Manage shadow cloud in your organisation
Bring your organisation’s use of public cloud into line with its cloud plan and Cabinet’s requirement for risk assessments.
-
How to manage shadow cloud in your organisation
Follow these steps — assess the risks of the information being used in shadow cloud services, fitting them with your cloud plan and risk assessment process.
-
Identify shadow cloud in your organisation
Find out which public cloud services are being used in your organisation — and how many of them count as shadow cloud.
-
Categorise shadow cloud services
Based on what your shadow cloud services do, put them into your organisation’s existing categories and check what is already approved in those categories.
-
Prioritise the most important services
Put shadow cloud services in an order of importance for risk assessments.
-
Assess the risks of information in shadow cloud services
Assess the risks so you can decide whether to bring the shadow cloud service into your organisation’s catalogue of approved public cloud services.
-
Make decisions based on your priorities and risk assessments
See if it makes sense for your organisation to stop using, replace or keep a shadow cloud service — adding it to your approved public cloud services.
-
Catalogue approved services
Set up or update your organisation’s catalogue of approved public cloud services.
-
Actively manage shadow cloud in your organisation
Rather than a one-off, make managing shadow cloud an opportunity to keep your catalogue up to date with public cloud services that help your people do their work.
-
Fit approved services with your other technology
It might make sense to integrate public cloud services with your other information and communications technology (ICT). Or, it might not. Find out what to do in both cases.