The cloud challenge: realising the benefits without increasing risk

The obvious benefits of cloud computing, coupled with rapid advancements in enterprise mobility, have led to the widespread adoption of browser-based applications in the enterprise, with or without the knowledge of the IT department. However, this encroachment on traditional application delivery has led to enterprise security being downgraded to a ‘one size fits all’ model that robs CISOs of the granularity required to comply with regulations governing data protection, privacy and corporate governance.

Richard Walters of SaaSID examines how to extend corporate policies to maintain security and compliance. Public cloud services are moving into the enterprise through the increasing use of employee-owned devices, either as part of formal Bring Your Own Device (BYOD) policies or informally as a result of employees adopting their own web-based applications on corporate devices.

In March 2012, Ovum analyst Samok Roy drew attention to the Bring Your Own Software (BYOS) issue, where employees use applications based on public cloud services to process corporate data – often without the knowledge of the IT team. Roy asserted that the ungoverned use of ‘freemium’ apps, or public cloud services, posed as great a risk to data and corporate compliance as the well-documented BYOD risk.