How your IT team can take control of the cloud

For companies with small IT departments, cloud computing may seem like a heaven-sent technology. IT personnel can outsource almost everything, from storage to software updates to security, and, in turn, cloud technologies allow IT staff the time to focus on both day-to-day operations and forward-thinking planning and strategy.

As cloud providers handle the bulk of a company’s cloud computing operations, though, IT staff sometimes feel left on the sidelines, invested in the applications and the data, but lacking the ability to truly control the action. Some teams purposefully deploy SaaS and the cloud to escape collaboration with their colleagues in IT.

In the long run, an IT department that is too removed from the overall operation of the infrastructure can have serious consequences, especially when it comes to cloud security. As Trevor Pott wrote in The Register, rather than disengage from your data and infrastructure because it is in the cloud, you should actually be worrying about it even more.

“IT departments are moving to the cloud for a host of reasons, but the secret to successful, secure deployments lies in recognizing how critical convenience has become,” said Sookasa CEO and co-founder Asaf Cidon.

If we’ve learned anything from the consumerization phenomenon, Cidon added, it’s that everyone from SMB to enterprise users aren’t willing to sacrifice convenience for the sake of security. So it’s important to make any security layer as seamless as possible, so as not to disrupt the best parts of the cloud solution you deploy—or else risk employees finding less secure workarounds.

Better security means IT staff taking a more hands-on approach with cloud migration and overall computing operations. The first step to this is deploying a plan for data governance, according to Gerry Grealish, Chief Marketing Officer with Perspecsys. IT departments should have a clear policy in hand that covers how security will be handled. Once that policy is in place, IT pros are able to work closely with cloud providers on how to best deal with data governance.

Once the policy is in place, Kamal Shah, VP of Product for Skyhigh Networks, a cloud security company, suggested the following tips for IT departments to create a better working relationship with cloud providers and keep better control over IT operations:

Do your due diligence. Security capabilities vary widely across cloud services so due diligence is important when it comes to selecting the right cloud provider. Start by familiarizing yourself with the Cloud Security Alliance’s Cloud Controls Matrix, Shah advised, because it provides a good framework for evaluating vendor’s cloud security capabilities. Then, to streamline evaluations, you can leverage a cloud trust registry with security data for thousands of cloud services.

Not all data is created equal. Define your use case for the cloud service to understand what types of data you’ll be storing and what level of security that type of data requires. If you’re storing highly sensitive data, make sure encryption with customer-controlled keys and data loss prevention capabilities are available.

Look at the big picture. If you’re moving to the cloud, Shah said, you’ll likely be supporting cloud applications for file sharing, collaboration, CRM, IT management and others. In addition to evaluating the security capabilities of individual providers, look at cloud security platforms that allow you to enforce security policies, such as access control, anomaly detection, encryption, and data loss prevention consistently across cloud services.

It’s critical to pay special attention to on-device security. According to Cidon, even though the major file sync and sharing providers do not provide any data protection on the endpoint, this is equally important to security at-rest on the cloud and in-transit. When these programs synchronize tens of gigabytes of files to every connected device, this poses a significant risk. And in an era when people are relying on personal devices (which can in turn be lost or stolen) and connecting them to their favorite cloud-based programs, it’s more important than ever to secure data on devices.

In the long run, no matter how dependent you’ve become on cloud computing, it is still your data and your infrastructure, and it is vital that IT staff remain engaged in how well it is running, how it is stored, and how it is secured. Your cloud provider is there to assist your needs, not the other way around.

Post by Sue Poremba

Sue Poremba is a security and technology writer based in central Pennsylvania.