CIO magazine published How IT Can Establish Better Cloud Control, an insightful and instructive article about establishing better control of how employees use cloud computing services and, in particular, software as a service (SaaS) applications. Backed by some cold, hard facts from a study of 1,000 full-time employees that reports the careless – though not malicious – security approach of employees who use SaaS apps, the article provides a few essential best practices for IT compliance, password security and file transfer.
A few interesting cloud security best practice tidbits that caught our attention:
- Ensure password protocol. It’s human nature to use the same or similar passwords over and over again, but organizations can protect their systems and data by crafting and communicating an executive organization-wide password protocol. Better yet? A cloud-hosted sign-on solution linked to the existing directory service.
- Get consistent with your apps. In an effort to be more productive, many employees find themselves accessing apps or even old email accounts to transfer files or gain access to data in an expedient fashion. Organizations can create a usable workaround by standardizing usage of a cloud service platform (with reporting and management tools) along with mobile device procedures so employees know what the BYOD expectations and rules are.
- Ask for third-party help. A third-party firm can audit both sanctioned and unsanctioned SaaS app use and talk with end-users about risky behavior. This should be coupled with the delivery of a list of which apps employees are free to use – and a cloud platform from which to access them.
While employee adoption of both new and old SaaS apps is oftentimes motivated by a need for productivity, it is the IT department’s duty to make sure that the processes are in place to eliminate cloud security risk. Creating a solid protocol catalog based on these tips could minimize risk of exposure of sensitive customer and corporate data in your organization – and make IT the hero in supporting employee productivity.