Will BYOD Become 'Bring Your Own Cloud?' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Infrastructure as a Service
12:56 PM
Chris Kemp
Chris Kemp

Will BYOD Become 'Bring Your Own Cloud?'

Emboldened by enterprise adoption of BYOD, many employees are starting to reach toward the cloud. Here's how to gain the cost and efficiency advantages of private cloud services while offsetting the risks.

Interop 2014: 8 Hot Technologies
Interop 2014: 8 Hot Technologies
(Click image for larger view and slideshow.)

Bring-your-own-device (BYOD) policies have had a huge impact on enterprises recently, driven largely by employees' desire to use their own mobile phones, tablets, and laptops at work. When it's done right, the use of personal devices offers workers countless benefits, including flexibility, continuous access to data, higher productivity, and less dependence on central IT.

BYOD can also be heavily disruptive to IT processes and policies, and it's taken some time for enterprises to embrace the change. BYOD is acceptable in many workplaces, but phones, tablets, and laptops are still provided by IT in most enterprises. To minimize risk and ensure that employees use these devices appropriately, CIOs and CTOs must carefully consider and address the following factors:

  • Industry-specific regulatory and compliance requirements
  • Security and data loss risks
  • Management of network resources associated with these devices
  • IT support for different smartphones, laptops, and tablets
  • Separation of personal and work information

BYOD users advance to BYOC
With careful implementation of BYOD rules and procedures such as tracking through mobile device management, setting up security to block intruders from breaking into a firewall or virtual private network (VPN), and employee training, enterprises are meeting the challenges of BYOD, and the trend is progressing. Today, however, employees have moved on to a new organizational and IT challenge: bring your own cloud (BYOC).

[Want to learn more about moving legacy applications to the cloud? Read Nebula, Gigaspaces Team To Ease OpenStack App Migrations.]

In BYOC, departmental units, workgroups, or individual employees use public or third-party cloud services because it's faster, easier, or less expensive than going to IT to fulfill specific needs. Often these services are very low-cost or free for a limited capacity. For the individual employee, this might seem like a cost-effective solution, but when you consider the cost of managing thousands of accounts on hundreds of disparate cloud providers, the lack of visibility into how these systems are being used, the aggregate cost of these services, and their effect on the organization's regulatory compliance and security posture, the disadvantages often outweigh the benefits.

BYOC has become so pervasive in today's enterprise that many CIOs have coined the term "shadow IT" to refer to the infrastructure provisioned by internal organizations -- typically line-of-business units within the enterprise. When I was a CIO at NASA, much of the spending on IT infrastructure was done by "mission organizations" outside of the CIO's control.

Shadow IT has many implications, including the following:

  • Loss of overall control: The enterprise has no idea who's using what, and therefore no control of data access, management, or resource planning.
  • Inconsistency of systems: IT is challenging enough with approved vendor lists. When business units choose disparate systems, managing the environment becomes much more costly.
  • Increased risk of data loss: Intrusions and leaks are always a threat, and the threat is greater with limited organizational visibility into how services are being used.
  • Greater risk of errors due to non-IT professionals operating infrastructure.

Consider a scenario in which a rogue business unit moves a mission-critical application to a public cloud. Proprietary source code and potentially valuable customer data are put on the Internet, perhaps protected only by an email and password or another rudimentary authentication method. Now consider the thousands of AWS keys that have been found in plain text in source code on public GitHub repositories -- keys that can be used to unlock and gain entry to AWS customer accounts.

Furthermore, employees often access these AWS services from various devices at home, on their smartphones, and from unencrypted and unsecure networks. Security risks and potential mingling of personal and enterprise data are introduced every step of the way.

Choose security and control
Enterprises don't need to forfeit the flexibility, cost-effectiveness, and agility of public cloud services if they can make a strategic investment in an enterprise or departmental scale private cloud. Here are some of the benefits of this strategy.

  • Security: With a private cloud, you can leverage your security controls so data remains behind the firewall at all times. This protects your enterprise's information from being intercepted as it traverses the Internet -- or from being subpoenaed by government agents without your knowledge.
  • Availability: You can connect your private cloud directly to your infrastructure without having to rely on the speed and reliability of your Internet connection. You can also avoid downtime by controlling the redundancy in your own environment. Having comprehensive insight into your resources -- which is not possible with public cloud services -- means you're better able to plan for capacity.
  • Predictability: A private cloud gives you greater control of your compute, storage, and network resources, allowing you to scale the resources you need when you need them. Visibility into the available resources in public clouds is limited, and often the resources you need are not available when you need them.
  • Agility: A private cloud provides self-service orchestration of standard resources to increase speed, satisfaction, and efficiency for users. They get the same fast, seamless provisioning offered by public cloud providers, just as quickly and easily.

You don't just want the security and control of a private cloud -- your enterprise needs it. Laws and regulations often dictate it. Rogue clouds or IT sprawl can reach far into the enterprise, wreaking havoc with your enterprise security, control, system consistency, and more.

Like BYOD, BYOC will reach equilibrium in enterprise environments, with new enterprise applications running on a mix of private and public clouds. CIOs who deploy private clouds now still have an opportunity to get ahead of these risks, but time is running out. BYOC is a trend that is here to stay.

Trying to meet today's business technology needs with yesterday's IT organizational structure is like driving a Model T at the Indy 500. Time for a reset. Read our Transformative CIOs Organize For Success report today (free registration required).

Chris Kemp is the chief strategy officer for Nebula, which offers an integrated hardware and software appliance providing distributed compute, storage, and network services in a unified system. He formerly served as the CTO of NASA and CIO at Ames Research Center. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
4/4/2014 | 6:44:06 PM
Provide your own cloud to avoid BYOC
Possibly a shorter way of saying this is: Provide your own cloud to avoid the ills that come with Bring Your Own Cloud. But private cloud has to match, at least in limited ways, the expandability -- the elasticity-- of the public cloud. Not sure that it does in all instances.
User Rank: Apprentice
4/1/2014 | 6:11:32 PM
Bring Your Own Team
It is easier when good Security is built in by design and default.  The numbers of developers, system and network admins who incorrectly suppose they are well trained in good Information Security does not match with the breach statistics we experience.  

So, Bring Your Own Cloud simply assumes quality built in by design and default that simply is not there unless, there is a team behind you.  So, is BYOC that is nothing more than an increase in the speed of IT defects per second?  Or, does it imply a great process and team that comes with that Cloud.  Does good BYOC really mean Bring Your Own Team, BYOT?

But, wait, that smells of Fear, Uncertainty and Doubt, FUD, so it must come from an obstructionist.  I could be a crank.  All those years of IT and the humbling experience of Information Security could just have made me an obstructionist.  Maybe, I just like putting the breaks on things.  But, good breaks on your car could help you drive faster, less afraid to push the edge because you know you can control it when it matters.

What does decentralized control get us?  Factions and asymetric warfare.  What is Anonymous anyway beyond a BYOC organization?  But, maybe its decentralized software we need.  After all Java works right?  It is safe, right?  What language are drive by downloads written in?  Or, is it near the top vulnerability for safe computing on the Internet, just short of persons presuming that "[email protected]" is a secure and cleaver idea.    

But, why pick on Java.  

1) Decentralized processing

2) Not Secured by Design or Default

3) Quick common use across a wide variety of platforms.

Is it a fair model for the future state of BYOC?  Maybe, maybe not.  Thoughts?


Thomas Claburn
Thomas Claburn,
User Rank: Author
4/1/2014 | 4:43:24 PM
Bring your own security
Bring Your Own Cloud would be compelling if you could bring your own security through something like the Freedom Box project.
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll