Slack, Basecamp, O365 – every business has applications running in the cloud. But how secure are they, really? With the GDPR looming, it’s time to take back control of your information. And quickly. Guide your IT-department through our three-lap race to compile a complete overview of app usage, set some basic rules and oversee the flow of information.
 

New technologies demand new rules

Your colleagues are online all the time. 24/7 connectivity offers opportunities for your organization, but it can also become quite dangerous. Without proper supervision, employees will start using apps of all kinds. Meanwhile, you have no clue which apps are being used and how secure they are. A recipe for disaster – especially with the GDPR in mind.

Consider this scenario: one of your employees uploads a file with personal data to their personal cloud storage. Remember, your company is liable for that information if it’s misused. A minor mistake, sure, but what happens when a disgruntled employee starts uploading highly confidential information to his or her personal account?

Right, better get started.
 

Lap 1: assess your apps

First thing? You want an overview of all the apps that are connected to your network. This type of assessment is both fast and affordable. The resulting report gives you a comprehensive list of all used apps, with a risk score – overall and per app.

The risk score indicates the strong and weak points of each app’s security. For instance, if a popular app doesn’t have multifactor authentication – while your security policy states that it must – the assessment offers a clear choice: banish the app from your network or keep the app and live with the consequences.

Pro tip: check whether the paying version of the app has better security features – if so, it is worth the investment almost 100% of the time. Why? Because the paid version offers an advantage for your organization: monitoring app usage. And that’s important for the second part of the race.
 

Lap 2: set the stage

Collected all information? Time to make some tough decisions and set the ground rules. Often the most basic rule is that the IT department gets a popup when a document containing personal information has been shared. The popup is not just a reminder, it signals that the action has been logged. In other words, the rules can detect if someone is breaking your company policy. Say that you have a strict policy that forbids sharing sensitive information (e.g. a bank account number); thanks to the rules, the IT department now has the tools to sanction appropriately.
 

Lap 3: control the information grid

Your system all set up? Start monitoring the traffic from your network to the cloud. Your employees will keep finding new apps that they find convenient or interesting. It is your task to track the use of these apps and take action when they pose a security threat. With this simple solution, you can both protect your network and boost employee productivity.

Need a cloud coach?

Not entirely sure how to start this process? Our solution advisors will gladly help you out. Just fill in the form by clicking the red button on the right and we will be in touch as soon as possible!

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Related articles

The security consultant game-plan in 3 stages

More and more companies rely on external security consultants to protect their data. But how do these consultants operate? And what can we learn from their tactics? Read the full article ...

Share this article