Ah, the cloud—the never-ending topic of choice for those organizations continually contemplating the dreams and nightmares that it offers. But why is that? You would think by now, the roaring 20s, that the cloud would be something that is just a part of life. After all, if you ask my teenagers, the cloud for all intents and purposes is life.
That sentiment, however, comes with consequences—especially for the corporate world—the biggest being that of cyber security. And this is where the issues reside. Teenagers aside, almost all of us use the cloud in our daily personal lives. And that usage and corresponding habits of convenience now impact our corporate daily lives. The ubiquitous nature that is the cloud suddenly becomes highly blurred.
This is what used to be, and still is referred to as "rogue IT.” The concept is a simple one: it’s the reality of corporate assets leaving the four walls of a company in such a manner that they can't be tracked or seen.
More so, the nature of rogue IT is quite simple. On a minute-to-minute basis, IT departments struggle to keep up with the so-called outside world. The ability for the average person to instantly spin up everything from simple file sharing, to web hosting, to even servers and virtual workspaces is now at the click of a button. And all of it translates to security risks and compliance nightmares.
But what really needs to be discussed is the root cause of people going rogue to begin with. And though I hate to point the finger at anyone, IT departments are in many ways to blame—but also it's not their fault. You see, everything from budgets to staffing and everything in between can mire IT in an endless loop of projects and maintenance that rarely allows them to address even the simplest of employee requests. Pair that with the absurd nature of cloud realties, and the customer service side of IT departments as it relates to internal staff goes out of the window.
Here's an example. Imagine an employee who needs to share documents with external teams (contractors, developers, advertisers, etc.) but their own internal IT systems won't allow it for whatever reason. The solution is to create a Dropbox account to share the docs as needed to complete the project, do their job, get a good quarterly review, acquire a bonus, and so on. Or the flip side is to go to IT to be told "no we don't have that functionality,” meaning projects, quarterly reviews, bonuses, etc, fail to come to fruition all because of the lack of IT infrastructure and required functionality. So if or when IT can't support business units and goals, rogue IT becomes the only option.
So, if that is the reality—rogue IT happens to keep up with the demands of the business when IT can't—what solution is there to combat it? Well, what if the cloud wasn't as dangerous as we all once thought? If Rogue IT is nothing more than an unfortunate by-product, then perhaps we should embrace it. Yes, you read that correctly, a cyber security expert just uttered the words "embrace rogue IT.” And here is why.
As mentioned, if the very nature of the practice results in visibility and security, then why not simply secure the outside cloud? By embracing such technologies as Cloud Access Security Broker (CASB), implementing smart solutions as they relate to Data Loss Prevention (DLP), amongst other things—what was once a forbidden practice now becomes commonplace and well secured.
Suddenly, the "rogue" nature of the cloud disappears allowing IT and compliance folks to sleep well at night, all while business units are afforded the ability to collaborate in a highly secure but still easy manner, enabling all assets to be scanned for sensitive data, detecting and remediating risks, and all within the strictest of compliance standards.
But there is more. Now IT isn't forced into unnecessary projects such as trying to build and maintain their own version of Dropbox—a home-grown company within a company that depletes resources and money.
In 2020, the idea of rogue IT is dying. The cloud is here and here to stay, and is used to propel companies to new heights every day. So why fight it? Embrace everything that the cloud has to offer all while giving the IT department a moment’s rest and the ability to tackle bigger, better things.
If rogue is just a lack of a security solution, then just go get the right solution and the rogue all but disappears.
September 7, 2023
#FacesOfCalian: Oscar Morales
Get to know the Calian team with our Faces of Calian series!
August 1, 2023
Google Engages iSecurity, a Calian Company, to Conduct Assessments of Google Cloud
Google's recent decision to engage iSecurity, a Calian company, for a comprehensive privacy impact assessment (PIA) and a threat risk assessment (TRA) for Google Cloud services in Canada was a significant step towards even stronger data protection and risk management.
May 26, 2023
Meet the Experts - Kevin de Snayer
In today’s edition of Meet the Experts, we have an interview with Kevin de Snayer, Director of Cyber Solutions, ITCS, Calian.