Twitter Facebook Linkedin

Is Your IT Group Protecting Company Interests Or Oppressing Innovation? – By David Bean

To share...Tweet about this on TwitterShare on FacebookEmail this to someoneShare on LinkedInShare on StumbleUpon

Author: David Bean, Sr. Director Cloud Platform Operations at Intel

I can’t remember a time when technology felt more accessible. Want to start a new business venture and aren’t sure how to create a business plan or how you will manage customer contacts, billing, marketing or resource planning? Or are you working in a corporation and want to improve reporting, facilitate collaboration, easily share files, have more effective meetings, or start a Kanban practice? If you find yourself in either of these positions likely your first stop is an app store. And why not? These days there seems to be a pre-developed, cloud-based app ready to handle everything from core business processes to the most obscure task. They are easy to access, implement and purchase and may allow you and your team to be more productive. So what’s the catch?

If you are an IT executive you can think of plenty.   For example, how much of your technology spending is occurring outside of IT? Are these deals being negotiated such that you are maximizing partnerships and leveraging buying power across the organization? What are the SLA’s with the vendor? What is the risk to the business if a particular service goes offline? What data is being entrusted to the cloud provider? How are we ensuring we are not jeopardizing the intellectual property of the organization? Are there any contractual or legal obligations that preclude us from using a particular service? What happens if an employee with access to the service leaves the company? How can we ensure that data is properly destroyed after we stop using the service? These are the types of questions that are probably not top of mind to an individual that just wanted a simple way to share files but they are paramount to an IT department charged with protecting the intellectual property of an organization. Thus, the dilemma is created for Information Technology leadership; In today’s self-sourcing IT environment how does an IT organization continue to protect the interests of the business without oppressing innovation?

One way to tackle the problem is to have a strong vision for your cloud brokerage layer.   This should be an ecosystem of tools that protect the business while at the same time allowing members of the organization from outside the IT team to select the best tool for the job. In a recent ZDNet article Sanjay Beri, CEO of Netskope estimates “the average medium to large-sized business is actually using between 300 and 400 cloud apps”. More disturbing is his comment that “90% are not bought by IT”. ( At first glance, it would seem that the problem to solve is how to constrain the unfettered adoption of these non-sanctioned cloud applications. But that understanding is incomplete and doomed to leave an organization behind as app driven innovations surge forward. Instead, the problem should be framed as one where it is the IT department’s responsibility to ensure the integrity and confidentiality of the data used in these applications. By being able to control the ingress and egress and data to the cloud an IT department can pivot from one carrying the burden of finding the perfect solution to every problem to one that is able to encourage experimentation in order to create an environment where “best-of-bread” technology is selected.

The upside of creating a collaborative engagement between IT and the business is undeniable but it must be entered cautiously and with the proper controls. A well-developed cloud brokerage layer gives the business those assurances. Even though some cloud brokerage technologies are in a nascent phase the time to start creating this protective layer around the business is now. This will put an organization on a footing to be more nimble in their use of cloud-enabled technology and give them an advantage over competitors that may be slow to adopt these protections. Once the framework is in place these technologies will continue to evolve to meet customer demand. A successful implementation of a cloud broker framework should have the following characteristics:

A Policy Driven Vision: It should be clear at all levels of the organization what the cloud brokerage vision is and how it will be enabled through the right policies. Although each organization may choose a slightly different implementation, the rules of engagement should be clear from the outset including what policies individuals must comply with in order to allow them the freedom to explore appropriate cloud-based solutions. The advocate for a cloud brokerage layer should create a narrative to discuss the importance of this strategy with stakeholders and this narrative should be backed by a clear set of policies.

 Strong Data Management Practices: Determine what data is critical to the business and protect it. A data classification model should exist that makes it easy to understand what data artifacts contain sensitive information and which do not. Once a data taxonomy is created encryption, tokenization, and fingerprinting techniques can be used to ensure that the data is protected no matter where it resides.

A perimeter: Each endpoint must be equipped with an IT-controlled path to the cloud. This could be through a VPN to a corporate network, a smart firewall on the device, or through a cloud proxy. If clients are able to move data into the cloud without passing through an IT-controlled detection layer the framework will be unable to achieve its objectives.

A Utilization Detection Methodology: Once transactions to the cloud are captured as they pass through the perimeter there must be a business logic system that transforms this information into meaningful intelligence. There are several technologies that fit this bill. A web gateway, a properly tuned IPS, a “network DVR” or a conglomeration of data sources feeding an event manager. The technical decision about how to determine what applications are being used can take many forms but it is important that the result of this choice be a meaningful dataset that describes who is using cloud-based applications, what the applications are and as much as possible what data is being sent to them.

Identity Management: The identity of users in the cloud as representatives of your organization must be managed. This means going beyond single-sign-on and recognizing that when someone leaves your organization his or her ability to access key data must be also be controlled. Here again, there are several options for managing identity from simple policy driven directives to more advanced technical solutions. No matter what solution is implemented, managing individual on-line identities through an employee lifecycle is a key component of a well thought out cloud brokerage.

An eye toward the future: Right now most users interact with the cloud over traditional channels like HTTP or HTTPS. Don’t forget to monitor trends to ensure that your cloud brokerage is ready for the changing ways that we will interact with technology in the future. For example, applications such as Magic and Operator are using SMS to replace the GUI and may represent a new vector for data transport and potential data loss.

The enormous potential to harness technology in the pursuit of creating a successful business strategy is best realized when all company employees are empowered to participate in the task. It is no longer the sole domain of a central IT department to select what technology should be deployed as a business moves towards reaching its critical business objectives. Creating a well articulated, planned and executed cloud brokerage framework allows companies to move in this direction confidently and with the assurance that the protections required by the IT department will be in place when they arrive.

To share...Tweet about this on TwitterShare on FacebookEmail this to someoneShare on LinkedInShare on StumbleUpon
David Bean

About David Bean

David is Sr. Director of Cloud Platform Operations for Intel's Security Group, formerly McAfee. In his current role, David is responsible for the strategic direction of Intel Security's SaaS platform including making impactful investments towards achieving business objectives, the execution of complex projects, and ensuring that the daily operation of the platform results in delivery of services at a level that delights Intel Security's customers. The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.