First it was BYOD, but no sooner are IT staff getting used to the idea of staff using unsanctioned and unprotected iPads and smartphones in the workplace than a new danger has emerged – the personal cloud.
What is the personal cloud?
"The personal cloud refers to cloud storage and collaboration solutions designed for consumers," says Ojas Rege, VP Strategy, MobileIron. A flexible and user-friendly place to store personal digital content, and always accessible, services include Dropbox (the 'king of the cloud' at 300 million users), Google Drive, Microsoft's OneDrive, Apple's iCloud and many others. All deal in online storage and file synchronisation – and all are hosting potentially sensitive corporate files from every workplace.
Recent research from Trustmarque indicates that 40% of British office workers admit to using cloud applications that haven't been sanctioned or provided by IT departments. "As personal cloud continues to encroach on workplaces, businesses will have to change the way they deal with employees who want to use personal cloud, by empowering rather than restricting them," says Angelo di Ventura, Director, Trustmarque.
"It's all about how we access the IT we need," says Peter Tebbutt, UK&I Country Leader, Alcatel-Lucent Enterprise. "We all have a collection of applications, web destinations, online services or content that we use in our personal or professional lives, and we want access to this unique collection regardless of which device we may be using."
How are personal clouds changing workplace IT?
In short: shadow IT. "Shadow IT is the use of technology outside IT's official mandate," explains Rege. "In the past, IT has tried to shut it down, but the personal cloud is so popular with employees that they use it regardless of whether they've been granted permission … the IT department is struggling with whether to restrict or support it, and how to actually pursue either option."
The reason is simple. "Employees are used to having all their content and data available in one place, easily accessible on any device, and don't understand why that isn't an option at work," says di Ventura. "This is creating a challenge for CIOs and IT Directors, who must move their focus away from being the builders of IT systems to becoming the brokers of cloud services." He thinks that computing will change as we see more businesses considering cloud-enabled self-service, single sign-on and identity lifecycle management to simplify adoption, and reduce risk.
"One challenge today is that Microsoft is no longer the default choice – Apple, Android, and BlackBerry have changed the expectation of the workplace and operating platform," says Tebbut. "Microsoft has lost its monopoly position and this will drive innovation and choice. Applications will have to work on multiple platforms, and computing will need to support this – and the personal cloud is a key driver and enabler of this."
What dangers does the personal cloud bring?
Security – or lack of. Personal cloud applications are unsecured and invisible to IT departments; potentially sensitive enterprise data now resides on a server the company can't protect.
"You and your organisation are now relying on a provider that has no contractual obligation to your company to keep it secure," says Martin Warren, Cloud Solutions Marketing Manager, NetApp. "And what happens to that data if an employee leaves a company, either voluntarily or otherwise?"
However, employees working remotely will do whatever they have to do to make their work-life as streamlined as possible. "The personal cloud makes employees more productive," says Rege, who thinks that saying no is not an option – it will fall on deaf ears.
"As a result, IT must look at different ways of securing data, such as file-level security rather than storage-level security so that data can remain secure regardless of where employees store it." The challenge is to enforce security policies across authorised and unauthorised cloud services without affecting employees' productivity.
That means no corporate firewall. Trustmarque's research found that 27% of cloud users said they had used cloud services and applications to get around the restrictions of corporate IT, which include limited data storage and email attachment limits.
"The result is that employees are putting corporate data and networks at risk – one in five cloud users even admitted to uploading sensitive company information to file sharing and personal cloud storage applications," says di Ventura. "IT departments must be able to analyse the activities that pose the greatest risk – such as sharing data outside the company – and block them specifically to mitigate risk."