Cloud services going rogue on corporate intranets

For years organizations have been battling silos. Whether it’s the data centre, communications infrastructure or software, over the past decades IT departments have leveraged existing technology and integrated it in ongoing attempts to create seamless service delivery.

Arguably one of the most prolific silo-generating activities these days is the deployment of cloud services on the corporate intranet. As IT managers had to fight the onslaught of rogue access points in the early days of wireless networks, cloud services are quickly becoming the new rogue technology on the enterprise scene.

Julian_Mills, head of corporate intranet and internal social media, BMO Financial Group
Julian_Mills, head of corporate intranet and internal social media, BMO Financial Group

Corporate intranets have in fact posed issues since their outset, but cloud is making these worse. Julian Mills, who is now head of corporate intranet and internal social media for BMO Financial Group, has spent much of his career working in the digital media space inside the firewall. He is very familiar with the challenges and opportunities intranets can bring to enterprises. “From the get-go, intranets have been prone to sprawl, even before the advent of social technology. Introducing cloud to the intranet has added to that by pushing workers into silos. It’s a very commonplace problem that gets down to the core of why you have an intranet in the first place. That is, productivity. Intranets are absolutely mission critical tools.”

Cloud is a growing challenge for corporate intranets because enterprises are always going to have people with preferences for systems and services, said Steven Green, president of TemboSocial Inc., a provider of social engagement tools for corporate intranets. “Creative people will break the rules. If they can’t do something on the intranet, they will reach out and independently use the cloud-based tools they need to get the job done. No one has malicious intent when they’re using these tools. They’re just trying to be rock stars and create a good customer experience.”

The ultimate effect runs counter to original intentions however. In fact, using cloud services on an ad hoc basis can quickly become the biggest detriment to true collaboration within the enterprise, Green argued. “Every time [an employee] does that, it’s another tool, another silo, another profile.”

Skyhigh Networks has provided some compelling numbers that spell out how pervasive cloud service usage has become. In its recently published Cloud Adoption and Risk in Europe report, based on interviews with 2.5 million employees across more than 12,000 cloud services, researchers found that the average European organization uses 987 cloud services (a 61 percent increase over 2014). Put another way, the average organization signs up for more than one new cloud service very day. The fewest number of cloud services in use within a company was 507. The highest topped 3,000.

The more worrisome aspect is security: only 7 percent of those services meet security and compliance requirements; only 15.4 percent support multi-factor authentication; just 9.4 percent store data encrypted; and a mere 2.8 percent are ISO 27001 certified. One more important note: 74.3 percent of cloud services did not meet EU requirements for data residency (i.e. did not store data within the EU).

There’s no reason to doubt that the numbers would be similar on North American ground, given the fact that this flood of cloud usage is driven by factors such as flexible work schedules and an increasingly mobile workforce. Even within the four walls of enterprise, project teams or even individual employees are quick to access services like SurveyMonkey, Basecamp, Google Docs or Dropbox in their attempts to be more productive. Overall, the biggest culprits are surveys, project management tools, HR apps (e.g. time tracking, employee engagement), social media monitoring tools and bug tracking (used by code developers).

So what is the actual risk to the company? A quick customer survey initiated by a department within a company using a cloud service could inadvertently include personally identifying information that ends up being shared or comingled with a database. An equally significant issue is that processes can go completely rogue, and could ultimately have an impact on a company’s reputation. For example, an employee at a bank might use a cloud tool to reach out to a customer on a specific project. That service may have an automated email function that could send request to customers with links, creating confusion and inconvenience for customers.

In a perfect IT management world, every cloud solution should be evaluated from scratch, and work with the organization’s current tech configuration in order to achieve authorization for use. However, that takes a lot of time and effort, which is why IT can only manage this process for very few of those tools in any given time.

Steven Green, president of TemboSocial Inc.
Steven Green, president of TemboSocial Inc.

The first thing an organization needs to do is understand what tools employees are using throughout the corporate intranet, Green said. “There are services that can do an audit for you. “From that list you have to decide whether to shut them all down or approve selected ones for corporate use.”

The intent is not to limit functionality for employees, nor should it be, he said. “People can use Google Docs; it just has to be authenticated within the intranet.”

The key is providing the right tools in-house, so people don’t wander offer and get what they need elsewhere. “If companies want a social intranet and employees spend time there, you have to provide access to tools those people like to use and are never going to give up,” Green said.

That will require a more open mind on the part of IT, he added. “IT has to be tuned into current fads which does change the world quite a bit. If you get the tools people like to use and make them available to them in convenient ways inside the intranet and connected to mobile devices, you can start aligning people around you. If those tools meet specific requirements and are easy to use, employees will use them.”

The interesting thing about cloud-based technology from a business perspective is that it gives users direct access to a vendor’s intellectual property through the licensing model, Mills said. “The trick now is understanding how you should get access to that functionality and introduce it into your digital ecosystem.”

The best way to gain control is to bring in IT-managed enterprise wide solutions that integrate with existing infrastructures, Green said. “SharePoint and IBM Connections have APIs that allow tools to be integrated, although some are more complex than others. Jive Software uses a hub approach in which all content becomes an object within the platform. Having everything plugged into the intranet in that way is a brilliant strategy because everything exists within that hub. You can actually save files into Dropbox from inside the intranet because it manages identification and authentication. In other words, you can leverage all the best parts of the social intranet, but within a secure and managed environment.”

Integration with legacy platforms within the corporate environments enables organizations to introduce new functionality to users that they have come to expect from the cloud, Mills added. “Social within the firewall requires that you make your intranet sites effective and secure. Everyone is excited about what they are seeing [from cloud services] and exploring it in many ways. But organizations have to be deliberate about what functionality they want to introduce at what time within the context of security. If you offer the right functionality that adds value to their jobs, they won’t have to go elsewhere to get it.”

 

 

LEAVE A REPLY