The prominent trend for employees to use their own devices for work, BYOD, has been repeatedly highlighted as a significant threat to the security of corporate data. But, beyond BYOD, growing mobility and an increasingly globalised workforce has seen more and more employees bring consumer-oriented cloud storage and collaboration services into the professional environment.
So how can IT managers and CIOs effectively manage BYOC, ensuring that their company remains compliant to collaboration and file-sharing regulations without hindering valuable collaboration?
One of the main issues facing CIOs and IT managers when tackling BYOC is the fact that employee intentions are positive and they simply do not realise the potential implications of utilising consumer-grade software. It is therefore important to educate them on the dangers.
As a starting point, companies should revise their wider Acceptable Usage Policy (AUP) to include a section on the use of consumer software in the workplace. This should include all prohibited software along with the sanctions for breaching that section of the AUP.
It is vital that companies follow this up with meetings or updates to explain the reasons for these changes. Failure to do so may lead to the prohibited software becoming ‘taboo’ and employees feeling that senior management is being unreasonable resulting in them using the consumer-grade software anyway.
Once a company has laid down the law when it comes to BYOC, it must look at why employees were using consumer-grade collaboration software in the first place. If the majority of employees are utilising a consumer service such as Dropbox as a means of increasing productivity or facilitating mobile working, this may present a shortcoming in the company’s service provision.
Communicating with employees to establish what particular functionality made them decide to turn to a consumer option will work wonders for acquiring a view of the bigger picture and will be invaluable when formulating a way to address the issue.
In response to this growing requirement, enterprise focussed access-anywhere storage and collaboration is becoming a necessity. For the IT department these services provide a means of (re)centralising control over corporate data. By ensuring all staff are using the same technology and by providing a single centralised console from which to administer all users’ access, IT Administrators can ensure they have absolute visibility and control over the data they’re responsible for protecting.
These services also include advanced security features lacking in their consumer counterparts. For example, a large number of consumer cloud storage and collaboration services do not feature encryption or a company’s data may be stored on low security file servers belonging to the service provider in whatever country or countries their service is provided from.
A true business grade alternative offers very strong encryption of data before it leaves the employee’s device. This ensures the data cannot be read except by the company to whom it belongs. Similarly,it will include stringent financially backed SLAs regarding where that data will be held and provide assurances in terms of the levels of availability.
A provider of enterprise cloud services would also likely have gained accreditations such as ISO 9001 and ISO 27001 in order to provide reassurances to clients that their quality and security processes are sufficiently robust. These accreditations are less prevalent in the consumer arena and, as such, it’s more challenging to vet potential suppliers.
For the end user, the benefits over a consumer service are perhaps less obvious. Whilst the functionality they receive will be similar to that which they could gain using a consumer service, they will no longer be placing themselves potentially at risk of dismissal in severe instances and their organisation at risk of fines, loss of reputation or loss of intellectual property. They will also gain access to support from their helpdesk in the event of an issue and their cloud storage and collaboration will be centrally configured and properly integrated rather than potentially blocked by enterprise firewalls.