Securing Rogue Clouds

How CIOs found their companies (big companies!) were spending millions on AWS cloud services paid by personal credit cards and the parallel between the AWS "rogue cloud" and the now "rogue" Dropbox.

By ownCloud GmbH

ownCloud secure cloud solution for filesharing

Hmm, pretty good description of what we do. Well, I read this great piece last week: “Even ‘rogue’ clouds can be secured, experts say” by Taylor Armerding.

The piece talks about how CIOs found their companies (big companies!) were spending millions on AWS cloud services paid by personal credit cards and calls out the parallel between the AWS “rogue cloud” and now the “rogue” is Dropbox. So now, here we are again, but the services are consumer-oriented Dropbox.

According to Taylor:
“More than 75 percent of businesses surveyed recently by the security vendor Symantec reported that their employees have shared or stored sensitive company information on public clouds services. The report, “Avoiding the Hidden Costs of the Cloud 2013” ( PDF document), which surveyed 3,236 organizations in 29 countries, found 83% of enterprises and 70% of small- to medium-size businesses (SMB) using such “rogue” service.”

The Amazon was solved — to some extent — by providing private cloud services — maybe this is the way to solve this problem again… by providing “private Dropboxes.” Yep,. You guessed it, ownCloud.

More from Taylor:

“The risks of this are not just theoretical. Symantec reported that among the survey respondents that reported rogue cloud deployments, 40% experienced the exposure of confidential information, and more than a quarter faced account takeover issues, defacement of Web properties, or stolen goods or services…”

So, (Symantec’s Dave) Elliott and other experts say it is up to IT to mitigate the risks. (Andres, vice president of technology at Proofpoint) Kohn said: “Organizations on the leading edge of this trend have already implemented a CISO position that has greater visibility and power in the organization, and whose role is not to say ‘no,’ but to say ‘yes, you can do it securely in this way.”

“Elliott said besides written policies, awareness training and monitoring, companies can choose certain public cloud services in different categories, “and make them the ‘blessed’ ones.” Some companies, he added, can create in-house cloud services that are as easy and convenient as the popular public ones.

“Other recent surveys have come to similar findings. A report released about two months ago by Nasuni, an enterprise storage management company, said that 20% of business users surveyed said they used Dropbox to share and store work documents. Half of those did it even though they know it violated company policy. And the worst offenders were those near or at the top of the corporate ladder.”

So much good stuff here and all point to the same thing – if your hair isn’t on fire yet over your Dropbox problem – it should be, or it will be soon.

ownCloud GmbH

January 29, 2013

Ready to see what’s next?

We care about protecting your data. Here’s our Privacy Policy.

Read now:

Ok, Go: New language, new partners

Ok, Go: New language, new partners

In September, we presented cool new partnerships that will make our upcoming ownCloud Infinite Scale work nicely with key open-source productivity suites. We explained our reasoning in switching to Go and how to get started with ownCloud using a virtual machine appliance.

read more
Remote education: Choose these 3 tools for distance learning

Remote education: Choose these 3 tools for distance learning

Call it virtual classroom, remote education or distance learning – if you want to teach partly or completely remote, you’ll need the right tools. We recommend three helpful open-source platforms that can help educators avoid high costs, data privacy nightmares and vendor lock-ins.

read more
New shiny things from all throughout this summer

New shiny things from all throughout this summer

In August, we had a lot of cool new things to present at ownCloud: Our partnership with NAS industry leader QNAP, our all-new website, a new major server release and a new iOS App release full of new functionality. And the Privacy Shield ruling from mid-July still reverberates across boardrooms and newsrooms.

read more