emPower

Cloud Computing is a Security Awareness Issue

Whether or not your organization is officially looking into cloud computing as a potential business tool, chances are that your employees are already be using cloud-based applications without you knowing about it.

Cloud-based applications are already widely used – some of the better known examples being Google Docs, Windows Live, Salesforce, Acrobat.com, Dropbox, and KnowledgeTree. And they don’t require IT approval for a user to set up an account – anyone can sign up with a credit card.

Once employees start using a cloud-based application, security questions start popping up very quickly. Where’s the data being stored? Who has access to it? How is it being backed up? How stable is the cloud service provider?

It’s possible that most use of these services by your employees involves only data that’s unclassified. But that’s not a risk that you can afford to take. And use of a cloud-based application could break the law, and/or agreements with partners – especially if an employee uploads data to a cloud service that stores data in another jurisdiction e.g. out of the country.

You could try restrict use of these applications by blocking access from your network, but that’s probably impractical. And, as with many things, it’s likely that users will find ways to bypass your security measures.

So what’s the solution? Clearly, the first step is to establish a clear IT policy that covers the use of external services. This will probable be part of, or a supplement to, your Acceptable Use Policy. Make it fair and reasonable, or users will find ways to circumvent it.

Then, as with all policies, you’ll need to tell your staff about:

  • Why the policy is needed, and the implications of failing the follow the policy.
  • What employees CAN do with cloud-based services – probably a list of approved cloud-based services.
  • What employees CAN’T do with cloud-based services.
  • Who to talk with if they have questions.

The final point is particularly important since cloud computing is such a new field that many of the legal and technical issues have yet to be resolved.

Some Further Reading:

 

Jessica Holland

Jessica Holland

Like this post? Subscribe to receive updates directly in your inbox.