With Bring your Own Device (BYOD) now common place in most Enterprise IT environments, the use of the Personal Cloud is being used as a solution to how users manage and share data across multiple personal devices. This new trend is aptly referred to as Bring your Own Cloud (BYOC). The management of which is a concern to security conscious corporate CIOs.
The business case for personal clouds is clear, with business teams working virtually as well as collaboratively with partners, as well as individuals working across devices such as tablets and smart phones. The need to seamlessly share data in this type of environment is supported by the use of a cloud. Personal clouds are available from such companies as Apple (iCloud) and Amazon, and file sharing systems such as Dropbox and YouSendIt.
The security concern is not about the security of a public cloud, but rather that once a document or data goes outside the enterprise, then the organization loses control over who has access to this data. Here are some considerations that CIOs can explore to address this security concern.
Make your sharing policies clear
Putting corporate policies in place as to guidelines for what data can be shared with who is a starting point for handling the issues. Personally, I believe this is a new spin on an old issue. Traditionally, NDA (non-disclosure agreements) have been used to protect data that is shared. It’s just that the share of data has become easier, and the type of data available to be shared has become wider.
Implement a private or hybrid cloud
Though this solution may be the hammer to viewing the world as a nail, providing cloud services to employees and partners in a private or a hybrid private/public cloud solution is an ideal way to make sure the data remains fully in control of the IT management or their trusted cloud solution vendor.
Another variation on this is to have IT able to access to cloud logs and usage information from the personal clouds used to verify any potential miss-use or distribution of data. This could be done if IT departments make recommendations to employees the public clouds to be used.
Integrate Privacy Solutions into Apps
My initial research hasn’t provided me with a lot of examples for integrating security solutions into Apps that would use personal clouds. Because it is a new and growing trend, possibly they need to be developed or be custom solutions. For me an excellent solution is to have the security layer at the source of the data, rather than to rely on security being handled in the IT infrastructure of the cloud.
Basically a form of encryption or privacy control that can be set in the application, that will only allow authorized users to access the data. This makes the security solution independent of the personal cloud chosen. The IT department would make the custom App or encryption key available to users, allowing users to store the data in their own personal cloud, accessible only to others using the same App or key.