Boom in cloud services: there's a dark side for business

The boom in cloud services is creating its own problems for business.

Cloud services are now an everyday part of business, but the cloud boom can fuel other problems, such as siloed data and shadow IT.

The average enterprise uses more than 1400 distinct cloud services, including 76 distinct file-sharing cloud services, says enterprise IT services provider Skyhigh. Crunching data from more than 30 million Skyhigh users worldwide, the company’s 2016 Q4 Cloud Adoption & Risk Report found the use of cloud applications had gone up 23 per cent from 2015 to 2016, and tripled since 2013. However, this boom in cloud services is creating its own problems for business.

One issue is the growth of shadow IT – the unauthorised use of technology in business. Last year, the Wall Street Journal reported Cisco data that estimated businesses are using up to 15 times more cloud services than the chief information officers in those organisations are aware of. 

It may seem harmless but shadow IT can result in serious data security and compliance issues. After all, it only takes one employee with an under-the-radar Dropbox account to leak important business information, either intentionally or by accident.

The use of cloud services also exacerbates the problem of IT sprawl, so that even finding data across an organisation is a challenge. A lot of data may now be located outside the business and locked in silos that are restricted to particular cloud services and users.

Where’s your data? 

You may be surprised at what applications employees are running and where you might find sensitive business data. The best way to track data is with a data and IT audit. Small businesses can do an audit manually, but larger organisations might need a technical solution. 

Cloud access security brokers (CASBs) provide deep analysis of network traffic to identify all cloud applications used across an organisation. CASBs can also control access to cloud services and provide threat intelligence.

Skyhigh, Symantec, Cisco and Bitglass are among several CASB providers.

CASBs, however, are an advanced solution that might be overkill for many businesses. Even for large enterprises, CASBs are not seen as the whole solution to curtailing shadow IT and IT sprawl, but as an enabler for processes such as IT and data audits.

Professional Development: Cloud computing and forensic investigations. Learn about the different kinds of cloud-based storage and data location, the difficulties encountered by a forensic investigator when trying to capture cloud-stored evidence, and the legal response to the growing problem.

Breaking down silos

Once you have identified where your business data is located, you can then break down silos so the whole organisation can potentially benefit from that data.

Two out of three organisations suffer from “siloism”, according to the 2017 State of Enterprise Multi-Cloud Management Report from Cloudify, which looked at the use of cloud computing and infrastructure providers such as Amazon Web Services (AWS) and Microsoft Azure.

One way to unlock the silos is through adopting a cloud management platform, which allows you to manage all your cloud infrastructure services from the control panel, and shift applications and data from one provider to another. It can also offer advanced tools such as the ability to automate deployments. 

Cloudify is one such cloud management provider; others include RightScale, Scalr and VMware’s vRealize.

The shift to the cloud has also seen a growth in application programming interfaces (APIs) that allow cloud providers to securely use data from other providers. For example, integration between Xero and Insightly CRM means you don’t have duplicate customer data in both apps.

Some cloud tools, such as Zapier, specialise in providing integrations between a wide array of cloud applications, ranging from Gmail to Salesforce. 

Making a permanent switch

Breaking down data silos is one thing, but what if you want to move away from a cloud provider altogether? What if it goes bust or jacks up pricing to the extent that you have to leave?

It’s prudent to have an exit plan for your key cloud services. For those using infrastructure services such as AWS or Azure, this means considering how you’d migrate to another cloud service or back to an on-site system – and that might not be easy if you’re using the advanced proprietary tools offered by these cloud platforms.

It’s a similar situation for cloud software providers. It might be reasonably straightforward – there are several alternatives compatible with Office 365 documents, for example – but even here, highly formatted documents might not be cleanly imported.

With many other cloud software providers, it’s more complicated. You may need to examine what formats you can export to, and what formats other cloud services can import. 

Market competitors are a good source for this type of information. The popular cloud accounting providers – Xero, MYOB, Reckon One, QuickBooks Online, among others – offer tools or guides on how to migrate from their competitors’ services. 

Can you stop shadow IT?

It is possible to restrict shadow IT on computers by locking down systems with a standard operating environment that blocks unauthorised desktop applications and uses web filters to block cloud services. 

However, employees often find a way around restrictions and there’s a school of thought that such controls are counterproductive. After all, if employees feel the need to use an unauthorised application, then perhaps the authorised apps are lacking in some way. 

Taking a more consultative approach with users allows a business to roll out applications in a more controlled fashion. It provides the business with greater transparency and security over its IT, while giving employees the tools they need to be more productive and collaborative.

Further reading

“12 must-know statistics on cloud usage in the enterprise”, Skyhigh
“Shadow IT and the CIO dilemma”, Cisco

Read next: 5 challenges to cloud computing success

Like what you're reading? Enter your email to receive the INTHEBLACK e-newsletter.
Like what you're reading? Enter your email to receive the INTHEBLACK e-newsletter.
February 2018
February 2018

Read the February issue

Each month we select the must-reads from the current issue of INTHEBLACK. Read more now.