Security Experts:

Facilitating Enterprise Cloud Adoption through Intelligent Policy Enforcement

No matter what rules or policies businesses put in place, resourceful workers will always find a way around them in the interest of better communication and efficiency.  It’s a fact. Employees self-select external collaboration resources that make them more productive in doing their jobs. This leaves businesses with essentially two choices: they can either fight their users, penalizing and even terminating those who try their hardest to increase their effectiveness, or they can own this new way of working and provide a secure, reliable, and comprehensive solution.

There is a growing trend of true cloud players such as Salesforce.com and Google investing in enterprise wide platforms. This signals to me that a growing number of companies have realized that the benefits of the cloud are too valuable for employees for them ignore. It is time to take the steps to enable and manage the cloud movement. Security, once an obstacle to cloud adoption at the enterprise level, is increasingly being viewed as an enabler to unlocking the cloud’s power and is a driving force in its wide-spread adoption.

Why the change of heart? Because try as they might to enforce network protocols on-premise, these organizations have finally realized that they can not stem the tide towards the use of cloud-based functionality, nor can they account for all of the personal devices employees are using that are connected to corporate networks and databases. Mobile, social, and cloud forces are converging to bring even the most conservative industries into this brave new world of always-accessible, always-on technology.

Enterprise Cloud Applications

What companies are realizing is that when it comes to information, people can ultimately decide what to share, who to share it with, and what network, application, or service they will use to do so. Creating difficult security policies that stand in the way of being able to use an officially sanctioned system results in less security, as it will simply drive users into consumer-grade apps.

While we tend to focus heavily on enterprises moving to the cloud, there are a number organizations being created today that are “born in the cloud.” Rather than replacing costly expenditures on hardware and equipment based on-premise, they are utilizing the power of the cloud for all of their network needs right from the ground up. My own company was built this way. This eliminates the potential pain points of a later migration and offers them immediate capital savings that can be invested into the core competencies of their business.

One way of looking at how both models of cloud adoption transform businesses is as a form of increasing user empowerment. By implementing what we often refer to as intelligent policy enforcement, enterprises can, for the first time, help their employees become accountable for managing where their critical data sits, ensure that security and compliance standards are being met, and do so in a way that is compatible with their practical requirements. Moreover, when issues arrive, the organization can be immediately alerted and deal with this issue at both a technical and human level. This nuanced and highly responsive approach is allowing enterprises to take greater advantage of the tools and services only available in the cloud, while remaining fundamentally in control of their most sensitive data.

Of course, faster and broader migration to the cloud does present new risks. I find that organizations that migrate to the cloud tend to go through a period of what I refer to as the “honeymoon” phase: a sense of relief from the stress and worry of dealing with its data, and a sense of joy as they realize what new means of collaboration are available to them with their cloud platform or platforms. While I fully endorse the cloud as the best and most secure way to store data, it is not free from responsibility. This honeymoon often ends with a realization that there are still regulatory, organizational, and security compliance issues to be managed.

An analogy to illustrate this point: storing one's life savings in cash under a mattress means being far more worried and vigilant about its safety than if it were in a bank. You are certain to lock the doors and windows when you leave the house. You likely check on your money's status often, to reassure yourself that it is still where it’s supposed to be and has not been discovered and stolen. In short, the job of managing it yourself becomes a full-time burden.

When you finally come to the (entirely sensible) conclusion that this money is better stored in a bank, you no doubt feel an overwhelming sense of relief. However, you are still responsible for maintaining some level of security over your account. While the money is physically more secure in a bank than in your home, you still wouldn’t go around sharing your account numbers and pin numbers or leaving your bank statements around for others to find. It works the same way in the cloud: while the data is safer, you are still on the hook for a certain level of vigilance and security.

What intelligent policy enforcement does for an organization is ensure that their security and compliance standards are adhered to at all times while also improving the work habits of users. As these policies evolve and grow over time, organizational efficiency rises with them, as users become more comfortable using the platform and its security requirements. Better access to the collaborative tools offered by the cloud translate into more productive employees, and over time the work environment itself becomes more flexible and responsive.

Policy enforcement is more than just ensuring every bit of data is secured in the correct field of a given application. We recently worked with a large financial services company who, upon migrating its operations to the cloud, realized that it had 36 distinct contracts in place with Salesforce.com to provide the same exact service across business units. Not only did this present a clear duplication of asset allocation, it represented a security and compliance risk to the organization with the potential for company value-altering penalties. Through policy enforcement, they were able to standardize on Salesforce.com across the enterprise and eliminate potential risk.

The cloud debate is over. Nobody argues as to whether the cloud offers greater business performance or value. The cloud is opening up new possibilities to organizations across the globe and enterprise platforms residing in the cloud can now elevate an organization’s capabilities at a fraction of the cost. The last point of contention, security, has also proved to be a non issue and in fact, is now a primary motivator for cloud adoption. When it comes to assuring the protection of data, the enterprise has embraced the idea that it’s more about people and policies than outdated protocols.

view counter
Gil Zimmermann is co-founder & CEO of CloudLock. Prior to founding CloudLock, he was an Entrepreneur-In-Residence (EIR) at Cedar Fund. He has held key business positions in both small and large companies (Backweb, Sun Microsystems, EMC Corporation), beginning his career in the Israeli Defense Forces (IDF) with several technology leadership positions in the Military Intelligence Elite Computer Projects Unit. Gil has a High-Tech MBA from Northeastern University, and holds a double major BA in Computer Science and Philosophy from Tel Aviv University, and is a graduate of MAMRAM (Israeli Defense Forces’s elite software engineering program).