Cloud services are fantastic for enabling access to information regardless of where the user is. Dropbox, SkyDrive, Google Drive, for a few examples, allow users to easily move between devices – laptops, tablets, smartphones, or even the office PC – and yet still be able to review, edit, and share documents whenever and wherever the need arises.
SaaS services, especially free email services like Gmail and Outlook.com, enable communication without the bother of dealing with the restrictions and policies of corporate email systems.
Which of these services are approved for your company’s use, or allowed under your corporate policies? Have your risk management and compliance officers reviewed and understand what corporate data is out there? What regulatory exposure (federal, state, local) would be involved if a cloud service inadvertently exposed or disclosed your business’s data? If a cloud service went away, as in the cases of Nirvanix, MegaUpload, or Lavabit, what impact would it have on your business operations and your customers? Could your data be recovered, communications paths be restored, and your business operations continue without a hitch if a cloud service closed its doors?
All these great business-enabling cloud services today are one of the two vectors freeing data that used to be protected by being locked up in immobile computers. (The other vector being BYOD that many other blog entries examine.) As in the PC and network revolutions that struck in the 80s and 90s, IT management and GRC officers are now being forced to re-visit their data compliance and IT management policies and technologies to maintain visibility into their user’s cloud service use, and ensure their company has an acceptable level of risk and in the cloud-enabled business environment.