Forget BYOD, what about BYOC?

Having worked in the IT industry for 14-plus years you encounter many buzz words and industry trends that either take off, or simply sprout up and die. BYOD (bring your own device) is not only a buzzword, but a real situation that has plagued IT departments for years with support challenges, data loss, and other headaches. The industry has responded by providing numerous MDM (mobile device management) solutions to combat, manage, and seamlessly support an environment that encourages BYOD. BYOD is no longer a foreign acronym, it is something discussed in the help desk trenches and in the boardroom, but what about BYOC (bring your own cloud)? If you haven't heard of this term yet, you should probably start developing a plan of attack to mitigate this risk.

BYOC refers to staff having access to public cloud services from within your network such as Dropbox, Box.net, OneDrive, and other third party cloud/hosted platforms. Like BYOD, BYOC falls within the definition of Shadow IT: "IT systems and IT solutions built and used inside an organization without explicit organizational approval.” BYOC stems from situations/environments where users feel they don't have the services and solutions necessary to perform their role within the organization. There are many forms of BYOC, but let's use a fictional company and Dropbox as an example of BYOC and how it can impact your business.

The example company does not have Dropbox as an IT or business standard; however, a handful of employees in the sales department have installed Dropbox Personal on their laptops. They feel that having access to their files at all times is important, regardless if they are in the office or not. They also hate using the current FTP server to share information with their clients and partners so they've created a workaround. The sales staff can simply drag and drop corporate folders from the internal file-share to their personal Dropbox accounts and in a matter of minutes, corporate information is synchronized with the Dropbox cloud, on Dropbox servers, and in an employee's personal Dropbox account. So what if this employee leaves? Here's where your business is at risk.

Let's just say Joe in sales decides to leave your company to work for a competitor. You follow your typical user exist process by changing passwords, decommissioning accounts, and wishing this person all the best. However, what you can't control is all the data that has been stored within their personal cloud accounts such as Dropbox Personal; this is where BYOC could rear its ugly head. Because you had no policies and/or systems in place to deal with BYOC, Joe had a copy of all your templates and proprietary information and is now working for your biggest competitor. Of course this is making the assumption that Joe has malicious intent, but I simply wanted to depict one example of why it's important to acknowledge and manage the risk of BYOC within your organization.

The good thing is that there are many ways to combat BYOC, from systems and solutions to policies, there are ways to provide the services and tools your staff are looking for that can be managed, monitored, and controlled by your IT department. Dropbox as an example has a business edition which provides full control, auditing, and monitoring of data as well as the essential transparency of who has access to what, who is sharing information externally, and details of where your business data lives outside the organization. If someone leaves, you have the ability to wipe your business data regardless if this has been synchronized to personal computers. Again, this is one example, but a real example, that I've seen a handful of times in the past couple of months.

If you haven't thought about BYOC I suggest you review the current state of your IT systems, policies, and most importantly your business needs. Sometimes it's as easy as doing a staff survey to find out what's working and what isn't when it comes to technology as this will often reveal the pain points which become the root cause of BYOC developing within your business. This isn't something that can be ignored as the cloud isn't going away, people want to work as efficiently as possible and often technology provides the means to do so. It is up to you to assess and provide the solutions to not only protect your business data, but to ensure your employees have the tools they need in an effort to prevent the rise of BYOC.