Security hurdles in cloud collaboration applications, and how to clear them

Overcoming cloud security migration, management, and protection concerns

Hampton University via Flickr

As a runner, spring always makes me think of Track & Field. While I love running distance, I absolutely hate hurdles. I've never been able to muster the courage to do anything more than stand there and look at the hurdle wondering how the heck anyone can actually jump over it.

I say kudos to those who take the time to look before they leap, but if enterprises follow in my footsteps that means they won't ever transition to the cloud. I can exist and even succeed without clearing those track hurdles, but in order for most of today's digital enterprises to succeed, they are going to have to take flight. 

To use another analogy, I have a friend whose goal is to do one pull up by the end of the year. She said that sometimes she stands and stares at the bar. Some days she puts her hands on it. Other days she thinks about wrapping her legs around it just to get off the ground.

Dana Simberkoff, chief compliance and risk officer at AvePoint, said she liked this analogy because in this situation, doing the pull up has less to do with the actual bar than it does with transforming the body and building the muscles needed to do the work.

It's exactly that type of muscle building exercise that companies need to do before moving to the cloud.

According to a new report from AvePoint, though, nearly one-quarter of organizations are still holding out on cloud-based productivity/collaboration platforms, primarily due to concerns over security (more so than costs or skills gaps). They are focused on the bar, thinking only about the result of doing the pull up.

Given that less than half (45 percent) of respondents said they’re very confident that the data in their cloud-based productivity/collaboration app is secure, someone needs to coach them through the process in order to see that the transition isn't doomed to failure simply because it's challenging.

Dana Simberkoff, chief compliance and risk officer at AvePoint

"Even if it's a transformation from one system to another system, any transition needs to happen in a thoughtful way. The 'lift and shift' mentality isn't a smart or thoughtful way to move," Simberkoff said.

Still, the fear that something might go wrong is real, so how do IT professionals overcome that?

"Moving to the cloud can be an opportunity to take stock of what they have. They can take this time to look at all of their data to decide what they need to keep, what can be thrown away, and what needs to be archived. It's an opportunity to uncover risk," Simberkoff said.

While it's a common practice, data hoarding is not always better. "Business users typically keep as much information as possible and figure out what to do with it later on, but when you have something, you have to protect it," Simberkoff said.

All of these truths might make the IT professional decide to do nothing, to stand in front of the hurdle or the bar frozen with fear screwing of something up, or even of the unknown.

Instead of thinking of any action as it relates to a goal, focus more on the multiple phases that are critical to working the muscles. "Do a cost-benefit analysis and assessments around the value of data. Identify duplicates," Simberkoff said, "which do typically make up a significant portion of the data that most companies [keep]."

Lots of times people are afraid the data has something important in it, said Simberkoff, and they fear that if they start poking around in that data, something bad may happen. "Not knowing is never better. It's actually more of a risk."

"It's critical to understand the data they have in order to understand what to keep and what to move. Think about the future of what that business in the cloud is going to look like?" Simberkoff said.

More importantly know that there are steps to the process, and that you have the ability to determine those steps. "Contemplate the existing environment," Simberkoff said.

Maybe they pilot the cloud with a small set of data, keeping the existing environment and then over time make that move, Simberkoff said. "It doesn't have to be all or nothing. I think the worst thing companies can do is pick up everything, throw it in the cloud and expect that everything is going to be OK."

Don't be afraid to play with it. As Simberkoff said, "There's no one right way to move to the cloud, but there are lots of bad ways."

Leap on in to our Facebook page to leave a comment.

NEW! Download the Fall 2018 issue of Security Smart