Managing Risk in Cloud-Forward Companies

This is the final installment of my five-part series on the cloud-forward moment, its benefits and risks.

There are so many advantages to being a cloud-forward company – increased productivity, attracting and retaining talent, being more competitive and innovative, reducing costs – that it may seem odd that there are many companies who haven’t made the transition.

What keeps most of them from adopting a cloud-forward strategy and gaining these benefits is heightened concern over what appear to be risks inherent in entrusting so much key information to the cloud.

Minimizing risk is a sound business practice and with security and breaches so prominent in recent headlines, it’s understandable that companies are concerned. Unfortunately, the solution many companies have adopted is to lock down the cloud in a highly restrictive manner – or to try and lock it out altogether.

Ironically, that actually creates a greater chance of risk. In this age of mobility and BYOD it’s almost impossible to prevent people from using their phones, tablets and other devices as productivity tools. Even if the company doesn’t sanction them, people will seek out and use cloud-based tools that help them do their job.

Heavy-handed restrictions pretty much guarantee that employees will adopt these tools outside the view (and hence control) of the company and its IT department. Visibility into how they are being used, and any chance for risk assessment, becomes impossible. As collaboration with colleagues, partners and customers is one of the key reasons for using these tools, there’s a high likelihood that IDs, passwords, files and data will be shared pretty widely.

Managing too tightly is the same as not managing at all: the risk of a breach, exposure of sensitive information or compliance issues increases immensely. Your employees aren’t trying to create these security problems – they’re busy trying to solve business problems. They’re on the front lines pushing for you to be a cloud-forward enterprise and embracing the best tools out there.

So what’s a company to do? If you can’t block it, lock it or ignore it, how do you manage the cloud so you get the benefits of a cloud-forward strategy without the risks – and without raiding the NSA looking for a cybersecurity expert?

What you need is a platform that lets you easily manage the cloud services your talent and your business need, and provides the kind of security tools that can manage the risk. This is the heart of what we do at Bitium, and we’ve built a next-generation, cloud-forward management platform that makes it possible for any business, especially small and fast-growing businesses, to take full advantage of the cloud, while managing risks.

First, our platform lets your business know who in the company is using what apps, and easily grant or revoke access depending on need. Our platform integrates directly with more than 5,500 of the most popular apps (including Office 365, Google Apps, Salesforce.com, Box and Zenefits, to name a few), making this a simple matter of using a very intuitive dashboard. You don’t need extensive IT knowledge to get a report, run a real-time audit or manage access.

Next, our platform adds high levels of security while maintaining a high level of user flexibility. The creation of IDs and passwords for app access is centralized, enabling the generation and use of secure credentials in ways that foil hackers and prevent unauthorized entry and information disclosure. At the same time, individual users need not worry about managing this complexity: They are able to securely log into all their apps using existing company login credentials, a Bitium password or even their Google ID. No further authentication is required. For new users or new devices, two-factor authentication sets things up securely the first time and empowers mobile working.

Even though risk management is a major benefit of this approach, it also helps keep costs down. Without reporting and auditing on app usage, there’s no good way for an enterprise to manage licensing intelligently. Since most apps in the cloud operate on a pay-for-use/user model, knowing what you need (and what you don’t) lets you operate on the most favorable terms.

Nothing can take all the risk out of the cloud – or, for that matter, any shared IT system. Still, this approach can keep risks to a minimum, while at the same time opening up all the productivity and innovation possible with the cloud today, and for the future.