Every day that goes by that IT isn't meeting the features and services offered in the cloud, users are moving there on their own. No office collaboration environment? They're on Google Docs. No file-sharing option? They're using Dropbox. No solid backup or recovery options for their laptops? Carbonite is handling it. Now your data is outside your corporate walls, outside your control and outside of compliance.
The concept itself isn't new: For year, users have been turning to Gmail to send files larger than corporate limits and to Yahoo Messenger to instant message. Now the scope has increased, and the options have grown exponentially. Larger and larger data sets are being pushed outside your firewalls and stored on various unknown servers across the globe. What's worse is it's being done on a department-by-department or person-by-person basis. Your data may be strewn across several file-sharing applications or online collaboration services.
The use of these systems is only a fraction of the problem. The bigger picture is getting users to switch over, and retrieving that data once you do implement an alternative. Every day that goes by that users are on an unsanctioned IT service makes it harder to go back. You can't close Pandora's box once it's opened.
From a user migration perspective, you'll have to offer an approved product or service that's as good or better to get them to switch. This is no easy task. It's much easier to provide something that works up front, before users get accustomed to an interface you may not be able to match immediately. This is where an ounce of prevention is worth a pound of cure.
The data itself is another nightmare. Let's use Dropbox as an example, and narrow the scope to a best-case scenario where Dropbox is your users' only file-sharing tool. Take 100 users with less than 2 Gbytes of data shared via Dropbox. That's about 100 Gbytes of data stored across a back end of Amazon's S3 service. That's data for which you have neither accountability nor backups. If at this point you implement an approved file-share option, how will you get that data migrated over? How will you enforce compliance?
Another hiccup: How do you ensure that the data is scrubbed from Dropbox? What's Dropbox's retention policy? What's Amazon S3's policy on the back end of Dropbox? Is data truly scrubbed from disks, or is space just reallocated?
The landscape of IT is changing rapidly, and the consumerization of IT is driving much of it. Your users' phones, tablets and TVs can sync movies, photos and much more without any effort from them. Users want the same simple function for their work environment.
If IT isn't providing it, someone will--and that puts the business and IT's jobs at risk. If a user with a credit card can set up data sharing and backup for a department, why does the company need an admin again? Don't stall on new services and the benefits of cloud: Build the services in-house, and standardize on public cloud offerings where applicable.
Disclaimer: This post is not intended as an endorsement of any vendors or products. Products mentioned are for example purposes only.