Cloud adoption is now near universal: 93% of organisations use cloud services. The benefits, including ease of access, pay-as-you-go pricing and quick time to value, are well known. There are also challenges, though.
As organisations expand cloud utilisation, there is often an inexorable spiralling of management and usage complexity, directly related to the human factor – issues impacting on an organisation’s cybersecurity which arise from employees and others with internal systems access.
For example, the requirement to maintain numerous usernames and passwords. Users may resort to insecure workarounds, easy-to-guess passwords, or the same password for multiple services.
Compounding the issue, cloud apps often use only single-factor authorisation, despite the fact that most data breaches can be thwarted using strong two-factor authentication (2FA).
Password issues clearly open up serious security holes, but also drive up helpdesk costs – Statisnet reports that typically 20% of helpdesk costs relate to password reset requests.
Meanwhile, IT’s view of user activity tends to be foggy at best. Clear visibility of where and when users access each app is essential to regulatory compliance, and even more important with the introduction of new regulations such as the GDPR.
Organisations can take four simple steps to gain control over cloud access across the workforce, mitigating many of the human factor risks associated with the cloud.