Financial services giant Morgan Stanley has dealt with the problem of “rogue IT” – departments contracting their own IT services from cloud computing companies – by restricting access to Amazon Web Services, Microsoft Azure, Dropbox and other big-name providers at the network layer.
The security problem posed by cloud computing services being used or procured under the radar of IT has become endemic – and poses a particular problem to organisations, like banks, that need to operate with a high degree of security.
But at a presentation at the World Cloud Forum this week, Laszlo Kollar, executive director of global cloud at Morgan Stanley, revealed how the bank is – slowly – shifting some services towards an internal cloud and simply blocks Amazon, Dropbox and other popular cloud service providers to prevent staff from using them.
Responding to a question from the audience, Kollar said: “It’s at the network layer. It simply won’t come up. So rogue is not a problem [at Morgan Stanley].”
The security problems posed by staff increasingly taking IT into their own hands – and departmental heads bypassing IT – has increased in recent years as companies like Dropbox have proliferated.
Indeed, one pharmaceutical company referenced by Cisco cloud strategy chief Nick Earle had eight years of valuable development intellectual property stored unencrypted on a popular cloud computing service. The discovery, though, persuaded the company to invest in more user-friendly collaboration tools – as well as tightening up its own security.