Richard McAniff, co-president and chief development officer at VMware, outlines the dangers of uncontrolled SaaS applications.
McAniff said: “While we are beginning to see infrastructure delivered as a private cloud, we are also seeing more and more SaaS applications coming into the enterprise. These SaaS applications represent a potential security hole.”
He challenged conference delegates to write down exactly how many SaaS applications they had within their enterprise and then to go back and see if they are correct. He went on to claim that just as Windows PCs provided tremendous productivity gains in the 1980s, they also caused a lot of problems that are still being cleaned up.
McAniff said that most companies have multiple passwords floating around that are not tied into internal infrastructure.
“Aside from the fact that enterprises may have a lot of unprotected passwords floating around, they are also putting mission critical data into the cloud without appropriate controls. Putting data into the cloud isn't the problem, it's not knowing what is out there that is the problem," he said.
“Another potential problem is when an employee leaves the company. If the SaaS provider has control, you will not be able to deprovision the user. After they leave they still have access to this information.”
McAniff mentioned the Project Horizon development effort, launched at last year's VMworld that claimed to deliver simple, secure end‐user access to applications and data across a wide range of devices.
“Project Horizon will broker user access to applications, virtual desktops and data resources, while preserving the required level of security and control needed by a modern CIO,” he said.