Cloud usage is rising exponentially. The number of Cloud Services is increasing approximately 20-25% every quarter. Cloud Services have made a very strong business out of making them easy to sign up to, easy to use, with terrific and engaging user experiences. They are funky and fun with a “Wow” factor often missing from in-house applications. They install in moments and are up and running instantly.

They are used not only for personal content but also for business content but Users seldom stop to think “where does this service live” or “where is my data going” or “how protected is the data”. They just want the service and the outcome. How many users read an End User License Agreement (EULA) first, and even if they did, would they understand or appreciate it?

When discussed with the I.T. department within the business, the initial reaction is often outwardly critical of the Users. But in our experience, Users are not knowingly putting their data off-shore or in risky places. Rather they are often blissfully unaware of where data is going. For example, how many users of iPads, given to them by their own IT Department, think that the information they enter when backed up or using the iCloud storage service is actually stored in their own IT data centre when it is in fact stored in iCloud?

Recently I looked at a random EULA in a free File Conversion site that provided a service that many people won’t get from their own IT systems. The very first EULA I looked at contained this statement:

“For this purpose, the Customer grants the Provider a right of use of the file, unlimited by time or space.”

So whatever files are sent for conversion, this provider can use the content for whatever they want, for however long they want, if you use their free service. But as I have said, no-one reads the EULA. They just click “I Agree”. I do too. Most of the time.

So when it comes to de-risking the organisation whose data is leaking and being used and exposed in ways never anticipated, User education is paramount. You have to bring the users along with the ride. Blocking may end up driving Users to even riskier services.

And just when you think you have a handle on and control on cloud service use, along comes another 20-25% next quarter. With all the cloud service growth you can’t keep track of it manually. It is simply impossible without tools to evaluate and rate services. That’s where Cloud Service governance comes in. This is more than having Internet Use Policies which are broad, idealistic and often unrealistic (for example no social media use). Good governance includes good communication about policies, the risks and how you are dealing with them. It may involve splash screens which appear when a user tries to go to a risky service advising them not to put sensitive data there. If you do decide to block services, perhaps you should offer Users sanctioned alternatives with the same functions but which are safer. Users will understand that they should use some sites only for personal and not professional reasons. Influence and guidance is key. IT departments should partner with their Users rather than dictate to them.

If you engage Users early and lay out the issues in workshops or discussions, they quickly grasp the dilemma. Our experience is that Users are simply unaware of the risks. But they want to do the right thing, if you can help them.