Microsoft has admitted it read the Hotmail inbox of a blogger while pursuing a software leak investigation, leading to questions about its privacy policies. The company, which owns the Hotmail e-mail service, acknowledged that it read the anonymous blogger’s e-mails after it suspected one of its employees was leaking information, saying that it had to take ‘extraordinary actions in this case’.
This is a classic example of the hidden terms and conditions that exist within many cloud providers’ services. Though described as an ‘extraordinary action’, similar incidents of cloud service providers accessing our confidential data are far too common. The problem is, this is a technically legal activity that we all agree to when we sign up to certain cloud services – whether knowingly or not.
For instance, I would guess that most people don’t actually read the full Terms and Conditions before using a new application, and they would probably be surprised by what they are actually agreeing to when they click the ‘accept’ button on certain cloud services.
A bigger problem arises when these cloud services are used in a business capacity, posing a significant risk in terms of data ownership and confidentiality. Modern CIOs are struggling with a dilemma, as they are faced with requests from employees wanting to use agile and flexible cloud services for work purposes, while trying to manage the associated risk, security and privacy concerns.
In spite of this, there is a trend for employees to take matters into their own hands, downloading and using a variety of user-friendly, intuitive applications which often fly under the radar of CIOs, CISOs and IT teams. This concept of Shadow IT is putting organisations at risk of cyber attack and data loss as organisations often lack the visibility and control required to manage risk, ensure cloud governance and confidently enable cloud services.
With such a diverse, disparate workforce, today’s organisations really need to have the visibility to measure and manage unauthorised cloud usage across their networks – but without the right tools, this can be time consuming and inaccurate.
By employing services that assess and evaluate the enterprise readiness of each individual cloud service – effectively ranking them in terms of privacy and risk – IT teams can strike a balance between keeping employees happy and preserving the integrity of sensitive data within the organisation. By taking time to truly understand the conditions to which they are agreeing, organisations can rest in the knowledge that only enterprise ready cloud services are being used by employees.