Every enterprise wants greater efficiency and more productivity from its employees. At the same time, IT has a vested interest in ensuring the safety and security of both infrastructure and data, so it needs to keep a handle on what is going on out there.
This is why the issue of “rogue infrastructure” is such a thorny one. As the world becomes more open and interaction among data users starts to break the boundaries of traditional enterprise infrastructure, IT finds itself increasingly out of the loop where enterprise data is concerned. But is it really in IT’s best interests to keep a lid on this interactivity in the name of security, and thus be seen as an inhibitor to innovation?
If your CIO hasn’t yet confronted these questions, circumstances could soon force the issue. The cloud makes it incredibly easy to spin up new infrastructure, with no one the wiser save for the head of the business unit that’s doing it. According to Symantec Corp., more than 75 percent of businesses report the presence of rogue clouds within their organizations, with the likelihood increasing with the size of the enterprise. Of this group, 40 percent say they have seen confidential information placed on unauthorized clouds, and 25 percent reporting actual harm, such as account take-overs, Web attacks or outright theft of goods or services.
Even worse, identity management firm OneLogin reports that 70 percent of enterprise applications are running on rogue cloud architectures. This could be a recipe for disaster considering many organizations have lax password protection policies, with practices like spreadsheet management, password sharing and even writing them down on sticky notes becoming increasingly common.
All true, but does the enterprise run the risk of killing the entrepreneurial spirit by cracking down too hard? Davey Winder of cloudpro.co in the UK says rogue clouds are so popular because they are cheaper and easier to use, and if there is a failing on IT’s part, it’s in not updating policies to properly guide their use. It is telling, after all, that 20 percent of respondents in the Symantec survey said they did not know they were violating IT policy by using the cloud. And any movement to put a blanket restriction on the cloud will likely miss some of the key negatives that going rogue engenders, like poor recovery for compliance or data restoration purposes.
If security is the one issue standing in the way of fully embrace of the cloud, realize that even rogue infrastructure can be secured as long as practices are updated to accommodate new realities. As CSO Online’s Taylor Amerding notes, a Chief Information Security Officer (CISO) might start to look at rogue clouds not as the enemy, but as a new data environment in which security needs to be information-centric rather than infrastructure-centric. In that way, IT is no longer an impediment to increased productivity but an enabler.
Business people are used to weighing risk vs. reward. In the case of rogue infrastructure, it seems the rewards are great and the risks can certainly be minimized through advancing technologies and updated policies. No doubt, there will probably be stories in the near future about an enterprise undone by its rogues, but the smart response would be to view these as learning opportunities, not excuses to put one’s head in the sand.
The simple fact is that rogue architectures are only rogue because IT allows them to be. By focusing more on what users need rather than what IT is willing to support, enterprises should have nothing to fear from loosening up the reins a little.