Why You Need a “Pick One” Approach to Reigning in Rogue Clouds
Most people are familiar with the concept of hidden costs. From building a house to getting a pet, there are always unanticipated expenses beyond the purchase price. Migrating to the cloud is no different. With 88 percent of SMBs now at least discussing cloud services, you’re probably well aware of all the benefits: speed, flexibility and the cost savings of a subscription model. But, we’ve found that many SMBs don’t always follow best practices when moving to the cloud and can end up taking on hidden costs, which counter many of these benefits or remove them completely.
Symantec’s recent report, Avoiding the Hidden Costs of the Cloud looks at some of the unforeseen costs SMBs have experienced in cloud deployments. Here’s a quick rundown of some of the relevant findings:
- 7 in 10 SMBs have experienced rogue (unapproved by owner or IT) cloud deployments within the last year, resulting in issues such as the exposure of sensitive information (reported by 40 percent)
- Among SMBs who reported rogue cloud deployments (more about that below), more than one-third (36 percent) had confidential information exposed, and more than 20 percent faced account takeover issues, defacement of Web properties, and stolen goods or services.
- As a consequence of mismanagement and complexity, more than one-third of SMBs have lost data in the cloud and most have experienced at least one data recovery failure in the cloud.
Rogue clouds, the first issue uncovered by the survey, happen when a well-meaning employee seeks to boost productivity without the “hassle” of going through IT or the business owners – we also call this shadow IT. What’s the harm? Imagine your sensitive information such as product specs or customer information residing beyond the control of your company. Although this issue is far from rare, it does illustrate that employees want and enjoy using cloud services to get their jobs done more efficiently. However, employees don’t understand that they are creating risks and added costs for their companies.
To curb rogue cloud deployments, you should consider a “pick one” approach. Meaning, you should identify what it is that users need and standardize on a solution that meets their needs. If users need file sharing, collaboration or social media, choose a cloud solution that addresses that need and bless it, certify it, implement controls on it and let employees use it. Once you’ve given users what they need, do not allow competing cloud services.
SMBs also need to properly educate employees on policies. By making employees aware of not only the policies but also why they are important, you can ensure employees know how and when to use cloud services efficiently and securely.
For SMBs ready to move to cloud-based services or just beginning to consider it, below are five tips to consider to help ensure a seamless move when picking your cloud service provider:
- Understand the Provider’s Security Controls: Every organization’s security needs and expectations are different so it’s important to understand how the vendor can meet those needs. The Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR), which is a publicly accessible registry that documents the security controls provided by various Infrastructure as a Service (IaaS), Platform as a Service(PaaS), and Software as a Service (SaaS) offerings, is a good place to start. The searchable registry enables users to review the security practices of providers, which will help lead to a better informed purchasing decision. Also, check the vendor’s certifications, references and investigate case studies with organizations similar to your own.
- Know the Provider’s Data Backup Practices: Know how the cloud provider backs up data and in the worst-case scenario, what would happen if they went out of business or if you wanted to move data to another provider. Get a feel for the provider’s storage reputation, their track record of uptime, the number and location of their data centers and redundancy of their infrastructure.
- Secure Good SLAs: The best way to ensure good service is with solid Service Level Agreements (SLAs) with clear contractual language. Many vendors promise 100% SLAs but few are linked to financial penalties for underperformance. Look for vendors who publish their performance and have clear financial penalties if they don’t meet SLAs.
- Evaluate the Human Team: The value of the people behind a cloud service should not be underestimated. Beyond being staffed with cloud specialists who are available 24x7, consider whether your chosen vendor’s specialists can meet your organization’s specific needs. For instance, if you’re looking for a cloud-based security provider, does the vendor leverage a combination of technology and people to proactively identify new threats globally and flag them for at-risk customers?
- Test the Service: One benefit of cloud services is that they have free trialware that is generally easy to deploy. Most vendors offer this to prospective customers. Start small with the trial and once satisfied, you can expand the service to include confidential data and other mission-critical systems.
The cloud offers significant advantages over traditional IT models. But in order to benefit from the agility of the cloud and turn it into a competitive advantage, SMBs need to understand the challenges and plan intelligently from the start – the cost of failure can have a big impact on your business. With limited budgets and fewer IT resources to respond to problems, SMBs can’t afford to learn the hard way about the hidden costs of clouds.