BIZTECH: Right, but most businesses are using a lot more than the well-known cloud apps with well-funded, state-of-the art security.
That’s absolutely true. In fact, one thing that we find is that the average business today, even small businesses, are using hundreds and even thousands of cloud-based applications.
BIZTECH: Do most businesses typically even know they’re using that many cloud applications?
Nope. But people are starting to get a little more of a handle on that. One of the features that was recently added to Cisco Umbrella, for example, is a toolset that’s designed to help you see that. It gives you a report of what people are using and tells you which ones are risky. We rolled it out at a Fortune 200 company. They claimed to us that they were using very few cloud applications. But in fact, there were literally hundreds of applications that they didn’t know about. And that does not mean that cloud applications are bad. They’re not; most cloud applications are great. There’s a good reason people use them. It’s just that you need to have visibility and control over what’s in your environment.
BIZTECH: How do so many cloud applications get into environments without the IT department’s knowledge?
Because people just download things. It’s like with your phone — on the app store, you’re used to downloading whatever application you want that fits your needs. People feel the same way in business: If they feel like there’s a tool that’s going to help their productivity, they want to use it. And you want them to use it. But it’s important to have the visibility and control so that you can have a very flexible policy but still be able to zero in on the bad situations.
BIZTECH: What should IT managers be watching out for?
The biggest issue is the way people use the cloud. With cloud-based security breaches, it’s usually much more about the behavior of the people involved than it is about the application.
Users may be putting information into cloud applications that they shouldn’t be, simply because they aren’t aware or because people get their passwords breached. They make a mistake, they pass their password on to someone else, and then it’s out there. That sort of thing happens all the time.
For that, I really recommend that businesses deploy a two-factor authentication solution. Just having that second factor so that passwords are not the single way to get breached is so important. It’s more common that people will log in to steal your data than break in to steal your data.