Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

News & Announcements

A “no cloud” strategy is no strategy at all

November 30, 2016 - 4 min read

When I hear organisations report that they have consciously decided against cloud enablement, I have to scratch my head. In my opinion, there really is no such thing as a “no cloud” strategy. Whether companies sanction the use of cloud apps and services or not, their employees are using them — probably in large numbers. And companies themselves engage with partners using the partners’ supply management services and any number of communications tools, all based in the cloud.

Hold-outs opposed to the cloud in their companies are living dangerously. They are closing their eyes to the fact that applications from the cloud have long since found their way into their companies. Employees frequently explore the use of new business applications without IT involvement, in spite of the fact that such apps often house data that the company would very much like to control. 


But because these applications have largely been installed without IT involvement, they have exposed gaps in protection, thus opening up the enterprise-wide security concept. The risks of cyberattacks and malware infections rise with such apps, because they are run without the control and protection mechanisms of IT. Furthermore, companies sticking with the traditional perimeter security model cannot adequately protect their users and data in the cloud. All of which means a great many users have inadequate or non-existent protection from Internet threats that are growing in frequency and sophistication.

Why banning cloud apps doesn’t work

Companies are rarely able to keep pace with employees who are quick to embrace new technologies, including those from the cloud. But banning the use of cloud apps has been shown to be ineffective. As employees identify apps that enable them to do their jobs more efficiently or effectively, they will simply bypass IT, creating an environment of so-called shadow IT. But if these apps enable better productivity, which in turn benefits the business, what’s to be gained from banning them?

Companies would be better served to find ways to enable cloud benefits while retaining the policies and reporting needed to maintain security controls and governance.

The drive towards digital transformation

A strategic design for a cloud-enabled digital transformation involves some effort. But the critical first step is to make sure the issue is squarely on the agenda and that the resources needed to commence a regulated introduction are allocated. And it has become critical because the benefits of the cloud are now known. In addition to greater flexibility and productivity, the move to the cloud introduces efficiencies that can help with cost containment and it fuels the agility companies need in order to remain competitive.

My experience from everyday life in sales shows that companies that hold to a no-cloud strategy have not yet begun to deal with the topic. Reservations regarding data protection are often used as a pretext for avoiding a discussion about the cloud’s very real benefits.

I counter such reservations in by suggesting that, initially, companies should give some thought to classifying the data kept in the company as a way to introduce cloud apps and services in a very measured manner. In my example, the classification can be broken down into three categories that rate the sensitivity of the data:

  • What data is so sensitive that it should be kept exclusively in the company’s data centre? This will include intellectual property that is at the heart of the company’s activities.
  • The next category should contain the data that is already available via in an extranet. Business partners or suppliers have to access this data, and it may encompass information on existing products or facilities, for example.
  • Data that is not business critical is put into the third category. This data leaves the company regularly via general Internet access.

Based on this classification structure, a company can take a first step toward cloud enablement by using cloud applications with data that is not business critical. The cloud, by virtue of its scale, can be adopted at your own pace, as ramping services up or down is as easy as changing a setting.

IT and the cloud are the enablers of the digital organization

As companies decide to introduce cloud applications, they should implement processes that involve IT and that address quality requirements and the provider’s service level agreements. Defined interfaces should be taken into consideration and above all be based on enterprise-wide guidelines.

Just about every organization is facing challenges dealing with increased employee mobility and the management of branch offices, plus there are IoT strategies, Internet security, and more. And they can all be handled by IT with the help of the cloud. While the introduction of a cloud strategy can present challenges, it can also provide a solution for organizations dealing with a shortage of resources and rising cost pressures. Neither company management nor IT should be closed to the development and enactment of a cloud strategy. Even stubborn resistance cannot diminish the progress, or the promise, of the cloud.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.