services or manage and mandate safe cloud service use by employees. IT organizations also struggle to maintain cost control over cloud services and to unify cloud service usage under more economical enterprise-wide contracts. Some of the world’s largest financial, health care and technology enterprises have successfully deployed Skyhigh Networks’ Cloud Services Manager product suite to leverage the benefits of cloud services and manage employee usage while minimizing the security risks and controlling costs.
The first step towards controlling cloud service usage and minimizing cloud services risk is to gain complete visibility into which services employees are already using. This is no simple task. Estimates of the total number of cloud services functioning right now range from ~2000 to over 5,000. New cloud services emerge every day. Any new application coming onto the market has a significant cloud component for backup and synchronization, at a minimum. It is also important to understand the breadth of the cloud services universe. For example, if an employee visits a popular industry blog and writes a comment, chances are that the employee has registered and then logged into Disqus, the most popular blog commenting platform. Disqus is actually a cloud service. An employee working on an open source software project probably uses the GitHub repository system to store source code. This is another major cloud service that flies under the radar. Popularity of cloud services varies significantly by region and by platform. While DropBox is a popular sharing platform in the U.S., in Eastern Europe a service called 4Share is far more popular. For these reasons, establishing a solid cloud services policy and management strategy requires complete visibility and understanding of cloud service usage.
The only way to attain this visibility is through detailed log-file analysis, mapping back services accessed to business units and individual users. Initially, this is a “snapshot” that provides a baseline of cloud services accessed by employees. Log-file analysis alone is not sufficient. The analysis must be pushed into a simple-to-consume dashboard that allows lesser trained IT administrators to view a list of all services running and key details about those services (type of service, location of physical servers, potential risks of service, etc). For any cloud services management strategy to remain effective over extended periods, the snapshotting process must be moved towards a regularly discovery period done weekly, daily, hourly or even in real-time. This is essential because the cloud services landscape is evolving very quickly and a log-file analysis has a very short half-life both in terms of services accessed but also risk profiles of the specific services and even service details (ports accessed, types of service calls, communications protocols used).
Gain Service Insight and Analysis
The second step towards putting in place a strong cloud services management strategy is gaining insights into which services present the most risks. This is possible and relatively simple once an IT organization has obtained full discovery of all services in use. At that point, the IT security team should bucket the services into broad categories in order to compare similar services and perform comparative risk analyses. For example, employees in one unit may be using Box.net while those in another use Google Drive while those in another use SugarSync and 4Share. Box.net may present a very low risk while 4Shared is a very high risk. SugarSync, in comparison may be an acceptable risk. Once those risk assessments are completed, IT and cloud security services managers should identify the services with the lowest risk in a category and consider establishing a commercial relationship with the provider. With or without such a relationship, the IT security team can promote the lesser risk services across your employee pool while discouraging or blocking the use of higher risk services in the same category. Just like the log-file analysis and visibility exercises, cloud services risk assessment is a continuous activity that may require temporary halts or lockdowns on specific services. For example, the recent password breach at Evernote increased risk of that service until the breach was addressed. Enterprises using Evernote should have reassessed their Evernote usage to minimize their risk exposure.
Computers Articles1. Why Has The Sign Engraving Equipment Become An Essential For Personalisation
Author: Rob Hibbs
2. Computer Forensic Analyst Can Help To Dig Up The Truth Using Latest Technology Devices
3. How To Update Adobe Flash Player On A Mac Computer?
Author: Mac Support Team
4. Playstation 4 Repair Uk | Playstation Repairer
Author: Playstation 4 Repair UK
5. How To Recover Pst File Password In Outlook 2016 Free?
Author: Outlook Support Team
6. How To Securely Wipe Private Data With Active@ Killdisk
Author: James Vaughn
7. Find Reasonable Minute Of Every Day Norton Setup For Your Computer Needs
Author: Stephanie Smith
8. Register Your Business Name With Seo Friendly .co Domain Extension
Author: Ridhi Bhatia
9. Where To Find The Model Or Printer Number Of A Hp Printer?
Author: Maria Silvia
10. The Computer Repair Salem Ma Offer Best Solutions To Any Hardware Or Software Problem Of Your Comput
11. Things To Consider Before Buying A 3d Printer
Author: Jamie Smilovici
12. Everything To Know Before Using Surface Laptop Promo Code
Author: Christine Bleakley
13. Ps4 Repair London | Playstation Repairer
Author: Playstation Repair Centre
14. Pro Tip: How To Secure Windows 10 Boot Process
Author: Ellie Williams
15. How To Clear Cookies, Cache Memory And Browsing History In Aol?
Author: Maria Silvia