Bring-your-own-device (BYOD) policies have had a huge impact on enterprises recently, driven largely by employees' desire to use their own mobile phones, tablets, and laptops at work. When it's done right, the use of personal devices offers workers countless benefits, including flexibility, continuous access to data, higher productivity, and less dependence on central IT.
BYOD can also be heavily disruptive to IT processes and policies, and it's taken some time for enterprises to embrace the change. BYOD is acceptable in many workplaces, but phones, tablets, and laptops are still provided by IT in most enterprises. To minimize risk and ensure that employees use these devices appropriately, CIOs and CTOs must carefully consider and address the following factors:
BYOD users advance to BYOC
With careful implementation of BYOD rules and procedures such as tracking through mobile device management, setting up security to block intruders from breaking into a firewall or virtual private network (VPN), and employee training, enterprises are meeting the challenges of BYOD, and the trend is progressing. Today, however, employees have moved on to a new organizational and IT challenge: bring your own cloud (BYOC).
[Want to learn more about moving legacy applications to the cloud? Read Nebula, Gigaspaces Team To Ease OpenStack App Migrations.]
In BYOC, departmental units, workgroups, or individual employees use public or third-party cloud services because it's faster, easier, or less expensive than going to IT to fulfill specific needs. Often these services are very low-cost or free for a limited capacity. For the individual employee, this might seem like a cost-effective solution, but when you consider the cost of managing thousands of accounts on hundreds of disparate cloud providers, the lack of visibility into how these systems are being used, the aggregate cost of these services, and their effect on the organization's regulatory compliance and security posture, the disadvantages often outweigh the benefits.
BYOC has become so pervasive in today's enterprise that many CIOs have coined the term "shadow IT" to refer to the infrastructure provisioned by internal organizations -- typically line-of-business units within the enterprise. When I was a CIO at NASA, much of the spending on IT infrastructure was done by "mission organizations" outside of the CIO's control.
Shadow IT has many implications, including the following:
Consider a scenario in which a rogue business unit moves a mission-critical application to a public cloud. Proprietary source code and potentially valuable customer data are put on the Internet, perhaps protected only by an email and password or another rudimentary authentication method. Now consider the thousands of AWS keys that have been found in plain text in source code on public GitHub repositories -- keys that can be used to unlock and gain entry to AWS customer accounts.
Furthermore, employees often access these AWS services from various devices at home, on their smartphones, and from unencrypted and unsecure networks. Security risks and potential mingling of personal and enterprise data are introduced every step of the way.
Choose security and control
Enterprises don't need to forfeit the flexibility, cost-effectiveness, and agility of public cloud services if they can make a strategic investment in an enterprise or departmental scale private cloud. Here are some of the benefits of this strategy.
You don't just want the security and control of a private cloud -- your enterprise needs it. Laws and regulations often dictate it. Rogue clouds or IT sprawl can reach far into the enterprise, wreaking havoc with your enterprise security, control, system consistency, and more.
Like BYOD, BYOC will reach equilibrium in enterprise environments, with new enterprise applications running on a mix of private and public clouds. CIOs who deploy private clouds now still have an opportunity to get ahead of these risks, but time is running out. BYOC is a trend that is here to stay.
Trying to meet today's business technology needs with yesterday's IT organizational structure is like driving a Model T at the Indy 500. Time for a reset. Read our Transformative CIOs Organize For Success report today (free registration required).Chris Kemp is the chief strategy officer for Nebula, which offers an integrated hardware and software appliance providing distributed compute, storage, and network services in a unified system. He formerly served as the CTO of NASA and CIO at Ames Research Center. View Full Bio