Many folks cringe at IT having tight control…but then when users in organizations start tossing things into the cloud they then expect IT to bail them out. That’s an impossible place and I’ve seen more and more It folks going,” you threw it up there without consulting us..it’s your baby now”. the results are usually disastrous and things get put back form the cloud once that inevitable disaster begins. the cloud can be leveraged in a good way but i wouldn’t put anything critical or private into it. The cloud is ripe for a major data harvesting attack to explode…I’m sure it has already occurred..we just don’t know about it yet.
In many cases, IT organizations are not fully aware of which cloud applications are in use across the enterprise, which makes it more difficult than ever for enterprises to monitor and control user access to mission-critical applications and data. In fact, only 34% of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using IT’s budget, making it very difficult to proactively address security and compliance requirements for those applications.
SailPoint’s survey found that business users have gained more autonomy to deploy cloud applications without IT involvement, yet they do not feel responsible for managing access control. In fact, 70% of business leaders believe that IT is ultimately responsible for managing user access to cloud applications. Adding to IT’s challenge, more than 14% of business leaders admit they have no way of knowing if sensitive data is stored in the cloud at all. This lack of visibility and control greatly increases an organizations risk of security breaches, exposure to insider threats and failed audits.
“As organizations adopt cloud applications, they are very likely to increase their risk exposure by putting sensitive data in the cloud without adequate controls or security processes in place,” said Jackie Gilbert, VP and GM of SailPoint’s Cloud Business Unit. “And this year’s survey illustrates how ‘at risk’ companies already are. Many companies lack visibility not only to what data is in the cloud, but also to who can access that data. It’s imperative that companies put in place the right monitoring and controls to mitigate these growing risks.”