A Contributed Article by Tim Sedlack, Quest Software
Welcome to the cloud!
I know what some of you are thinking – but I’m not in the cloud. I’m here to tell you that you are. People are making use of what I’ll call “personal” cloud services to enable services that your IT department can’t support. Large files are being shared on Dropbox, SkyDrive or Google’s GDrive. Cloud-based email is being sent from your users with information, or even attachments, that contain work related information. You may even be guilty of creating these “temporary workarounds” yourself to facilitate business getting done better, faster or, at least, more conveniently. I admit it... I’ve done it too!
What’s worrying about this is that it’s your data and it’s supposed to be under your control – if not from a regulatory standpoint, then most likely by internal rules and policies that would prohibit these kind of actions. It’s often done with the best of intentions. More often than not, though, data in the cloud can be forgotten, or simply ignored. It’s common to post something out on Dropbox, SkyDrive... or even in cloud-based email attachments with the best of intentions – with the intention of deleting it when the person or people for whom it’s intended download the information. The problem is that it’s so easy to just ignore it and not be aware that it’s out there.
So what can you do? First and foremost – recognize the problem. You may have “unintended” data stored in places you can’t control. Where you’re under regulatory control (or potential audit), you need to make users aware that sharing this data could be putting you at risk. The next thing you can do is start to put controls in place to audit access to your most sensitive data, gather the records and set alerts to make sure you’re reviewing the information on a regular basis. This will go a long way with those who are under threat of audit. You’re notifying users of the risk and placing control over data. In the end, you can’t MAKE people stop doing business or going around business when necessary, but you can tell them it’s against policy and there is risk involved.
So... welcome to the cloud.
About the Author
Tim Sedlack is a senior product manager at Quest Software, where he is responsible for guiding the direction of Quest’s compliance, and providing assistance to Quest’s customers and strategic partners around the world. Tim has more than 20 years of experience in IT, including time at Microsoft during early implementations of Active Directory and Exchange. Prior to joining Quest, Tim worked with clients around the world on products that monitor health and availability of enterprise IT environments.