This content is part of the Essential Guide: Combat the latest cloud security challenges and risks
Problem solve Get help with specific problems with your technologies, process and projects.

Creepy cloud horror stories to keep IT up at night

With Halloween creeping in, cloud expert David Linthicum shares three cloud computing horror stories -- and advice for not finding yourself in one.

Ghost stories are playing non-stop on TV and it's almost mandatory you visit a pumpkin patch. Yes, it's that time of year again -- Halloween is right around the corner.

But scary stories are not just fodder for campfires and the big screen. Enterprise IT departments, in particular, are no stranger to nightmares -- especially when it comes to cloud computing.

Here are three cloud horror stories to send chills down IT's spine.

Invasion of the data snatchers

We've all heard about the data breach horror stories at Home Depot, Target and Sony, but what about the attacks that go unreported? Enterprises experience ongoing attacks and have to be proactive to keep up their defenses. This includes constantly patching firewalls and updating encryption, as well as disallowing access from a growing list of IP addresses.

Of all the cloud horror stories IT has to deal with, data breaches are the most terrifying. They are also the reason many enterprises illogically push back on public cloud. But, on the other hand, organizations can't take cloud security lightly. In one recent cloud horror story, an enterprise had its data hacked by a file sharing provider, who took customer lists and credit card data. The incident had to be reported and, while the damage was minor, it took the wind out of the company's cloud computing sails.

If enough planning and technology go into the mix, the cloud can be more secure than any on-premises system. But without taking proper measures, this cloud horror story will become all too real.

A case of the compliance chills

In another spooky tale, IT realizes that business departments have taken matters into their own hands and placed data in the cloud. Through compliance research, IT then discovers the data was not allowed to leave the enterprise firewall. The company is audited, fined and has to launch a million-dollar PR campaign to restore customer confidence.

While you don't need a huge team of lawyers to determine data compliance requirements for your industry or region, you do need to pay attention. IT should inform everyone who uses public cloud to consider compliance -- or risk hefty fines and a PR mess.

Ghost clouds lurking in the shadows

One enterprise IT shop that thought it had things under control found that about 10% of its data was in the cloud. Turns out, business departments had provisioned and accessed cloud resources without IT's knowledge or approval. And IT did not understand the issue until it scanned the network for the presence of these "ghost clouds."

As a result, IT had to seek leadership's support to restrict the use of rogue clouds for data storage or other purposes. The business departments then argued that the reason they spun up the cloud services was that IT was too slow to respond to their needs.

IT pros need to understand that this chilling tale is not about control; it's about speed-to-solution. IT should use cloud, or any other technology, to provide the business with answers, not excuses. And until that happens, cloud horror stories will persist.

We all need to be proactive to keep the horror in Hollywood. Now is a good time to take a closer look at compliance issues, the state of your security and ghosts in the cloud.

Next Steps

Waking up from cloud security nightmares

Controlling shadow IT in hybrid cloud

Learn IT's part in cloud compliance

Dig Deeper on Cloud computing standards and compliance