As Apple eats away at Microsoft Windows’ market share and mobile apps replace desktop applications and websites, the case for usability seems to be written in stone. Everyone wants to use various devices to easily accomplish any task. But with that ease of use comes unintended consequences. “Easy-to-Use” can easily become “Easy-to-Misuse.” Recent high profile security breaches, like the Panama Papers, have legal professionals thinking twice about transitioning their services to easy cloud-based services:
“The buck stops with the lawyer,” says Michael R. Overly, a partner and intellectual property lawyer focusing on technology at Foley & Lardner LLP in Los Angeles.“The balance that was struck even a year ago that would have been appropriate as to ‘reasonable security’ I think is no longer a reasonable balance,” Overly says. “It has to be tilted a little more, further toward security than usability.”
We don’t need to give up cloud apps altogether, even though Gartner concluded in Mind the Security SaaS Gaps that the adoption of sanctioned enterprise cloud services should be slowed until security and data sovereignty issues can be resolved. Security concerns top the list of barriers to cloud adoption, but a concern shouldn’t stop a business from considering cloud apps. Security concerns can be addressed with a good plan and the right tools.
You can have both with the right plan
The problem with cloud apps isn’t that they’re too usable, the problem is that the benefits of cloud apps have caused businesses to drop their defenses. Most businesses have done very little to oversee cloud use, but when security is the goal, IT pros can have their cake and eat it too.
Instead of sacrificing usability to meet security goals, IT pros and executives should give cloud apps more thought and allocate the necessary resources to have usable software that is also secure. Employees will use whatever tools helps them get their job done. CISOs should know what cloud apps employees currently use, but most don’t have the visibility they need. As a result, many CISOs are surprised to discover hundreds of cloud apps in use once when they gain visibility using a Cloud Access Security Broker (CASB) tool.
After IT pros discover what cloud apps are in use, they can decide what to do with them: allow, review or revoke access. This creates an opportunity to consolidate and standardize workflows so that everyone can collaborate using the same services. Finally, CISOs should monitor cloud app activity for suspicious behavior, potential breaches, and unsanctioned 3rd party integrations. Employees don’t need to sacrifice their usability to meet a business’ security goals when the right tools are in place. When security goals are given the resources necessary to succeed, security and usability both win.