Cloud Services Best Practices: Identify all cloud services in use & evaluate ris
Posted by skyhighnetworks on January 28th, 2014
Flying blind is never a good idea, so before you begin taking steps to reduce risk, you need to understand what risk you are currently exposed to. This is a two-step process. The first step in the process is to identify every cloud service in use at your organization. Relying on a proxy of firewall alone will make this an arduous (manual) and incomplete task as they classify the most popular services but overlook thousands of other services. Instead, reference your log traffic against a cloud registry that has a minimum 3,000 services in order to gain a complete view of your enterprise’s cloud usage.
Note that most CIOs expect 25-40 services in their environment, but find an average of 300-400 services, most existing in the “Shadow IT” bucket. Also note that this discovery of cloud exposure must be a continuous activity because the velocity of new cloud service introduction and use is only increasing; a one-time snapshot will rapidly get stale.
The second step in the process is to understand the risk of the various cloud services in use. Not all cloud services are risky, so it’s important to get an objective understanding of the risk level for every service. Given the sheer volume of services, evaluating each one is an impossible task so leverage a cloud registry that classifies services based on a thorough set of criteria. Since every business has a different risk profile, make sure the registry’s risk ratings are easily customizable. The risk assessment of services should also be a continuous activity; for example a password breach at a cloud service should increase the risk of that service until the breach is addressed.
Skyhigh Networks, the cloud security company, enables companies to embrace
Cloud Analytics Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information on Shadow IT to Visibility and Cloud Control, visit us at http://www.skyhighnetworks.com/shadow-it or follow us on Twitter@skyhighnetworks.