tiero - Fotolia

PricewaterhouseCoopers outlines steps to tackle the sprawl of shadow cloud

Many companies are unaware of the extent of cloud services they’re using or who is using each service, PricewaterhouseCoopers (PwC) warns

IT heads need to work with colleagues in finance and compliance to ensure business managers get access to safe, secure and cost-effective cloud services, PricewaterhouseCoopers (PwC) recommended.

Employees from fragmented business units often subscribe to cloud services – sometimes without  considering the financial, regulatory and reputational exposures the company faces – and top executives have an incomplete profile of cloud activities in their organisations, said PwC.

With shadow IT driving greater use of cloud applications unknown to the IT department, PwC’s Managing risk in the cloud report stated: "Executives still worry about the security of company and customer information in the cloud, as well as cloud services’ reliability for being entrusted with mission-critical business functions."

The quick deployment and low cost of cloud service subscriptions have also resulted in investment in cloud services at will by employees at all levels, said PwC. This has effectively allowed anyone with a credit card to buy enterprise information technology applications – which could break corporate compliance rules.

PwC urged CIOs to lead the effort to discover the cloud services in use across the organisation and their impact on operations.

PwC recommended CIOs find the applications that are running in cloud services; the data they contain; where they are running and how; who has connected to them; who has used them; and what sort of anomalous behaviour patterns might be associated with their use.

Once the cloud services that are running have been identified, PwC said the chief information security officer (CISO) should lead efforts to immediately shut down, eliminate or block cloud services that present high risks.

After security, PwC said the business needs to tackle cloud costs. "There’s no point in paying for redundant cloud services, particularly when many are unmanaged," the report said.

From a cloud compliance perspective, PwC said that – by anticipating cloud service trends, regulatory compliance directions and business forecasts – a company can build in the necessary controls on future cloud services, rather than having to bolt them on later.

With this strategy, PwC said, business executives across can now apply cloud policies and guidelines as their organisations and bring in cloud business partners.

Read more about cloud compliance


Read more on Cloud security