Internal IT – the enabler and protector of enterprise data

A recent report from McAfee has revealed that while most organisations believe they use a very modest-sounding 30 cloud services, in reality they use approximately 1,935 services, a a frankly terrifying amount. This massive disconnect has been mainly caused by the advent of Shadow IT and an ever-escalating need for business agility. With cloud services so easy to procure and use these days, business units within companies are taking IT into their own hands and creating the resources that they need, as opposed to following internal procurement processes.

Shadow IT isn’t necessarily a bad thing – during this digital revolution, everyone needs to operate in a more agile fashion, and Shadow IT is just one way of doing things. However, not only does this lead to businesses not knowing where their data and apps are, it also leads to potential accounting nightmares and the threat of sensitive data being unprotected.

Sensitive data in the cloud

According to the report, 21% of all files in the cloud contain sensitive data, which is an increase of 17% over the past two years. If properly secured and stored, this shouldn’t be a problem. However, the report also reveals that businesses have an average of at least 14 misconfigured IaaS instances running at any one time, leaving sensitive data unprotected. With 65% of organisations around the world using some form of IaaS, that is a large number of potential data breaches waiting to happen.

Additionally, the report reveals that 5.5% of all AWS S3 buckets in use aren’t configured correctly – this means that anyone with the link can access the contents of the bucket through the public internet. 5.5% doesn’t sound like much, but that’s around one in every twenty S3 buckets that have not been secured.

Is the public cloud unsafe?

Some of the public cloud naysayers out there will be predicting that the end of the (public cloud) world is nigh, and that public cloud has no place within an enterprise. However, that’s not really true. Just as a hammer, a knife or even a car can be inherently unsafe in the wrong hands with inadequate protection, training or expertise, so too can the public cloud.

The public cloud has had a phenomenal impact on businesses of all sizes – it has enabled startups to get off the ground without having to invest substantial amounts of capital expenditure in hardware and software. It’s enabled business units within enterprises to react quickly to changes in customer and market demand. It’s generated millions of dollars of revenue for enterprises (and governments) of all sizes around the world. But is it right for everything?

Internal IT as a service provider

In the turbulent world we live in, increases in regulatory compliance and changes in the global political arena means that we need to be more careful of where we store our data, and how we protect it. While in the past some business units may have seen internal IT teams, procurement and provisioning as an inhibitor to getting their job done, internal IT teams are a necessity within businesses, particularly enterprises.

This is particularly highlighted by the statistic in the report that most organisations think they use 30 cloud services, but actually use approximately 1,935. Allowing internal IT teams to take this role within the business means that the line of business departments are able to get back to focusing on their roles, as opposed to trying to be a mini-service provider for themselves.

The case for multi-cloud and internal IT

Internal IT should be viewed as an enabler for enterprises, offering a simpler and easier to audit route to approved (and correctly configured) public cloud services, in addition to private cloud services for the most business-critical of data. As enterprises around the world explore what it means to have a bi-, or multi-modal IT stack, this kind of multi-cloud setup would seem to be an obvious choice for enterprises. But most importantly, it should be managed centrally by an internal IT team – this shouldn’t mean a reduction in business agility, or a slow-down in procurement times, it just means that enterprise data can be appropriately stored and protected so that the business can continue to grow.