The proliferation of compact espresso, filter and other gourmet hot drinks machines though today’s workplaces has not only provided relief for office coffee aficionados, it has also freed up one acronym for rather more critical usage: everyone should now know that BYOC stands purely for “Bring Your Own Cloud”.
In practice, BYOC means allowing employees to work with their own choice of cloud application or cloud storage services – for example Google Apps or Dropbox. For a smaller sized business, the use of public cloud services can offer better value than rolling out an internal shared service – especially when free personal cloud offerings are all that is needed. The public service is also more likely to be maintained as state-of-the-art in terms of reliability and an easy user interface. The biggest worry might be security, but centralised company storage can provide richer rewards for hackers than a personal cloud account, resulting in more publicised security breaches in company networks and data centers. So a well-managed BYOC policy could even provide better security than company-owned cloud storage and applications, says James Walker, president, OpenCloud Connect
So BYOC is already a major trend but, as with any shadow IT, it does raise concerns – unless policies are in place and workers keep management well informed about their use of public cloud services. In particular, the use of public cloud storage can mean that business owners have less idea where their company’s information is stored, who can access it and how it is being used.
The problem is compounded when a large population of employees are all making their own independent choices, keeping up with the latest services and features, and making it very difficult for management to keep pace with such a fast changing range and variety of usages. Do the benefits of BYOC justify the difficulty in policing it?
Benefits of BYOC
Think of the convenience in sharing and updating large documents via Dropbox, and it is obvious that use of BYOC can increase productivity, reduce costs and make it faster and easier to do business. It offers outstanding benefits for developers, architects, content creators, designers and anyone needing to share and co-create large files. Add to that the convenience and consistency of access for mobile workers and BYOC becomes a ‘no-brainer’.
On a small scale, sharing data stored in the cloud is generally cheaper than using a customised in-house data center, and it is automatically backed up to a secure location, with disaster protection, without impacting the users. It offers many advantages over data being stored on personal laptops or USB drives that can get lost or stolen.
At a more subtle level, a culture where people are given greater freedom to find their own tools and solutions is a culture that fosters innovation, creativity, and independent thinking. The more employees feel free to make their own choices and define their own ways of working, the more they feel committed to the work and eager to justify their choices. New ideas, new techniques and new solutions stimulate competition and drive success.
In short, the extra freedom and autonomy offered by BYOx in general and BYOC in particular can be a major boost for productivity and enterprise. So how can these benefits be realised without too much risk and loss of control?
Security and policy enforcement
The most immediate concerns for the organisation are likely to be accountability and security: if company data is being stored outside the company, where is it? And is it safe?
Recent legislation on data protection and citizen’s rights means that it is not enough just to say that data is safe, it can be important to know where and how it is being stored. If your company stores personal details from European citizens in the USA, where they may be accessible to US security, you are not compliant with EU data protection laws. Even if the details are stored in Europe but happen to pass through the cloud via the US, they could be at risk. So there is a need for co-operation on a global scale to create common standards that define levels of data sensitivity, how they may be stored and transmitted, and how they are manage and accessed
Once in cloud storage, the data may well have better protection than anything the company could afford to give it, so the question also arises whether its passage to and from storage is secure and that depends on the level of encryption and what the cloud provider is offering. If different types of data need different levels of encryption, has the cloud provider allowed for this?
The company might need a higher level of encryption than that used by the cloud provider’s security system, or want to use a preferred third party supplier. At the opposite pole the encryption mechanism may be adding latency or inconvenience and the user would prefer lighter encryption. Bring Your Own Encryption(BYOE) is a solution already being touted in such cases.
The problem with allowing users to choose their own encryption is that the provider’s security platform has to be able to support the chosen encryption system. The provider might offer a choice from a range of encryption offerings that have been tested for compatibility with the cloud offering, but that still requires the user to trust another’s choice of encryption algorithms: a full homomorphic offering might be vital for one operation, but a waste of money and effort for a whole lot of other processes.
So there is a need for a global standard around integrating cloud security platforms that any encryption offering can be registered for support by that platform. The customer could then choose a cloud offering both for the quality of its services and for its globally certified “XYZ standard” security platform. Then the customer can go shopping for an “XYZ certified” encryption system that matches their own specific security criteria and take responsibility for that choice and how well it complies with legal obligations.
The author of this blog is James Walker, president of OpenCloud Connect
