Cloud, mobile remain at risk of access management issues
August 1, 2014

Cloud computing and enterprise mobility have each made it into the common working environment, with a majority of organizations in the public and private sectors of developed nations leveraging these technologies for a variety of purposes. While myths related to the cloud's inability to secure data has been dispelled, this does not mean that decision-makers are free from their responsibilities as they relate to identity and access management. 

It has become clear that simply trying to avoid these trends and others in corporate computing is not feasible and could lead to significant competitive disadvantages. As such, leaders cannot balk on these deployments, operational refinements or strategic changes, but must instead take a proactive approach to them that involves comprehensive security and control planning, shoring up defenses ahead of otherwise risky new movements in IT. 

The cloud data conundrum
ZDNet recently reported that a new study that looked at roughly 10.5 million organizations from a variety of industries that use the cloud found that many of these entities are partaking in highly risky activities when it comes to data sharing and general governance. It is important to note that, from a policy and procedure perspective, protecting access and information in cloud-based environments is very similar to what was demanded by traditional IT frameworks. 

According to the news provider, Skyhigh Networks' Cloud Adoption and Risk report revealed that the equivalent of about 177,000 Word documents worth of data were directed toward insecure cloud computing environments by the average company in this most recent quarter. Perhaps not surprisingly, the firm found that the health care and financial services sectors were among the worst performers when it came to access management in the study. 

The source pointed out that encryption practices are lackadaisacal to say the least, with as much as 89 percent of the surveyed group failing to use these tools for risky or sensitive information. Additionally, fewer than one out of every five organizations are using multi-factor authentication for their internal and client-facing accounts, while the vast majority of companies are not certified by ISO 27001 standards, ZDNet noted. 

Finally, the news provider stated that malware patterns are simultaneously intensifying and changing. 

Mobile, cloud, IT cohesion
The average organization is leveraging cloud computing to modernize its IT frameworks and enable the deployment of mobile and other initiatives. Taking a disjointed or entirely unplanned approach to security that either isolates each aspect of operational management and IT itself can lead to significant inefficiency in practice, all the while heightening the risk of sensitive data and systems within the corporate infrastructure. 

Rather than having to worry about these issues, businesses should always consider using more effective identity and access management controls such as dynamic, next-generation multi-factor authentication tools. This way, user experience and governance efficiency can reach optimal levels at once, which will most often ensure stronger security performances and few threats to manage over time.