Cloud Sprawl: Operational and Security Risks of Public Cloud Subscriptions

Blog Image: 

A new study by Avanade, an Accenture and Microsoft joint IT consultancy firm, found that 61 percent of companies worldwide believe cloud sprawl is causing inefficiencies in their business.

What is cloud sprawl? It’s the unmanaged adoption of cloud services by employees. When each user is free to pick which cloud services he or she will use for conducting business and managing data, the result can be an unmanageable, and inherently unsecure, proliferation of sharing and collaboration services.

The typical knowledge worker is now carrying three mobile devices and wants to sync files daily across all those devices. Using a cloud service to automatically share information between each device is an obvious approach to ensuring that mobile workers always have the files they need. Many public-cloud file sharing services are free; employees can sign up for them without any IT approval, assistance or even knowledge. However employees who are not directly involved in IT security and regulatory compliance are typically unaware of the risks these services pose for the organization’s data.

But the risks are real. IT cannot manage, monitor, and secure an ever-changing mix of public cloud file sharing and collaboration services. For example, how can a public company in the U.S. comply with Sarbanes-Oxley (which requires that all financially material data be controlled and tracked) when files are being shared with internal and external users on any number of public-cloud file sharing services? How, in such an environment, could IT managers or compliance officers vouch for the location of all copies of a spreadsheet with sales projections?  How can an organization demonstrate compliance with HIPAA if it is not in control of information sharing and does not have visibility into who has shared what, with whom.

Cloud sprawl leaves IT and compliance departments blind, making organizations vulnerable to data disclosures, security attacks, and regulatory penalties.

Not sure if your organization is experiencing cloud sprawl?  Here are three red flags that indicate you may have a cloud sprawl issue:

  • My organization does not have an approved solution for file sharing by employees
  • My organization does not have a policy on use of Dropbox, iCLoud, Google Drive
  • My employees are free to use any public cloud file sharing solution they want

To ensure data governance and security, IT departments need to control how files are shared and accessed.  Standardizing on an approved cloud file sharing solution not only increases data security but also increases operational efficiency, as employees don’t need to learn multiple apps or solutions to access and share information.  In parallel with offering an approved solution, many IT departments reduce or eliminate cloud sprawl by blocking the ports used by well-known public-cloud services so that employees cannot use these services.

A final thought to leave you with - the easiest way to control cloud sprawl is to get your own private cloud.

See All Blog Posts >>