The number and variety of cloud services offered to enterprises is growing at a staggering rate, and the adoption of cloud services by these enterprises is growing just as rapidly. Gartner says that 72% of enterprises use Software as a Service (SaaS) today and expect a Compound Annual Growth Rate for SaaS of 52.4% off the current base of $14.5B. What’s more startling is how much spending on cloud services occurs outside of IT. Gartner predicted that a full 35% of IT spending would take place outside of IT by 2015 – only two years away. By the end of the decade, that figure will hit 90%. This segment of cloud services purchased outside of IT is often referred to as “Shadow IT”.
Enterprise employees purchase cloud services for a variety of reasons. They provide rapid scalability, reduce time-to-value, offer agility and ease of use, and enable a shift from capital expenditure to operating expenditure. However, use of these services can come with significant security, legal, and business risks, especially when they are procured and managed outside of IT’s visibility and control. In this whitepaper, we will share the best practices used by real companies to reduce the risk presented by the use of approved and unapproved (Shadow IT) cloud services.
Top 10 Best Practices for Managing the Risk of Cloud Services
1. Use Data loss prevention software (DLP) to avoid compliance risk
2. Block all high-risk services & suggest lower-risk alternatives
3. Confirm all corporate data removed from newly-blocked services
4. Alert employees using recently compromised services
5. Detect and remediate policy inconsistencies
6. Search for anomalies in user behavior
7. Conduct investigations into anomalous behaviors i.e. cloud usage patterns
8. Encrypt data going to key services
9. Identify all cloud services in use & evaluate risk
10. Track progress regularly.
Best Practices for Managing the Risk of Cloud Services