Security forecast: High chance of 'shadow' clouds

As with IM and social networking, end-users will bring dangerous cloud computing services into your organization

If you think "cloud networks" and "cloud services" are just buzzwords or another set of technologies destined for extinction, think again: The cloud is here to stay. In the future, your company will subscribe to one or more cloud products -- if it hasn't already.

A friend of mine asked if we would prevent unauthorized cloud products, which he called "shadow clouds," from starting to appear on our networks. His question isn't as strange as it might sound. Every new, big technology leap has also brought in a deluge of unmanaged instances -- think instant messaging or social network sites.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Shadow clouds would, in fact, be a more significant threat to your company's confidential information than IM or social networking blogs. All computer services and presences need to be managed to ensure compliant security, content, and messaging, but with a shadow cloud, you're at greater risk because your company's confidential data is more likely to be hosted on the cloud provider's systems. Ridiculous or unusual though it may sound, IT security should start preparing now for the emergence of shadow clouds.

Security iGuide
A look back at early adopters When IM went mainstream in the late 1990s, no IT person I know thought it was a necessary service or expected it would hang around long enough to become a legitimately used and approved corporate product. It just started popping up on various users' desktops -- and there was hardly any worry about the potential security risks or inadvertent information disclosure. Early on, most IT administrators went around uninstalling it where they found it and wagging a finger at what I mostly now call "early adopters."

When IM went mainstream in the late 1990s, no IT person I know thought it was a necessary service or expected it would hang around long enough to become a legitimately used and approved corporate product. It just started popping up on various users' desktops -- and there was hardly any worry about the potential security risks or inadvertent information disclosure. Early on, most IT administrators went around uninstalling it where they found it and wagging a finger at what I mostly now call "early adopters."

Social networking has a similar story. I don't think any of us foresaw the use of MySpace, Facebook, or Twitter as a business tool. Today, companies are often more worried about their Twitter followers than they are with how many people viewed their Super Bowl commercials. A new employee candidate might be hired or fired over what appears on his or her social network page. Get arrested, and all your online musings are reposted in the newspaper.

1 2 Page
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies