BYOD is a very well known issue. Almost all companies now have some kind of BYOD policy and even CYOD (choose your own device). Although companies were initially reluctant to embrace non-company owned devices, it soon became clear that employees wanted to use their own devices to work as it made their jobs easier.
This desire to use new technologies to get everyday work done is the reason for the new trend of staff bringing in cloud services such as Dropbox. However, in the same way that many IT departments tried to ban iPads from being used in the workplace some companies are trying to ban services like these.
When you think about the idea of banning iPads it now seems very foolish, many IT departments have developed ways in which to cope with this influx of non-standard IT equipment whether it’s at the board level or lower. The same now has to be done with these commercial cloud services such as Dropbox, Microsoft’s Skydrive, Google Drive, Box, and Amazon Cloud Drive.
CIOs need to focus on the data staff are putting in these services. They need to know what is out there and then prepare for when devices get lost and the data is put at risk.
One way that some CIOs approach this problem is to buy in a bespoke system that has security features built in. However, getting your staff to use these tools isn’t easy when they are already using services such as Dropbox, Skydrive and others. People just want to get their work done, which is why they want to use these services in the first place.
CIOs need to look at mitigating the risk in terms of data governance that comes with staff using these services. Some CIOs are coming out and saying that people can’t use these services, just as they did when employees started bringing their own devices into the workplace.
In the same way that with BYOD the hardware belongs to the individual, in many cases with these sync and share services, the account is in the employee’s name and not that of the company. However, it is the company’s data that is in the account.
The best way to deal with these services is to extend them with data governance capabilities with features such as backup, data protection, encryption, remote deletion and other features.
The alternative is to go with a rip and replace strategy where companies can implement a proprietary sync and share service. Although these tools have their benefits, they don’t have the wide network effects of user adoption of tools like Dropbox.
There are tools available to the CIO that enable the IT department to extend into the employee’s public cloud service to backup and protect the data that’s in those services and have the data encrypted at rest on whatever device that employee is using.
Then, later on, if that person leaves the business, the data that was in th account can be recovered and if the device gets lost or stolen then IT can then send a command to not only wipe the data on the device but also on the endpoint.
Just as companies have learnt to deal with staff bringing their own devices to work, now they have to deal with this second phase of them bringing their own cloud. This is not a time for CIOs to put their heads in the sand and pretend it’s not happening or to try and ban them outright. CIOs need to secure the endpoint and cloud services before it’s too late.