Three Tips For Tackling Bring Your Own Cloud (BYOC) Within Your Organization

(BYOC) Within Your Organization

It’s the latest tech acronym: BYOC or Bring Your Own Cloud. Personal cloud services are convenient, inexpensive, and always available. They also have the potential to wreak havoc on the enterprise in ways we haven’t seen in quite a while.

In a world where “Dropbox” is a ubiquitous name and SkyDrive comes pre-loaded on some PCs, employees think nothing of uploading company data to the same cloud they use for storing personal files. From a corporate viewpoint, personal cloud services provide another way for users to compromise security by storing important documents and data outside company walls. An added concern? Several services also make copies of uploaded files to other uncontrolled devices, such as home computers. Overall, when research shows 56 percent of information workers use devices that are unsupported by the network because their employer does not provide devices with similar capabilities, it’s clear we have a problem.

The knee-jerk response of many IT managers is understandable. As individuals responsible for the technical well-being of an organization, the mere thought of how employees can compromise proprietary data without second thought is enough to keep one sleepless for days. (“They’re uploading company financial documents to the same space as their vacation photos?”) No one would blame you for implementing a company-wide, zero-tolerance policy to restrict access and ban apps from the network; however, the first step to solving this growing issue is acknowledging the competition that IT has when it comes to being the final word on office-wide technical solutions.

It’s up to us to recognize that if a digital technology exists on a consumer level, it will eventually find its way into the office regardless of whether it is officially sanctioned, especially when said tools are faster, easier to use, and get the job done better. Instead of fighting an unwinnable war, a better use of time and energy lies in not attempting to turn back the clock or instituting a draconian policy, but finding a solution to the issue as it currently stands.  Here are three solutions to help tackle BYOC within your domain:

  • Reminder of Accountability

As is the case with most matters, getting out in front and communicating is key when it comes to matters of data security.  IT is no longer a silo. Today, it touches every area of the enterprise. With that in mind, end users are not left wandering alone in the dark. If your written policies are not up to date, an overhaul is in order to ensure protocol and expectations are set for all. Most importantly, employees understand how their actions can have the potential to endanger the intellectual capital of the organization. Ideally, policies take an approach that ensures the security of data on-premise, off-premise, and in the cloud.

  • Get the Enterprise Version

Recognizing the need for a collaborative mechanism that serves both management and end users, many consumer cloud services, including Evernote and Dropbox, offer enterprise versions that allow IT departments to centrally manage employee accounts. This is an essential approach that removes the risk of losing valuable data to bitter ex-employees and individuals who fancy themselves as gatekeepers. It also erases the uncertainty of who actually “owns” said documents, since this issue is not always so cut-and-dry when it comes to the personal versions.

  • The Best of Both Worlds

Sometimes the best of both worlds is achievable. A hybrid BYOC solution does exist – a secure personal cloud service that mimics the unique usability of services like Dropbox while hosted on the corporate network. VMware’s Octopus and Google Drive are two options that allow this. This approach recognizes the constantly changing manner in which the enterprise is communicating and empowers users to securely access their files anytime, anywhere, and from any device.

In an era where IT is no longer business-driven, but user-driven, IT managers must ultimately adopt a policy of treating the problem as opposed to the symptoms. By focusing on protecting the intellectual property at the heart of the BYOC dilemma, forward-thinking organizations that stay dedicated to meeting this goal will no doubt achieve differentiation and fare better than the competition. Most important, they will be taking strides to keeping proprietary data safe.

By Dan Tully,

Dan Tully is Executive vice president of Conduit Systems, an IT management services firm headquartered in Lincoln, Rhode Island.  Tully brings more than 20 years of computing experience to his customer base and has assisted some of New England’s largest companies address complex, technology-based issues. 

Gilad David Maayan
What is Open Source Security? Open source software is now an inseparable part of most software projects. Research has estimated that as much as 90% of enterprise software is made up of open source components ...
Mark Ardito
‘Legacy systems’ often get a bit of a rough time in the IT community. But perhaps this is unfair. After all, in many cases you’re talking about software platforms that have lasted and been effective ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
James Corbishly
Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Gilad David Maayan
What Is Application Dependency Mapping? Modern software development teams use fast-paced DevOps work processes. However, the complexity of modern software applications often gets in the way. A typical enterprise software project has thousands of components, ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.