• 01/29/2014
    12:00 PM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

The Buck Stops At BYOC

IT professionals gave into user demands with BYOD. But allowing employees to mix corporate data and personal clouds is going a step too far.

Some are declaring the buzzword for 2014 will be BYOC, or bring your own cloud. This term describes employees leveraging their own personal cloud services and applications to better perform their daily jobs. But unlike the bring your own device (BYOD) craze, BYOC is likely to meet far more resistance in enterprise organizations. Lack of IT management and control will quickly put an end to BYOC, even though it has the potential to provide real benefits.

From an IT support standpoint, I wasn't too keen on the BYOD trend when it began. It's difficult enough to secure company-owned devices inside a corporate network, let alone those that are personally owned and maintained. But with the aid of tools like mobile device management and network access control, BYOD has become somewhat manageable in even the largest companies.

The one saving grace that convinced IT leadership to allow BYOD was the fact that all important data would remain within the corporate network. Mobile devices were simply used to access and interact with data that was safely managed and stored by IT employees.

Now that cloud computing has become commonplace for consumers, employees are beginning to request permission to use personal cloud services for business use. Employees are comfortable using services such as DropBox, Google Apps, and Carbonite at home. Because of that comfort level, they naturally want to use those same tools in their business life.

This is where IT decision makers may need to draw the line. With BYOC, company data is decentralized outside the safety of a corporate network and placed within various cloud services. From a data loss prevention (DLP) standpoint, BYOC presents a nightmare scenario because data can be copied, duplicated, and ultimately lost or stolen via the various cloud services. 

As employees begin to request BYOC models for your business, now is the time to educate and inform non-technical users why this is a very bad idea. Additionally, if you don't already have a DLP policy and enforcement strategy in place, put that high on your priority list. DLP tools perform a number of functions to ensure that sensitive company data does not leave the corporate network through email attachments, thumb drive copies, and the use of public cloud services.

More and more, business leaders are realizing the importance of intellectual property in digital form and they are willing to spend big money to prevent employees from intentionally and unintentionally leaking data onto the Internet. As you can see, employee requests for BYOC and business leadership's desire to control DLP are at odds with one another. Here the protection of intellectual property will almost certainly prevail.

Even though BYOC may seem like the next evolutionary step up from BYOD, I wouldn't count on it making strides in the enterprise environment. In fact, it's my guess that by this time next year, we'll have forgotten all about it. While IT professionals and business leaders capitulated and allowed employees to use personal devices on the network, there's no way they're ever going to lose control of company data.

Andrew Froehlich has well over a decade of enterprise networking experience under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-out.


Like BYOC Or Not

BYOC seems like too broad a term to me for personal use of cloud storage. But if you are saying BYOC calms down as a trend a year from now, I could not disagree more. Dropbox is here to stay. Users will break the rules if enterprises don't give them palatable alternatives. I have heard many IT execs still answering this question by saying "Dropbox is forbidden" -- wink, wink.

Re: Like BYOC Or Not

There are a lot of personal clouds out there. I use three. I tend to doubt enterprise IT will start blocking all of them. But in the post-Snowden era, you never know. I can see an increase in DLP tools that prevent access to any sensitive docs. Or if you can access them you won't be able to move them into a different folder or attach them to an email. I'm sure these features already exist but will ramp up in the coming year or two.

Re: Like BYOC Or Not

I'm with you Laurie. Back in the day, people (especially those in tech) had access to the latest and great technology through their employer. Now it's absolutely the reverse, For any number of reasons, our personal computing environment (smartphones, tablets, latops) is typically more state-of-the-art than the laptops we pound every day at work. The consumerization of IT will only continue to drive enterprises to accept BYOC. There's no turning back, IMO.

Re: Like BYOC Or Not

The BYOC horse is already out of the IT barn. And it's been out of the barn for ages. Productivity wins every time. Flash drives won, personal e-mail accounts w/ corporate docs attached won, smartphones won, and now Dropbox is winning.

Re: Like BYOC Or Not

As of today, you're probably correct because the only thing preventing employees from accessing forbidden cloud tools is a written policy. But as more Data Loss Prevention (DLP) safeguards are put in place in enterprise organizations, you can count on the fact that access to the most popular consumer cloud products -- like DropBox -- will be blocked.  It won't simply be policy much longer...

Re: Like BYOC Or Not

Is DLP any more than compliance theater? If an employee is determined to steal data, DLP isn't likely to stop him or her. A smartphone with a camera can bypass corporate firewalls. 

Re: Like BYOC Or Not

@Thomas -- I don't see DLP as stopping those that are determined to steal data. Rather, it's designed to stop people from inadvertently doing so.