IT's new concern: 'Bring your own cloud'
As personal and professional clouds converge, IT's mission to improve productivity while protecting corporate apps and data is getting tougher.
Robert L. Mitchell
May 20, 2013 (Computerworld)
Bring your own device is so 2012. The next big push in the consumerization of IT is bring your own cloud. And just as when consumer devices poured into the enterprise, many IT organizations have already responded with a list of do's and don'ts.
The standard approach has been to forbid the use of personal cloud applications for business use, by offering official alternatives -- the "use this, not that" approach -- and to carve out separate cloud storage workspaces for business documents that can be walled off, managed and audited. But personal cloud services are difficult to control, and users are adept at going around IT if the productivity tools in their personal cloud can do the job easier, faster and better. IT wants a bifurcated approach to consumer and professional cloud apps and storage. But users don't work that way anymore.
Getting Around IT
Scott Davis, CTO of end-user computing at VMware, originally began using a personal cloud app for business after the IT organization failed to offer a viable solution that met his needs. Davis, who has speaking engagements all over the world and needs to share large multimedia presentation files, asked for an exception to VMware's email attachment size quota. IT responded first by suggesting that he pare down the content and then followed up by suggesting that he buy "a bag full of USB drives" to send presentations by mail.
"That's when I started using Dropbox," he says. "IT has competition. People know what's out there and how to get the job done if IT doesn't help them."
Gartner analyst Michael Gartenberg agrees. "IT has to deal not only with bring-your-own devices but bring-your-own services," he says. People will bypass even viable alternatives if they feel that the officially sanctioned professional cloud offering isn't equal to the task -- or if they have a personal cloud app they like better. "If it's digital and it's consumer, it's going to find its way into the office. People will come up with reasons for using it," he says.
At construction management firm Skanska USA Building, employees are mashing up business and personal work on a wide range of personal cloud services, including Dropbox and Evernote. Today, says senior enterprise engineer Jeff Roman, "We don't control that." But IT is actively reviewing its options. "What are we going to limit? What can they access at work and at home?" he asks. Right now that's controlled by use policies that employees must follow as to what types of documents need to stay out of the cloud and what's permissible. For example, financial data "should never touch a cloud service," he says, nor should some documents relating to government projects.
But Skanska is also looking for an officially sanctioned cloud storage option. It is considering Microsoft's SkyDrive Pro, using Citrix's ZenMobile to provide virtual access to files stored on back-end servers, or using niche services such as Autodesk Buzzsaw, which puts construction design tools and documents in the cloud. "We don't need people using all of these different tools," he says, but any solution must be as easy to use as the personal cloud tools employees rely on. Otherwise, users are likely to bypass the official alternative.
"It will be tough to find a one-size-fits-all solution," he says, "but we're working on it. I am hopeful that within the next year we will have one in place, whether that is on-premises or cloud or a hybrid of both."
Blurring the Lines
Organizations need to develop a three-pronged strategy for on-premises, off-premises and cloud, says Jim Guinn, managing director at consultancy PricewaterhouseCoopers. "You really need to pay attention to how you secure documents that are in someone else's cloud-based service," he says.
Roman says some documents just don't belong in popular cloud storage services. "I've read the whitepapers on Dropbox and Box. I guess they're secure," he says. But for sensitive documents, he adds, "we don't want to risk it."
Even the issue of who owns business applications and how those applications are licensed is blurring. Evernote for Business, for example, adds a business services layer that includes policy-controlled business notebooks and adds business document libraries to the user's personal Evernote account. Personal and professional documents reside in different repositories but with a unified view.
"We're seeing a transition from two completely separate worlds to a world where there is no line between what's good for personal and what's good for business," says Andrew Sinkov, vice president of marketing at Evernote. And if the user leaves the organization, the account -- sans business documents -- goes with him. "This model is little understood but I think will have a profound impact," says Frank Gillett, an analyst at Forrester Research.
With Office 2013 and SkyDrive, Microsoft has taken a small step toward creating a unified view of the user's personal and professional worlds. It has created synchronized, local versions of the user's SkyDrive and SkyDrive Pro (SharePoint document library) storage repositories that exist as separate folders on the user's local desktop. In this way, Office 365 can create and modify documents in the cloud, Office 2013 can read and write to the same files in a local folder, and all changes will be synchronized. "There's a convergence happening from the user's point of view," says Microsoft storyteller Steve Clayton.
This strategy gets around the modal approach to personal and professional workflows -- the two-car-garage model where the user must back out of one account bay and enter another to view and edit documents. Office applications can save to either folder. And if the user copies a document from his personal SkyDrive folder into the SkyDrive Pro folder, that file will be copied back to the cloud, where the policies for that document library will apply.
But only in the cloud. While IT can control which files users can sync with SkyDrive Pro, the cloud service can't control what users do with the locally stored versions of those files. Users either must work with sensitive files in the cloud only or use Office 2013's Information Rights Management feature to control forwarding, copying or printing of specific documents.
"Clearly, there's a lot of change coming where IT has to integrate these [personal cloud services] into the current stack and figure out how it will work together," says Amit Singh, president of the enterprise unit at Google, which in recent years has added enterprise features to consumer-based cloud applications such as Google Docs. With the latter, individual documents can be shared between the controlled, auditable professional account and the user's personal account. But Docs offers no unified document view. On the other hand, Google Plus, Singh says, "was imagined as a semipermeable layer where we add controls for the enterprise from the bottom up."