There are over 19,000 cloud services available today. While you’ve likely heard of popular file sharing services Dropbox and Google Drive, you may be less familiar with 4shared, ZippyShare, and Sendspace, which are far riskier services in that category. Until recently, many organizations have resorted to simply blocking well-known cloud services with their web proxy or firewall. However, it’s not scalable to extend this to thousands of services, and this approach often ends up blocking relatively secure cloud services while forcing users to adopt far riskier cloud services that may claim ownership of data uploaded to them.
A more systematic approach is needed to create risk-based cloud usage policies. These policies increasingly are not simply allow/block, but include more nuanced enforcement such as allowing users to download data shared by third parties within a cloud service without being able to upload data to that same service. A Cloud Security Alliance survey found that 34.8% of enterprises with more than 5,000 employees have a cloud governance committee today charged with creating and enforcing these cloud policies. In this whiteboard walkthrough, Skyhigh Product Manager Neeraj Mathur explains how to create a cloud governance framework, and what company departments are typically involved in this process.
This post was originally published on the Skyhigh Networks blog here