It's time to embrace SaaS applications and find ways to make them secure for your enterprise, according to the firm's content security executive.
Security concerns may be paramount, but they won't halt the on-going transition to cloud technologies.
This was the statement from Kevin Kennedy, director of content security at Cisco, during a presentation at this week's Infosecurity Europe conference in London, claiming the IT department could no longer shout "security" to stop more cloud services coming onto the corporate network.
“Cloud is completely changing the security landscape and the reality is, whether we want it to or not, cloud is going to happen,” he said.
“Security is not going to stop it. Yes, it slowed it in a couple of places, but it can't stop it entirely.”
Once IT departments accept the inevitability of the cloud, they need to look at the Software as a Service (SaaS) applications making their way into their organisations.
Kennedy claimed many wanted to ignore the infiltration of these cloud services into their corporate networks, but taking this head-in-the-sand approach would only lead to more security issues.
“Hands up if there is anybody out there who doesn't have an employee using Dropbox, whether it is authorised or not?” he asked the packed audience, with not one attendee raising their hand.
Admitting he used Dropbox, Kennedy added: “I don't do it out of any ill will or malicious intent. I do it because I want to do my job.”
SaaS apps are part of the enterprise landscape now, but the director believes IT can still gain back some control if they pin down one offering and secure it for their users.
“What it comes down to is to start with visibility,” said Kennedy. “Once you know what [employees] are doing and what tools they need to do their jobs, you can make decisions about what apps you want to use and integrate them into your workloads.”
He suggested picking one option and blocking all the others would ensure IT could keep an eye on the cloud service, but still give users an option to make their jobs easier.
“Then you have the stick of control,” Kennedy added. “If you lock everything down, it won't happen. You have to let users do their jobs and provide them with the right tools, or they will find them themselves.”
SC Magazine asked the executive which SaaS apps he felt were the safest to recommend. Although he refused to “promote his competitors”, he advised customers to look across the board and find the ones that suited their business.
“It depends on your business needs,” concluded Kennedy. “It is about your compliance concerns, your worries… with some decisions geographical and some vertical.”
“Take the time to pick the ones you want and what is the best choice for your business.”