As more organisations migrate to the cloud, more of their users are accessing cloud-based business applications. This creates additional complexity for IT teams and opens the door to significant issues that can disrupt business. Consequently, public and private organisations of all types are seeking ways to monitor user interaction with their data.
It’s important to be able to see what’s going on in the cloud. Organisations today are proactively monitoring cloud applications to gain critical insights into security, usage, performance and compliance, as well as foster a culture of compliance to create trust among themselves, their users and their customers.
Monitor for insights
Organisations can maximise the investment in cloud applications to save time and money by gleaning insights based on cloud monitoring. What’s more, they can use these insights to secure and optimise their cloud environments. By examining the top areas monitored in security, usage/adoption, performance and compliance, it is possible to learn best practices for your own efforts.
You have made an investment in the cloud, so you need to know whether employees are using your cloud applications securely and to their best advantage. For instance, are employees using cloud applications (e.g., Salesforce) the way you intended? This is why you need visibility into your cloud applications.
Adoption is an important metric to monitor, but it can be tricky to measure. Often, organisations begin by analysing the number of logins. But logins alone aren’t enough information to truly see the bigger picture of how employees are actually using your technology.
A better goal is to find your power users. One of the benefits of monitoring user activity is that you can identify high performers and use them as a benchmark to help other users enhance their own usage and adoption. For instance, 52 per cent of high-performing salespeople indicated they were power users who take full advantage of their company’s CRM technology and other internal systems, compared with only 31 per cent of underperforming salespeople.
This type of monitoring will highlight users who need training or perhaps don’t need a license at all. This can save your organisation countless resources.
Employees are able to do more, from anywhere and at any time, with the convenience of
cloud applications, but they also expand the human attack surface. This means critical data is available at all times to all employees with access to those applications. The cybersecurity skills gap increases your organisation’s vulnerability to internal threats, underscoring the need for monitoring.
Organisations can more readily spot inappropriate behaviour by paying attention to what’s being exported and what reports are being run. For instance, of all the workers who changed or lost their jobs in the past year, half took confidential company data – and 52 per cent didn’t view the use of such documents as a crime.
Another way to find possible issues is by monitoring login activity. Look for inactive users trying to log in, or login attempts from unusual locations or after regular business hours. Profile and permission changes can also signal malicious behaviour. Monitoring new profile creation and escalation of privileges—and who is performing these actions—will help you mitigate data misuse.
Regulators have been quick to weigh in on the cloud, adding multiple new regulations.
In addition to the regulations from FINRA, HIPAA, PCI, FFIEC and FCA, new regulations include the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the New York State Cybersecurity Rule.
As regulatory bodies seek to protect the privacy and security of consumers’ data, more regulations will come. So, while organisations have found new and more efficient ways to meet compliance within the cloud, a misconception persists. You may think your application provider is solely responsible for the security and compliance of your data storage and handling, but it’s actually a shared responsibility.
More than ever, organisations need controls in place to maintain an overarching view of their data. By monitoring for events, you’ll be armed to answer key questions about how users are handling sensitive data and security controls. By doing this, you can better leverage the power of cloud data security, paving the road to cloud compliance. You can also avoid regulatory fines and business interruption, and ensure trust among customers.
The availability of information within your cloud application is what performance is about. Performance metrics provide insight into the end user experience. For example, organisations can spend a vast amount of time and resources detecting, investigating and remediating login failures, which wastes everyone’s time and frustrates users.
If you don’t have information on how your cloud applications are performing, users may create work-arounds that decrease usage, adoption and trust in your application– whether it is in your organisation or in your customer community. However, with advanced insights, you can take a proactive approach to maximising the productivity of your workforce to enable trust between users and customers.
You can also save time when investigating the source of performance discrepancies – and point your developers toward the root of the problem, even providing justification for development spend – by asking questions like:
- Which users are receiving login failures?
- Which pages have failed?
- What is the trend of successful vs. failed logins?
Visibility in the cloud
Gaining visibility into user activity in the cloud is essential. Usually, monitoring starts at the greatest point of pain—security—watching for signs of specific users, for instance, exporting abnormally large reports or logins occurring from restricted IP addresses. But along with security monitoring capability comes the ability to gain additional visibility into usage and adoption, performance, and compliance.
You can begin your cloud-monitoring program with the above information as a starting point. With monitoring in place, you will gain visibility into how users are accessing and using cloud applications and sensitive data. You will secure and optimise your business systems, as well as gain greater compliance, with insights on employee cloud usage.
Mike Mason, marketplace communications, FairWarning
Image Credit: TZIDO SUN / Shutterstock