The App Trap Hidden on Your Network
Richard explores cloud applications on your network and the implications and the importance of visibility, the potential risks and how to avoid getting caught in the cloud app trap.
All power to the user when it comes to cloud apps. When savvy employees need a tool to get the job done, it’s all out there, on the web, for the downloading and using.
So far, so good for your business. Or is it? I recently worked with a trusted UK corporate consumer brand in a solidly regulated industry and we discovered some worrying exposures – both security and cost – resulting from users’ freedom to download and connect to their favourite productivity apps and let them loose on the company network.
We’re not just talking about dodgy, niche apps here. Legitimate business tools like Office 365, Salesforce and One Drive can open channels to business data stored on your network or shared in user-created documents and files.
That has a big impact on data protection as well as risking competitor-sensitive business information that you want to keep to yourself.
Working with a specialist cloud security partner, we audited the cloud apps in use around the business. The client’s IT security in general was in good shape, but the rapid adoption of cloud apps had taken them by surprise. We discovered that nearly 5,000 users were taking advantage of 800+ cloud apps. More than 10% were identified as posing a high risk.
Marketing and storage apps and Amazon Cloud presented the highest risk. The client flagged a major contract whose terms were potentially being breached if data was to leak into the cloud via unsanctioned app use.
By carrying out a complete audit, the client was able to come up with an action plan to take control of the apps used, implementing an assessment and approval process, setting up on-going monitoring and reporting, and educating staff to understand why these controls are needed.
Widely available cloud apps can be invaluable for user productivity and effectiveness, specially in the remote working world. But you can’t afford to let them flourish unchecked.
For one thing, the cost of licensing these apps to individual users is significant. You’ll have no idea of the collective amount if your business is paying it out via employees’ personal expenses claims. For a widely used and valued app, you can almost certainly save money with a corporate multiple license option.
The key thing is to empower your staff to find the right tools for the job, but make sure you have the right checks and controls in place so you can minimise costs, block risky apps, and work with your staff to understand what they need so you can find an acceptable and effective solution. Power to the people, control to the business.
If you’d like to take a look at what’s “app”ening on your network, get in touch. We can help you explore the risks and costs and recommend a practical approach to securing your network cloud apps and safeguarding your data confidentiality.
Managing Director at Data Integration