More employees are signing up for cloud-based services—enterprise social networking included. Is it a bad thing? How can IT still maintain control?
Poor Ivan from IT keeps an economy-sized bottle of antacids at his desk to help him deal with the stress. It’s gotten so bad that he’s developed a nervous habit of tugging his ear every time he hears about it. Employees are signing up for free apps and cloud services without running it by IT!
The marketing team sets up a Dropbox account to share collateral; an account executive uses Yousendit to send a big file to a customer; an assistant logs in to Google Docs to save all of his notes; and a dozen or so employees just signed up for a free enterprise social network to collaborate on a project. Meanwhile, all of this goes unnoticed by IT unless someone like Ivan just happens to come across it.
According to Symantec Corp., 77% of all businesses have experienced rogue cloud situations, or unauthorized use of cloud services, over the past year. Of those businesses, 40% have experienced exposure of confidential information.
IT could easily set up a gateway to block employees from signing up for cloud-based services or apps, but this costs money and limits employees in some ways. The last thing IT wants to do is to slow down efficiency and prevent employees from easily accessing information. Plus, a little chaos isn’t a bad thing. Just look at the whole BYOD movement.
Even so, these apps come with a slew of challenges as well:
- No protection over the company’s informational assets
- Lost data due to inappropriate measures for backup and recovery
- Lack of basic security such as VPN connections
- No proper access control: lax username and password protection
- Limited infrastructure control due to individual sign ups rather than corporate accounts
- Lack of integration with current systems
- No top-down, company-wide deployment
- Limited ability for legal discovery
It’s no wonder Ivan is panicking over the kind of trouble he could get into. What if an employee comes under litigation, but there’s no way for IT to access all of their files? What if an employee leaves the company and suddenly a manager needs access to all previous assets? How much time and money could it cost to recover these sort of things?
Here’s how IT folks can get a handle on the situation:
First, IT should have a security policy informing employees on where they can/cannot store or share company information. This policy needs to be information-centric and people-centric to allow optimal knowledge sharing and learning.
Second, IT needs to adopt technology that is platform agnostic. For example, an enterprise social network or any communication tool needs to integrate with various applications and visa versa to essentially make information accessible and actionable from one place. At the same time, this platform should give IT the administrative rights to approve applications employees bring in to the company while still giving employees the freedom to explore and find applications they find most useful and efficient.
“Going rogue” isn’t always a bad thing, as long as IT maintains access to all proprietary information and employees can get everything in one place.
For a platform-agnostic enterprise social network that meets all your organization’s security requirements, try tibbr.