In the days before cloud was an enterprise thing, back when systems, networks and perimeters were much more clearly defined, information security teams of course still had concerns to address and data to secure. One of the emerging risks in the mid-nineties earned the name of “Shadow IT.” And it’s still with us today.
Shadow systems grow up in the dark spaces under desks and in the cupboards and pockets of employees who are simply trying to get the job done. In an effort to access, process or disseminate information quickly and effectively, they will buy, install and use whatever technology works. Very often congratulating themselves on their canny technology combinations and their wily ways around the system.
Shadow IT is the USB stick in your pocket; it’s the DSL link under your desk or the wireless access point in the cupboard. Not only that, but in the new paradigm of consumerisation and cloud, the problem is exacerbated. Webmail becomes a covert channel, unmanaged file-synchronisation services a back door, and virtual servers in someone else’s cloud often end up holding the crown jewels of the organisation outside every process and oversight of the business owner.
Whereas Shadow IT in its infancy represented a risk mostly to limited transfers of information and subsets of employee or infrastructure, the capabilities offered by today’s cloud platforms have magnified the problem to an unprecedented degree.
In the rush to deliver the goods to the best of their abilities, to hit deadlines and extend reach, the marketing team in our short video shortcut internal processes with disastrous results.
So, can you entrust your data to the cloud? Is it more secure than home or office backup, and does the cloud fulfil the promises made by the marketing department? The cloud is certainly different to the Internet service provision architectures that have come before, different even to the ASP offerings during the dot com boom of the late nineties. It is different in its provision, and crucially, in its consumption. Cloud platforms are truly multi-tenanted, allowing providers to benefit from huge economies of scale and consumers the savings of paying for what they use (utility billing). The arrival and evolution of ubiquitous broadband, ever-increasing bandwidth and rapid evolution of mobile computing power have all combined to drive us to a place where we need always-on access to always-updated services and data.
Security cannot continue to be a bolt-on afterthought; in this brave new world, it is not enough to be either a marketing or commercial expert or an information security expert. Security should be integrated into every project and every initiative from the outset. The focus should not be on securing infrastructure; it should be on building secure infrastructure.
During the month of October, we’re supporting the National Cyber Security Alliance in celebration of Cyber Security Month – an effort that aims to educate organizations and individuals about how to stay safe online. Check out the helpful videos, infographics, blog posts and reports we’ve gathered for you here.
