Is your data hiding in the shadows?
The upside of the EU-USA Safe Harbor saga is that more people understand the importance of where their data is actually stored and processed.
A challenge many organisations face today is that of ‘shadow IT’. This term refers to (typically) business users in an organisation who subscribe to Cloud-based services for corporate use.
I’m not picking on Salesforce.com (which is a great service), but it’s a good example. Imagine a sales team in an organisation are in need of a CRM system and the internal IT team can’t deliver one quickly because of competing priorities or budget pressures. The Sales team use their credit card to subscribe to Salesforce.
On the face of it, it makes sense. The sales team get a CRM system immediately with no capital outlay and the IT team can focus on their other work. However, there are a number of issues here, primarily:
- The recent EU-USA Safe Harbor issue has highlighted the real need to understand where your data and that of your clients is stored and processed. This doesn’t just apply to the systems that you ‘own’, but Cloud services used and those of your suppliers.
You need to ensure that your data and that of your clients is secure and understand who can access it – wherever it is located and whoever is hosting it.
As a CIO, I am very supportive of using Cloud based services (and use them myself). They are feature rich, expandable and quickly deployed. However, they must be managed so that the organisation understands where its data is, who has access to it and the security implications.
It’s one thing to deploy a system quickly, but it must be done safely and not put the organisation and clients at risk.