The topic of cloud computing (computing resources being delivered as a service over a network) is certainly not a new one. You can’t open a tech publication, whether printed or online, without seeing an article featuring “The Cloud.” It’s become an integral part of our business and personal technology. But while the benefits of cloud computing have been well touted, less attention has been paid to the associated drawbacks.
Last week, Symantec released the results of a survey conducted for which IT executives at 3,236 organizations were asked questions related to Avoiding the Hidden Costs of the Cloud.
The first and biggest hidden cost introduces a major threat to security and therefore monetary resources – rogue clouds. Symantec found that rogue cloud deployments (use of a cloud based service without the authorization or oversight of the company’s IT department) happen in about three-fourths of all organizations. Really, there are probably very few of us who haven’t used an unauthorized app or online software at one time or another to make our job easier. Unfortunately, while rogue cloud deployments may allow the individual to be more productive, they also often inadvertently put confidential information into the cloud, leading to potential liability and monetary repercussions:
"Among those who reported rogue cloud deployments, 40 percent experienced the exposure of confidential information, and more than a quarter faced account takeover issues, defacement of Web properties, or stolen goods or services."
In our line of work we often run into smaller IT departments within large organizations that have made one-off purchases of cloud-based remote support tools without thinking through the compliance and security ramifications for the entire company. As the Symantec report pointed out, nearly half of these rogue cloud deployments lead to exposure of confidential information. For example, last month customers of cloud-based vendors Logmein.com and Docusign.com began complaining about a possible breach after receiving malware-laced emails to accounts they registered exclusively with those companies. While it’s important to note that both companies claim they’ve found no evidence of a breach, there are pages of user comments in the LogMeIn Forum insisting that their e-mail addresses were leaked. It’s easy to see that if employees in your organization are using a cloud-based remote access solution outside of your standard security practices, and their login information is leaked, it could put your network at risk of a data breach.
Compliance and eDiscovery
Another cloud issue addressed by the Symantec report are the hidden costs of compliance and failure to meet compliance standards. According to the report, nearly one-fourth of all surveyed organizations had been fined for privacy violations in the cloud within the last twelve months. eDiscovery (discovery in civil litigation which deals with the exchange of information in electronic format) has also become a very real concern, with 34 percent of organizations receiving eDiscovery requests for cloud data within the last twelve months.
"Underscoring the importance of planning for eDiscovery from day one, two-thirds of those who have received requests missed deadlines for delivering the requested information, potentially leading to fines or compromised legal positions."
Because remote support allows one party to access and control another party’s systems, we have seen multiple instances where remote support session data was part of an eDiscovery request. That’s why it’s so important to use a remote support tool that records and captures every action taken within a session, and allows you to easily store and recall that data when needed. This is especially true for support centers that are accessing the systems of external customers or clients, and help desks who are allowing external vendors to access their own systems.
While there are undeniable benefits to the use of cloud computing, it’s important for organizations to factor in these hidden costs when they’re evaluating when and where to leverage the cloud versus using an on-premises solution.
Stay Up To Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.