Subscribe

Unauthorised cloud apps compromise security

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 09 Jan 2015
Contemporary users have very low tolerance for downtime, and it may put compliance at risk, says Warren Olivier, Veeam's regional manager for Southern Africa.
Contemporary users have very low tolerance for downtime, and it may put compliance at risk, says Warren Olivier, Veeam's regional manager for Southern Africa.

IT environments that can't provide reliable, consistent availability risk driving users to unauthorised cloud services - and compromising security in the process.

So says Warren Olivier, Veeam's regional manager for Southern Africa, who points out that the consumerisation of the past decade has dramatically changed user perspectives on IT.

"Many people are now comfortable using cloud-based e-mail, storage and file sharing services - and if their own IT departments provide a service that's slower, less convenient or less reliable, they will find a way to work around the rules. Contemporary users have very low tolerance for downtime, and may put compliance at risk," says Olivier.

A recent research by BT discovered chief information officers (CIOs) have an unprecedented opportunity to take a leading role in their organisations, thanks in part to the rise of 'shadow IT'. Shadow IT is a term often used to describe IT systems and IT solutions built and used inside organisations without explicit organisational approval.

According to the study - Art of Connecting: creativity and the modern CIO - the practice is now common, with 76% of CIOs seeing it within their organisations. On average, shadow IT now accounts for a quarter of an organisation's IT spend.

Olivier says any availability gap will tend to push users toward finding their own solutions.

"Discussions about availability tend to focus on disaster recovery, but true disasters are rare. The real availability threats are far more common things like low system performance or service degradation, accidentally deleted files that can't be recovered easily, or processes that get stuck because a key person is out of the office. These are the daily frustrations that create availability gaps between what users demand and what systems can deliver."

He is of the view if organisations really want to stop staff from using insecure third-party cloud services to share company files, simply making a rule against it isn't going to work.

"You have to avoid the problems that send them elsewhere in the first place. This means your environment needs to be designed and managed for maximum availability, which may include providing similar services in-house. Fortunately, this is precisely what virtualisation enables. With the right tools in place, nothing except the kind of disaster that takes out whole cities should knock your systems out."

Olivier says there are tools available which are designed for modern data centres, and combine the basic protection of old-fashioned backup with more sophisticated capabilities for verified recovery, replication, and high speed recovery of individual files and servers as well as entire environments.

"A virtualised server is just a file like any other, and can be stored, copied and moved around like any other. A replica server can be spun up in minutes, and individual files can be recovered in seconds. This makes it much easier to provide highly available systems."

Share