Cloud // Infrastructure as a Service
Commentary
4/1/2014
12:56 PM
Chris Kemp
Chris Kemp
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Will BYOD Become 'Bring Your Own Cloud?'

Emboldened by enterprise adoption of BYOD, many employees are starting to reach toward the cloud. Here's how to gain the cost and efficiency advantages of private cloud services while offsetting the risks.

Interop 2014: 8 Hot Technologies
Interop 2014: 8 Hot Technologies
(Click image for larger view and slideshow.)

Bring-your-own-device (BYOD) policies have had a huge impact on enterprises recently, driven largely by employees' desire to use their own mobile phones, tablets, and laptops at work. When it's done right, the use of personal devices offers workers countless benefits, including flexibility, continuous access to data, higher productivity, and less dependence on central IT.

BYOD can also be heavily disruptive to IT processes and policies, and it's taken some time for enterprises to embrace the change. BYOD is acceptable in many workplaces, but phones, tablets, and laptops are still provided by IT in most enterprises. To minimize risk and ensure that employees use these devices appropriately, CIOs and CTOs must carefully consider and address the following factors:

  • Industry-specific regulatory and compliance requirements
  • Security and data loss risks
  • Management of network resources associated with these devices
  • IT support for different smartphones, laptops, and tablets
  • Separation of personal and work information

BYOD users advance to BYOC
With careful implementation of BYOD rules and procedures such as tracking through mobile device management, setting up security to block intruders from breaking into a firewall or virtual private network (VPN), and employee training, enterprises are meeting the challenges of BYOD, and the trend is progressing. Today, however, employees have moved on to a new organizational and IT challenge: bring your own cloud (BYOC).

[Want to learn more about moving legacy applications to the cloud? Read Nebula, Gigaspaces Team To Ease OpenStack App Migrations.]

In BYOC, departmental units, workgroups, or individual employees use public or third-party cloud services because it's faster, easier, or less expensive than going to IT to fulfill specific needs. Often these services are very low-cost or free for a limited capacity. For the individual employee, this might seem like a cost-effective solution, but when you consider the cost of managing thousands of accounts on hundreds of disparate cloud providers, the lack of visibility into how these systems are being used, the aggregate cost of these services, and their effect on the organization's regulatory compliance and security posture, the disadvantages often outweigh the benefits.

BYOC has become so pervasive in today's enterprise that many CIOs have coined the term "shadow IT" to refer to the infrastructure provisioned by internal organizations -- typically line-of-business units within the enterprise. When I was a CIO at NASA, much of the spending on IT infrastructure was done by "mission organizations" outside of the CIO's control.

Shadow IT has many implications, including the following:

  • Loss of overall control: The enterprise has no idea who's using what, and therefore no control of data access, management, or resource planning.
  • Inconsistency of systems: IT is challenging enough with approved vendor lists. When business units choose disparate systems, managing the environment becomes much more costly.
  • Increased risk of data loss: Intrusions and leaks are always a threat, and the threat is greater with limited organizational visibility into how services are being used.
  • Greater risk of errors due to non-IT professionals operating infrastructure.

Consider a scenario in which a rogue business unit moves a mission-critical application to a public cloud. Proprietary source code and potentially valuable customer data are put on the Internet, perhaps protected only by an email and password or another rudimentary authentication method. Now consider the thousands of AWS keys that have been found in plain text in source code on public GitHub repositories -- keys that can be used to unlock and gain entry to AWS customer accounts.

Furthermore, employees often access these AWS services from various devices at home, on their smartphones, and from unencrypted and unsecure networks. Security risks and potential mingling of personal and enterprise data are introduced every step of the way.

Choose security and control
Enterprises don't need to forfeit the flexibility, cost-effectiveness, and agility of public cloud services if they can make a strategic investment in an enterprise or departmental scale private cloud. Here are some of the benefits of this strategy.

  • Security: With a private cloud, you can leverage your security controls so data remains behind the firewall at all times. This protects your enterprise's information from being intercepted as it traverses the Internet -- or from being subpoenaed by government agents without your knowledge.
  • Availability: You can connect your private cloud directly to your infrastructure without having to rely on the speed and reliability of your Internet connection. You can also avoid downtime by controlling the redundancy in your own environment. Having comprehensive insight into your resources -- which is not possible with public cloud services -- means you're better able to plan for capacity.
  • Predictability: A private cloud gives you greater control of your compute, storage, and network resources, allowing you to scale the resources you need when you need them. Visibility into the available resources in public clouds is limited, and often the resources you need are not available when you need them.
  • Agility: A private cloud provides self-service orchestration of standard resources to increase speed, satisfaction, and efficiency for users. They get the same fast, seamless provisioning offered by public cloud providers, just as quickly and easily.

You don't just want the security and control of a private cloud -- your enterprise needs it. Laws and regulations often dictate it. Rogue clouds or IT sprawl can reach far into the enterprise, wreaking havoc with your enterprise security, control, system consistency, and more.

Like BYOD, BYOC will reach equilibrium in enterprise environments, with new enterprise applications running on a mix of private and public clouds. CIOs who deploy private clouds now still have an opportunity to get ahead of these risks, but time is running out. BYOC is a trend that is here to stay.

Trying to meet today's business technology needs with yesterday's IT organizational structure is like driving a Model T at the Indy 500. Time for a reset. Read our Transformative CIOs Organize For Success report today (free registration required).

Chris Kemp is the chief strategy officer for Nebula, which offers an integrated hardware and software appliance providing distributed compute, storage, and network services in a unified system. He formerly served as the CTO of NASA and CIO at Ames Research Center. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
4/1/2014 | 4:43:24 PM
Bring your own security
Bring Your Own Cloud would be compelling if you could bring your own security through something like the Freedom Box project.
DonT733
50%
50%
DonT733,
User Rank: Apprentice
4/1/2014 | 6:11:32 PM
Bring Your Own Team
It is easier when good Security is built in by design and default.  The numbers of developers, system and network admins who incorrectly suppose they are well trained in good Information Security does not match with the breach statistics we experience.  

So, Bring Your Own Cloud simply assumes quality built in by design and default that simply is not there unless, there is a team behind you.  So, is BYOC that is nothing more than an increase in the speed of IT defects per second?  Or, does it imply a great process and team that comes with that Cloud.  Does good BYOC really mean Bring Your Own Team, BYOT?

But, wait, that smells of Fear, Uncertainty and Doubt, FUD, so it must come from an obstructionist.  I could be a crank.  All those years of IT and the humbling experience of Information Security could just have made me an obstructionist.  Maybe, I just like putting the breaks on things.  But, good breaks on your car could help you drive faster, less afraid to push the edge because you know you can control it when it matters.

What does decentralized control get us?  Factions and asymetric warfare.  What is Anonymous anyway beyond a BYOC organization?  But, maybe its decentralized software we need.  After all Java works right?  It is safe, right?  What language are drive by downloads written in?  Or, is it near the top vulnerability for safe computing on the Internet, just short of persons presuming that "P@ssw0rd1" is a secure and cleaver idea.    

But, why pick on Java.  

1) Decentralized processing

2) Not Secured by Design or Default

3) Quick common use across a wide variety of platforms.

Is it a fair model for the future state of BYOC?  Maybe, maybe not.  Thoughts?

 

 
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
4/4/2014 | 6:44:06 PM
Provide your own cloud to avoid BYOC
Possibly a shorter way of saying this is: Provide your own cloud to avoid the ills that come with Bring Your Own Cloud. But private cloud has to match, at least in limited ways, the expandability -- the elasticity-- of the public cloud. Not sure that it does in all instances.
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.