BYOC: Bring your own device is so 2012


BYOC: Bring your own device is so 2012

// Tech Page One » Cloud Computing

BYOCBring your own cloud (BYOC) is bringing new headaches for enterprise IT.

Just as IT managers are learning to cope with the Bring Your Own Device (BYOD) phenomenon, a new trend has emerged: Bring Your Own Cloud (BYOC). Employees are now using third-party cloud services because they can be faster, easier, or less expensive than going to IT to fulfill specific business needs.

To consider how to handle BYOC, let’s first take a look back at how BYOD evolved in the enterprise. BYOD crept up on IT without most folks realizing what was happening until it was too late. After years of total control and telling people (in so many words), “You will use this company-issued hardware, I don’t care how much you complain,” most observers agree that IT has lost control of the endpoint devices.

It all started in the latter part of last decade, driven by the popularity of new touchscreen smartphones and spurred, first, by senior executives who wanted to use his or her shiny new mobile devices rather than a company-issued BlackBerry. Soon, everyone on the employee chain began clamoring to bring in their nifty new mobile gadgets and, given the economic situation of the times, BYOD probably seemed like a good idea in some enterprises. It might save money on hardware costs and placate workers who were otherwise seeing employment perks reduced during a difficult economic period.

Fast-forward to today. The BYOD mindset has spawned an employee base that’s become accustomed to a do-it-yourself approach to technology. Meanwhile, providers of a la carte personal cloud and Software-as-a-Service (SaaS) offerings are eager to cater to business users. And, with that, comes the advent of BYOC. Here’s a simple scenario many of you have likely faced: Someone needs more storage space on the corporate servers for data backups. IT says it has no room, or that it will get to it. Two weeks later, the request still is not fulfilled. The fed-up users sign up with DropBox, Carbonite, or OneDrivein all of two minutes and has their storage.

The immediacy and convenience is why BYOC is called “shadow IT,” because employees can access sophisticated services without the involvement of IT. A report (PDF) from Stratecast and Frost & Sullivan found that 80 percent of workers surveyed admit to using SaaS applications and services in their jobs that are not approved by the companies they work for.

Can you really be angry with them? The study also found that employees do this because they want to do their jobs right and often can’t get approval for new software, or the software they are provided with is inadequate.

BYOC has its share of security implications. For starters, there’s the loss of control of corporate data. The enterprise has no idea who’s using what services, what data they are uploading, and whether or not the service provider they chose is on the up-and-up. There’s the potential for data loss. In the Stratecast/Frost & Sullivan report, about 15 percent of all employees said they have experienced or perceived one or more incidents of malware infection, data loss, unauthorized or blocked access when using a particular SaaS application. And there’s the risk of non-IT professionals using products they don’t know or are not trained to use.

BYOC: Six tips for IT

Make some choices for your employees. You’ve lost enough control as is, so you have got to set down some boundaries. Pick a list of approved cloud storage and cloud services providers and tell people to stick with those providers and let you know their choices.

Establish policies that match your business. Make it abundantly clear what data may and may not leave the gates of your firewall. If you are a PR firm, then there’s no real regulation to bind you. If you are a medical firm, then the rules get much, much stricter.

Deploy your own cloud. If the problem is agility and getting people the services they need quickly, having your own internal cloud in place of older, less flexible systems might be all you need. It will give you greater control of your compute, storage, and network resources as well as allow you to scale those resources when you need them.

Don’t ban apps, just mitigate risks. Your employees are likely using Facebook at some point in the day to talk to friends, but they may also be doing business. Restrict certain functions, such as chat and direct messaging, which has the potential for problems. Another suggestion is to do your own encryption before any files are uploaded to a cloud storage system. People are using these already. If you take them away, you just come off seeming like a cranky parent. Making them use these services safely will get you a lot further.

Enhance your security gateway. Going to the cloud means data moving in and out of the enterprise that had previously been safely (more or less) behind the confines of your network. Data Loss Prevention (DLP) software is more valuable than ever, as it will protect data going out, heavily filter what’s coming in and look for tell-tale behavior of data theft.

Invest in the enterprise version. Many cloud services like Evernote and Dropbox offer enterprise versions with features such as more storage space, centralized billing for multiple accounts and sharing between accounts. That way, if a member of a team leaves or is dismissed, it would be easier to get to their data and restrict their own access to the information.

BYOC has the potential to shake up the enterprise in a good way, just as BYOD brought a whole new range of productive mobility options to the business. But, BYOC takes things to a whole new level. We’re not talking about data on a laptop or phone; we’re talking about data being stored in myriad places that the company may not be able to access and are open to their own security risks. BYOC will require much more IT management and oversight than BYOD ever did.

The post BYOC: Bring your own device is so 2012 appeared first on Tech Page One.

Shared via my feedly reader

Sendt fra min iPad