In my previous post, I highlighted several challenges that make Cloud-based security a matter of constant vigilance. In this post, I’d like to offer some solutions that can help your organization meet these challenges and stay secure in the Cloud.

These security solutions make good business sense, because they help you function more effectively in today’s world. For example, they can help you:

  • Protect internal data: You want to give employees easy access to company information that makes them more productive. But you also need to protect any data that is accessible via the cloud. Virtual private networks, or VPNs, allow you to place your internal applications behind a firewall that is accessible only by authorized users. They can be very effective in protecting your organization’s data. But that protection is only as good as the sign-on procedures. Simple password-based systems do not provide adequate protection. More sophisticated systems that support a variety of authentication methods – such as two-factor authentication or biometrics – are more effective.
  • Protect customer and partner data: You’ve read about the famous and highly embarrassing cases of hackers capturing sensitive information such as customer-related data. These episodes can seriously damage your credibility with customers and business partners, and violate data privacy laws. But data loss prevention software can help ward off attacks by detecting any breaches of your Cloud-based system and preventing hackers from accessing critical data.
  • Deliver faster insights: More and more organizations are discovering the value of delivering real-time analytical insights via mobile devices. But a mobile business intelligence strategy requires a high level of security. Mobile Device Management (MDM) software helps ensure that all devices used by your team – including BYOD devices – are protected by data encryption and other configuration settings. In addition, it can ensure that any device may be immediately wiped clean in the event of loss or theft.
  • Provide role-based access: Different employees require different data access clearance. But how do you enforce role-based policies so that each employee gets the data he or she needs – while preventing unauthorized access to critical applications? Among the challenges to consider are:
  • Role changes: When an employee changes roles due to a promotion or other reason, they may need new permissions. In addition, they may need to have their previous permissions revoked
  • Temporary duties: When an employee fills in for a colleague or takes part in a special assignment such as year-end closing, they may acquire new access privileges that need to be revoked when that temporary assignment is finished. For example, a purchasing manager may need to step in for a colleague who is authorized to create new vendors within the system. That PA could now potentially create fictitious vendors and direct purchase orders to them, resulting in a security risk. To minimize such risks, your systems need to enable frequent compliance checks for all roles – especially those that involve access to critical business applications such as ERP.
  • Outgoing employees: When an employee leaves, he or she could retain access to the organization’s systems for months or even years to come. Your systems need to provide for immediate termination of privileges
  • Protect against malware: Malware can damage workflows and compromise productivity. So every Cloud-based environment should be equipped with software that continually detects and prevents malware attacks. Because malware continues to grow more sophisticated, prevention systems should be updated on a daily basis.

While these solutions may seem a bit technical, even non-tech executives should be aware of their existence – and their advantages. And if your Cloud provider does not offer most or all of them, you should ask them why.

Have You Read this Report?
If you haven’t yet read “Protecting the Cloud” by Oxford Economics, I highly recommend it as an excellent introduction to the most critical issues of Cloud security. To download a complimentary copy,

About 6 weeks ago I was invited to attend the Bay -Area Churchill Club meeting featuring the CEOs of Jive and Box talking with Andreesen Horowitz and Bloomberg Businessweek .  The conversation between all 4 speakers was good, covering a number of trends and involving the 100 or so people on the audience.  Inevitably, the conversation turned to the “triple point” of mobile, social and big data impacting nearly every business, labeled “the future of work” by the Churchill team.

Reinforcing comments from this Churchill group is the metrics-based Oxford Economics study, Unleashing the Cloud .  All of our smartphones, tablets and PC are increasingly connecting 24×7 to mobile cloud platforms that support a variety of business needs, with some variation in the rate of adoption in different regions. For example, Oxford notes that 61% of survey respondents indicate that they use cloud platforms to rapidly deploy new services and capabilities – and many of those likely are remote apps to increase workplace productivity.

Let’s go back to the Churchill Club, which from its inception 28 years ago has a track record of trend-spotting and putting their fingers on the pulse of tech Industry. There was no disagreement from anyone that Social is the new wave or beltway of business. An earlier wave, distributed computing, was an improvement but certainly didn’t deliver the office of the future.  Now, with Moore’s Law ticking along we are certainly closer to what famous news personality Walter Cronkite called the “Home of the Future” 46 years ago — where “work will come to us.”  Incredibly insightful,  and that future is real today, but is the “office of the future” cutting our average work hours?  No, last year Fortune noted we work up to 12 hours weekly beyond those worked only a few years ago.

