“Do the right thing. It will gratify some people and astonish the rest.” – Mark Twain
The great power of the cloud brings with it some special considerations, especially when it comes to security. Doing the right thing when it comes to security in the cloud takes adjustments, both in mindset and action. You must keep data and accounts safe while maintaining user productivity and collaboration. The following three “Dos and Don’ts” can help outline a clear cloud security plan.
“Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” – Vince Lombardi
Don’t block. While blocking may prevent a rush to the end zone, it will not stop users from finding a way to share data into and out of your domain. Most employees just want to be able to get work done without being held back by clunky software, gateways, or other productivity inhibitors. Shift your perspective. Educate the end user as to what tools and applications fall within the guidelines of acceptable use. Do understand that shadow IT will happen when users are forced to seek alternative ways to achieve their goals. Instead, show them what the expectations are around data storage and creation, then let them run with the ball.
“Assumptions are the termites of relationships.” – Henry Winkler
Don’t assume the worst. Employees, by and large, are not trying to share documents incorrectly, expose sensitive data, or authorize risky third party applications. They are simply lacking the proper guidance on how to ensure that they are not putting their account or the company’s data at risk. The concept of the cloud is new for many users and an opportunity to educate should never be overlooked. Do find ways to foster trust, not pests, in the relationship. Remind employees of the Acceptable Use Policy and help them practice its guidelines regularly.
“Responsibility is the price of freedom.” – Elbert Hubbard
Don’t make security the burden of the IT department. Security is a shared responsibility and one that comes when users are enabled to make intelligent decisions about how they manage data. Relegating remediation practices to just the IT department ensures that employees are kept out of the loop of understanding and will continue to make potentially damaging mistakes. Instead of pointing fingers at end users from inside one department, do empower employees with the opportunity to self-remediate and take ownership of security of their own data. Allow security measures to be viewed as a shared responsibility that unites an entire enterprise in its efforts to be freely, securely successful.
Think it’s time to provide people-centric security in your organization? Contact us for a free security assessment to find out how secure your environment really is and gain control of third-party apps in your environment. We will review and audit your organization’s Google Apps, Salesforce and other SaaS application domains, as well as of the usage and consumption of third party applications connected to them to:
- Provide metrics, considerations, and recommendations that lead to the analysis
- Recommend actionable next steps for instituting Acceptable Use Policies (AUPs)
- Compare your Security Score to other customers