By all measures, these apps are beneficial. People need to test and use innovative tools…and those tools are in the cloud.Īfter performing hundreds of Cloud Risk Assessments for our customers, our observation is that there are numerous cloud services in use by virtually every business unit in nearly every enterprise. ” Some variations include blocking upload of confidential documents only or requiring a business justification before a user uploads anything to an unsanctioned app. The way some of our customers handle this is by enforcing a policy that says “Allow download from any (or most) cloud storage app and block upload to any app except. Now multiply this by all of your salesperson-customer, business development professional-partner, manager-supplier relationships and you can easily see the magnitude of the problem this creates. Your salesperson can either ask her customer to re-send the documents via Box, leave the office and use another (possibly less secure) network to access Dropbox, or forego the business altogether. The customer sends your salesperson a packet of documents from Dropbox. That salesperson has a customer that uses Dropbox. Let’s say you sanction Box and block all other cloud storage or file-sharing services. People need to collaborate with partners, suppliers, and customers. Cloud apps aren’t even in your network.People will use personal and corporate instances of the same apps.People will use worse tools than what you’ve blocked.IT can’t – and won’t ever want to – administer every cloud app.People need to test and use innovative tools…and those tools are in the cloud.People need to collaborate with partners, suppliers, and customers.Some apps just don’t belong in your enterprise.īut the “sanction one and block the rest” regimen as a cloud security strategy simply isn’t practical in the real world. We’d block really risky file sharing apps, ones with ongoing unremediated vulnerabilities, and ones hosted in risky countries. But if you think about it for any length of time, it sounds – and is – ridiculous. One of the CASB vendors in our space has a storyline that goes like this: “Sanction and block all others at the firewall.” That sounds blissfully simple, and may even give you a warm fuzzy feeling for about 30 seconds.
0 kommentar(er)
