Wednesday, September 8, 2010

Cloud Bleeding: Losing Corporate Data to the Cloud

One interesting phenomena that is impacting IT environments is the DIY "Do It Yourself" type applications that are designed to work over standard ports, allowing remote access to information. Increasingly these DIY applications are showing up inside our environments. Applications like logmein or dropbox to name a few, which allow a lightweight applet to load on a desktop, without privileged access in some cases. These "applets" enable users to turn up their own remote access type services without IT. While they have been around for a while, the use of these applications is on the increase as users get acclimatized to installing "applets" similar to the AppStore or Facebook model. In addition a new generation of online storage and synchronization tools designed for end users are readily available. Demand is also increasing as people transfer data from their desktops to devices like the iPad to enable mobility.

The age of "DIY IT" is upon us and we need to move quickly to respond to the trend. How then do we balance the requirement for IT self service, the Bring Your Own Computer (BYOC) trend and complete mobility against compliance and regulation requirements. Luckily solutions such as VDI are now offering flexible delivery of virtualized applications and desktop access from anywhere to help. In addition security standards are being introduced to cloud providers along with vendor security certification programs to ensure data is protected and that the hosting facility can be trusted. However, while these aim to meet users changing consumption requirements they do not form a comprehensive enough solution to prevent an underground exodus of corporate data. Additional layers of security such as digital rights management and a strong policy governing end users responsibilities will be required to secure corporate information.

It will be a fine balance between enabling users with technology while protecting company information at the same time. All the pieces however have reached a level of maturity to meet or address most of these issues. The onus will be on the IT team to work with their partners to bring these components together to provide security and reduce the risks without restricting mobility or end user flexibility. As it is likely this trend is already impacting our environments the time to start planning is now.

- Posted using BlogPress from my iPad

No comments:

Post a Comment