Increasing Cloud Adoption Increases Enterprise Risk

    Mar 25, 2014

    Global businesses are embracing cloud and mobile computing, but they don’t have the IT controls in place to properly manage them, revealed a recent study by SailPoint, which provides identity and access management (IAM) services.

    SailPoint’s latest Market Pulse Survey of 400 senior-level IT decision makers in large U.S. and UK enterprises found that despite companies’ best efforts to manage and protect data, they are still experiencing significant breaches. Indeed, 53% of companies said they have experienced a breach, and 51% believe it’s just a matter of time before the next security breach occurs.

    Most of the respondents (88%) consider IAM an important business objective as they look to strengthen their security strategies to provide control over “who has access to what” across their business. More than half (54%) say it’s critical to helping them meet their compliance requirements and reducing operational risk (53%); 40% also see it as key to enabling new business initiatives.

    Despite IAM’s importance to the enterprise, implementing IAM strategies has proved extremely challenging. Nearly half (46%) of the decision makers admitted they are not confident they can prove the effectiveness of internal controls over user access privileges in an IT audit. The most common challenges cited are the inability to get the whole picture across all systems (45%), over-reliance on IT support (43%), and the inability to manage new technologies (40%).

    Concluded SailPoint: “The next two to three years will be pivotal for IT security. The use of cloud-based applications is set to soar, and more and more users are looking to connect their own personal device to the corporate network. These are two trends that organizations cannot ignore. Rather than relying on static, rigid and short-sighted IAM strategies, which focus on the here and now, businesses must embrace a more proactive, flexible, and forward-looking solution.”

    In addition to their IT impact, moving to the cloud and allowing the use of personal devices on corporate networks have an impact on information governance polices and processes. For organizations dealing with these issues, ARMA International recommends the following publications:

    • Mobile Communications and Records and Information Management (ARMA TR 20-2012): This ARMA/ANSI technical report provides advice for using mobile communications technologies, such as smartphones and tablets, in the organizational setting. It focuses at the implementation level, including such topics as policy design, collaborating with IT professionals, security, and training.
    • Guideline for Outsourcing Records Storage to the Cloud: This guideline cuts to the core of the information management issues related to cloud-based records storage. It assists RIM professionals in identifying and highlighting information management concerns so they can assist with decision making when cloud services are under consideration.

    Both publications are available for purchase from the ARMA bookstore at

    © 2017, ARMA International