Creating Structured IT Policies in the Cloud Age
Dropbox, Google Docs, etc. Easy to use, low cost, web-based, self-procured solutions to specific daily business problems. What could be bad about that?
From an end-user perspective it sounds pretty great. From an IT and compliance perspective, it represents problems.
- No protection over the company’s digital assets
- Lost data due to inappropriate measures for backup and recovery
- Limited infrastructure control due to individual sign ups rather than corporate accounts
- Lack of integration with current systems
- No top-down, company-wide deployment
- Limited ability for legal discovery
- Lack of basic security such as VPN connections
Access control: poor username and password protection
AVATAR suggests putting together some solutions to work through the specific needs. Most importantly, define policies and standards to help solve the desire to go to external solutions. If Marketing sets up a Dropbox account it is most likely because they do not have a more management solution that will help them get large files out. Establish a review procedure that will open lines of communication about the specific needs.
Next, identify solutions to meet those specific needs but can still provide the appropriate level of security and control. For example, CILIA can provide Marketing and Sales teams ways to manage and share marketing assets from within a standards and compliance-based solution. Or establish a enterprise content mangement solution that can be setup for communicating with external partners from within a highly structured tool.
And finally, be nimble. Needs and options change quickly. Create a process that will allow for immediate solutions. Remove the roadblocks and employees will be less likely to feel like they have to work around them.