How the Cloud Disrupted the Corporate Ecosystem

Wednesday, August 29, 2012

Barrie Hadfield

C67c179cd59e50f867e06086f5b2d21f

Nearly every organization has embedded within it some type of collaborative ecosystem.

Traditionally, this was anchored in email or a centralized server, accessible almost exclusively from within the firewall.

Yet as the cloud wields increasing influence on corporate environments, the traditional ecosystem becomes more antiquated. There’s some paradox in how the cloud is enabling this unparalleled productivity and collaboration for the workplace, while simultaneously eroding security protocols designed to protect intellectual property and corporate assets.

So how did the enterprise end up surrendering so much of its valued security measures to the cloud? First, let’s consider how the traditional corporate ecosystem was structured. Without the influence of cloud technologies, the workforce primarily shared and revised documents via a set of approved collaboration tools provided by the organization.

In most cases, Microsoft’s Office suite reigned supreme with PowerPoint presentations, Word files and Excel spreadsheets stored on a single, centralized server accessible nearly exclusively via company-owned devices.

The first crack in the traditional ecosystems surfaced via email, which has always provided an escape hatch for collaborating outside of the firewall. Do you, however, recall that old adage - never send anything via email that you would not want to see on the front page of your local paper?

Quickly, this saying became irrelevant, as typically, the rush for convenience trumped nearly all security considerations. Employees soon found they could take advantage of email’s attachment feature to share files, without considering the potential risk of intellectual property loss or information breach.

Then, the cloud worked its way into the office and the ecosystem was permanently changed. The first sign of trouble was how these tools were introduced into corporate settings.

In direct contradiction to the conventional top-to-bottom corporate distribution, in which tools are handed down from top executives to lower-level employees, consumer-style cloud platforms were shared among the lower-level employees first and then trickled upward. The result was an abundance of consumer-oriented tools, downloaded by all, used properly by few, none approved by the IT administrators.

Secondly, as opposed to, say, a packaged set of tools, such as the Microsoft Office suite, consumer-based cloud collaboration tools are usually in direct competition with one another. And according to Forrester, half of all office workers use between four and seven collaboration tools to do their jobs. With this patchwork approach, each platform becomes its own information silo, making it arduous to track the content once it is uploaded.

Of course this is frustrating for employees who want to keep track of where their data is and whether the stored version is the most updated. But from a security standpoint it also causes significant harm to a business’ audit trail, making it nearly impossible to know if unauthorized users have access to the content to distribute, store or modify it. 

The resulting security threats are nearly self-evident. Consumer-based products in general are designed with ease-of-use as the primary consideration, with security falling somewhere well below.  When security aspects are even considered at all in the design process, it is frequently from a personal, as opposed to an enterprise-grade, level.

Additionally, these types of platforms do little, if anything to prevent the distribution of files and information across enterprise firewalls. If a document or file was sent to an employee at one company, there are no measures in place for him or her to send it, even by accident, to the wrong person.

But there is no turning back the clock. The cloud is now part of the business fabric and will only become more ingrained in the collaborative process going forward. Trying to ban cloud collaboration tools will only hinder your organization’s ability to innovate and collaborate.

We, however, have reached a crossroads in which IT administrators must either take back control and have a voice in the way the cloud is deployed within their organizations – or risk irrelevancy.

After all, would you want your company’s proprietary information splashed on the front page of your local paper – or worse, an influential blog?

Barrie Hadfield is co-founder and CTO of SkyDox

Cross-posted from The Last Watchdog

Possibly Related Articles:
8803
Cloud Security
Information Security
Cloud Security Enterprise Security Cloud Computing Intellectual Property Managed Services Innovation Collaboration
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.