Corporate IT has spent the last three decades building successful infrastructure for boosting worker productivity.  And now we’re collectively breaking it into four pieces – cloud, social, mobile and big data.  What’s missing is the people portion of the equation.  Churchill presenters even called this out by shouting out, “Who remembers what BCC even stands for?”  Think old technology and mimeograph in action.  Spreading newer tech over the next 5-10 years will increasingly combine what Aberdeen calls SoMoClo (social/mobile/cloud).  Want proof? Think about Amazon Web Services a mere 10 years ago vs. today and how NetFlix or even SAP’s own SAPafaria.com $1.11/month MDM product easily scales to a global workforce.  And, that global workforce is no longer the sole responsibility of the CIO.  Democratization is quickly taking hold.

How quickly is SoMoClo taking hold in the workplace?

$2 trillion USD is spent on IT according to IDC researchers and $131 billion of that is shelled out on cloud services according to Gartner.  Cloud delivers the ability to innovate and execute on business needs quickly.  Is this the beginning to a @ work, perhaps?  Certainly a new group of 3 kings or industry leaders is emerging according to the Churchill presenters.  The Economist even points out this cloud phenomenon as an important part of today’s 3 rd Industrial Revolution.  IT innovation cycles are moving even faster now thanks to SoMoClo and include a rapid embodiment of machine-to-machine (M2M) for embedded, intelligent data economy-based network – hopefully nothing like the Terminator movies of course.

Summing up our future of work, Churchill presenters and analysts agree that mobile and cloud platforms require a good deal of planning and effort. Oxford goes on to note that “organizations must develop a cohesive and focused strategy and break down silos and departmental boundaries in order to achieve maximum results.”  The future of work 28 or 46 years from now will no doubt focus on how IT and workers adopt efficient workflows and ensure that cooperative governance and security protections exist.  Both Churchill and Cronkite may be on to a longer term trend.

How cloud leaders approach mobility, from our latest paper ( click here to download, free registration required):

Cloud leaders—those survey respondents who are ahead of their peers in adopting and exploiting cloud technologies—are more likely to have deployed one or more mobile apps and to have instituted a BYOD policy. Yet these leaders trail the pack in some meaningful areas, including adoption of cloud-based mobile services and VPN access via mobile devices, indicating the dynamism of the mobile cloud arena. (Leaders are identified based on planned investment in cloud computing, adoption of cloud platforms by a majority of their business functions, and approach to managing cloud risk, with leaders opting for management by the risk or legal function.)

Click image to enlarge:

According to Barron’s, only six years ago 1% of the world had smartphones; today conservative estimates state that 25% have these incredible portable computers.  The largest challenge facing the mobile enterprise is how to avoid becoming a mobile systems integrator.   Increased mobile use in the enterprise is also highlighted in the Oxford Economics report entitled “The New Digital Economy.” Either way the market is set to grow rapidly for the next seven years (per this Tab Times report summary).

Mobile Content, Mobile Apps, Mobile Devices, Mobile App Management – are these four markets or one?  There are a dizzying number of niche vendors and approaches to consider.   IDC puts the collective mobile enterprise management (MEM) tag on more than 50 different firms.  Gartner slaps its Enterprise Mobility Management (EMM) tag across even more.  These approaches and advances are similar to computer networking and system management generations in years past.

Fortunately these four mobile management technologies show integration promise for many larger enterprises.  Flashback to previous computing generations, and you’ll find a similar breadth of choices with far less access – especially away from the office.  This new 3rd wave of computing features increased productivity for the enterprise but also considerably more risk.  The Guardian recently noted that security risks can carry a hefty price tag of

What can your enterprise and their CIO owners do?   One balanced mobile approach being and highlights the benefits of considering an end-to-end approach in building out the mobile enterprise.  In another new study, IDC interviewed more than 10 leading enterprises, their carriers and managed service providers to help build the ideal mobile blueprint. and its related .  Mobile really is a “Back to the Future” technology that takes steps from prior generations and applies a newfangled deployment model.  Too many enterprises are going to the “neighborhood convenience store” instead of thinking ahead to a general contractor, Lowes, Home Depot or cool new Houzz app .  Instead of a convenience mindset, a back to basics approach or “Back to the Future” movie night is required to fully visualize what’s needed today and tomorrow not just yesterday’s point in time.

To gain insight on future trends and best practices from market leaders stay tuned for a brand new Oxford Economics research paper on “Mobility in the Cloud” slated for release later in April .