D. Justhy's Blog

"Getting to Yes, Now!"

Why a Disciplined Process is More Important than Expensive Technology

We all have a good idea of what cloud computing is by now and why organizations and businesses are moving towards it. The cloud is scalable, versatile, flexible, secure and what not! Plus, with names like Microsoft and Amazon providing these services, you might think there is very little that can go wrong.

However, as we have seen in the past few years, things do go wrong. More often than not, organizations, in their eagerness to transition into the cloud, end up exposing their data to possible breaches.

In fact, security experts state that configuration errors are a common occurrence when companies move to the cloud. They usually happen when the company makes the mistake of providing access to outsiders such as vendors. Vincent Liu of security firm Bishop Fox says that improper configuration is the number one cause of data theft or loss.

The cloud is a juggernaut

Cloud computing is an unstoppable force and the problem with unstoppable forces is that you can’t slow them down in order to measure the exact impact that they might have. Gartner predicts that cloud computing will be worth around $247 billion by the end of 2017, as cloud infrastructure services continue to dominate the race.

Ironically, these are the very cloud services that are prone to configuration problems. Since rapid cloud adoption has mainly been the result of users looking for quick access to computing services, there really is inadequate focus on security. A lot of the transition occurs under the shadows with IT departments being left ignorant of the transition.

The need for governance

Pete Chronis, Chief Information Security Officer at Turner Broadcasting System Inc., blames the trend on the lack of proper governance within organizations. IT departments have to be informed about concerns such as online assets, how critical applications are connected, software patching, and high risk changes made by employees such as software developers.

However, with cloud computing, that’s impossible, as the application exists in the cloud instead of the organization’s own data center.

So, how can companies/organizations overcome this?

The answer lies in establishing a disciplined process to ensure that the transition is carried out with the right approval and in a secure manner. Employees or vendors cannot be trusted to focus on security at all times and the technology itself is dependent on the user’s expertise.

However, by creating a robust process, organizations can ensure that the transition to cloud services occurs with minimal risk. For instance, they could create measures that would alert IT departments when an employee purchases a particular service using the corporate credit card.