If chief security officers are worried about the proliferation of the bring your own device (BYOD) trend, they should be hysterical over the inevitable data breaches that will occur as a result of employees bringing their own cloud computing software into the workplace.
"When we talk about consumer cloud services like Dropbox, we find people bringing them in and inadvertently creating security holes," said Matt Richards, ownCloud vice president of products, when interviewed at the 2013 Red Hat Summit. "The result is potentially sensitive data sitting out in the cloud beyond the control of IT."
When we talk about consumer cloud services like Dropbox, we find people bringing them in and inadvertently creating security holes.
Of course, the big problem is that many of these consumer cloud services are so good, so easy to use, so convenient and so much a part of modern day home computing that employees who use these products at work are oblivious to the security threat they create. Simply banning tools like Dropbox or Google Drive won't work, as employees will end up looking for alternatives or skirting the company's rules of governance. Instead, organizations need to provide complementary alternatives that offer the same functionality but allows for internal IT control over access and provisioning.
Solving the 'bring your own cloud' problem
For those looking to invest in commercial products that offer functionality similar to the most popular consumer cloud services, ownCloud's Matt Richards said organizations should ask these four important questions about the product:
- Does the software run on-site and in the exclusive control of the organization? After all, if a purchased solution is run off-site, the security problem is not being solved, but instead is simply being framed in a different way.
- Can the solution leverage existing infrastructure? Most organizations have built systems that meet all internal security standards while at the same time exceed all of the existing regulatory guidelines. It simply makes sense to leverage this existing infrastructure when implementing a corporate solution.
- Can the product be extended for future needs? A software solution must be capable of growing as both the company and the cloud grow together.
- Is the software easy to use? In the end, there is no point in purchasing software that is too difficult to learn and too awkward to use.
When organizations find software that meets these criteria, users will be more willing to accept it. At the same time, the internal IT department can be confident in terms of compliance and security.
Enterprises have managed to deal with the BYOD threat fairly successfully, but the bigger threat that looms is all of the data and content that employees have floating in the cloud. The sooner IT professionals start dealing with the bring your own cloud computing software threat, the less likely they will suffer a significant and embarrassing data-based security breach in the future.