A new report is underscoring what most channel partners already know: Decision-making about technology purchases has moved past the IT department and into the boardroom. So here’s what comes as the most interesting or actionable tidbit – executives need help implementing and enforcing policies and processes that drive growth without compromising security, compliance, or corporate data. Enter the holistic channel partner.
Findings from a recent Cloud Security Alliance (CSA) survey show that that 61 percent of company leaders, rather than IT staff, now make the call about moving data in to the cloud. At the same time, almost 72 percent of these executives do not know which or how many unauthorized apps abound within their organizations, a circumstance now referred to as “shadow IT.” For businesses with more than 5,000 workers, that figure grows even higher, to 80 percent, CSA found.
That’s a dangerous situation because employees may rely on apps that don’t meet regulatory, corporate or other standards, jeopardizing data security. Channel partners – in particular, MSPs, systems integrators, and VARs and agents focused on hardware and services – should view this gap as an opportunity to guide customers. Someone needs to identify the number and type of apps, including those in the cloud, in use throughout a company and vet them for security, compliance and policy enforcement. From there, someone needs to construct procedures that will aid in protecting company information. That someone should be the partner who understands all aspects of business technology.
With that in mind, here are three key best practices that will go a long way toward preventing problems:
Track down which apps employees depend on to conduct business. From there, help the client determine which ones are all right and which need to be blocked or, better yet, upgraded to a business version. For example, 80 percent of CSA survey respondents are more likely to block Dropbox over Facebook. And yet, Dropbox (and services like it) helps people collaborate regardless of device or time zone. In this scenario, a channel partner would do well to replace unguarded instances of Dropbox with a collaboration platform built for businesses (there is a Dropbox for Business, but not everyone wants to use that brand).
Develop an acceptable enforceable cloud usage policy. Dig into each customer’s practices and write a policy that accommodates the way each client conducts business. In this case, one size does not fit all. Also, know that not very many companies are active on this front right now: Only 16 percent of organizations polled by CSA have a policy they enforce fully; another 26 percent only enforce the policy in part; and 8 percent do not enforce policies at all, the CSA discovered. Helping your customers protect themselves is critical.
Create a cloud governance committee comprised of all line of business leaders, not just IT personnel. Such a group is intended to form and update policies. The CSA said that only 21 percent of survey respondents have built a governance committee, while another 31 percent plan to install one. Channel partners are well positioned to help customers decide which people should serve on that committee.
To be sure, if you’re not talking with clients about these matters, you’ll probably face resistance in moving them to the cloud. Many executives remain wary about the benefit of cloud technologies compared to the risk, the most glaring of which they perceive as security. When you think about the Target, Home Depot and Sony attacks, it’s no wonder that only 39 percent of companies in the Americas spend more than 20 percent of their IT budgets on cloud services, as the CSA discovered. That figure compares to 55 percent in other regions. “Faced with questions about the security of data in the cloud, IT professionals have been understandably hesitant to take a cloud-first approach to new technology projects,” CSA analysts wrote.
So as you work with end users to formulate a cloud-first approach, be sure to follow the steps above, and to add to them as you discover what works best for you and your customers. In other words, get your clients’ IT out of the shadows.