Introduction and the risks posed
First it was BYOD, but no sooner are IT staff getting used to the idea of staff using unsanctioned and unprotected iPads and smartphones in the workplace than a new danger has emerged – the personal cloud.
What is the personal cloud?
"The personal cloud refers to cloud storage and collaboration solutions designed for consumers," says Ojas Rege, VP Strategy, MobileIron. A flexible and user-friendly place to store personal digital content, and always accessible, services include Dropbox (the 'king of the cloud' at 175 million users), Google Drive, Microsoft's OneDrive, Apple's iCloud and many others. All deal in online storage and file synchronisation – and all are hosting potentially sensitive corporate files from every workplace.
Recent research from Trustmarque indicates that 40% of British office workers admit to using cloud applications that haven't been sanctioned or provided by IT departments. "As personal cloud continues to encroach on workplaces, businesses will have to change the way they deal with employees who want to use personal cloud, by empowering rather than restricting them," says Angelo di Ventura, Director, Trustmarque.
"It's all about how we access the IT we need," says Peter Tebbutt, UK&I Country Leader, Alcatel-Lucent Enterprise. "We all have a collection of applications, web destinations, online services or content that we use in our personal or professional lives, and we want access to this unique collection regardless of which device we may be using."
How are personal clouds changing workplace IT?
In short: shadow IT. "Shadow IT is the use of technology outside IT's official mandate," explains Rege. "In the past, IT has tried to shut it down, but the personal cloud is so popular with employees that they use it regardless of whether they've been granted permission … the IT department is struggling with whether to restrict or support it, and how to actually pursue either option."
The reason is simple. "Employees are used to having all their content and data available in one place, easily accessible on any device, and don't understand why that isn't an option at work," says di Ventura. "This is creating a challenge for CIOs and IT Directors, who must move their focus away from being the builders of IT systems to becoming the brokers of cloud services." He thinks that computing will change as we see more businesses considering cloud-enabled self-service, single sign-on and identity lifecycle management to simplify adoption, and reduce risk.
"One challenge today is that Microsoft is no longer the default choice – Apple, Android, and BlackBerry have changed the expectation of the workplace and operating platform," says Tebbut. "Microsoft has lost its monopoly position and this will drive innovation and choice. Applications will have to work on multiple platforms, and computing will need to support this – and the personal cloud is a key driver and enabler of this."
What dangers does the personal cloud bring?
Security – or lack of. Personal cloud applications are unsecured and invisible to IT departments; potentially sensitive enterprise data now resides on a server the company can't protect.
"You and your organisation are now relying on a provider that has no contractual obligation to your company to keep it secure," says Martin Warren, Cloud Solutions Marketing Manager, NetApp. "And what happens to that data if an employee leaves a company, either voluntarily or otherwise?"
However, employees working remotely will do whatever they have to do to make their work-life as streamlined as possible. "The personal cloud makes employees more productive," says Rege, who thinks that saying no is not an option – it will fall on deaf ears.
"As a result, IT must look at different ways of securing data, such as file-level security rather than storage-level security so that data can remain secure regardless of where employees store it." The challenge is to enforce security policies across authorised and unauthorised cloud services without affecting employees' productivity.
That means no corporate firewall. Trustmarque's research found that 27% of cloud users said they had used cloud services and applications to get around the restrictions of corporate IT, which include limited data storage and email attachment limits.
"The result is that employees are putting corporate data and networks at risk – one in five cloud users even admitted to uploading sensitive company information to file sharing and personal cloud storage applications," says di Ventura. "IT departments must be able to analyse the activities that pose the greatest risk – such as sharing data outside the company – and block them specifically to mitigate risk."
Opportunities and the future
What opportunities does the personal cloud bring?
"For people who want to start or are running a business it is incredibly empowering," says Tom Povey, Director, MyFuturecloud, who thinks it can put small businesses on a level playing field with big competition. "The highly efficient internal communication systems that were once the preserve of big corporations are now open to anyone, as is the ability to work and operate from anywhere in the world – you no longer need physical infrastructure across the globe to be an international presence."
It might be popular, but the personal cloud isn't finished yet. "There's a need for better interconnect between different cloud providers for the best possible user experience on all platforms," says Warren.
One example is the latest update Dropbox has made to its iOS app, which allows content in a variety of apps to be saved directly to Dropbox. It's a small change but completes the circle by doing away with the need to email yourself a photo – from a work point of view, that's a hugely productive change.
What will happen next with the personal cloud?
Some think that IT departments need to claw back network sovereignty and take a hard line against personal cloud apps. "As cybersecurity concerns mount, IT departments need to prioritise network protection rather than trying to embrace personal cloud services used by employees," says Lubor Ptacek, VP Product Marketing at OpenText. "What enterprises need are cloud-based services that have been designed and built specifically for business."
There's good reasoning behind this hard line since both the EU's Data Protection Directive and UK's Data Protection regulation mean that businesses are accountable for governing the transfer of personally identifiable information across Europe. "Organisations need clear visibility of data," says Ptacek, "and this is something personal cloud providers can't bring to the table."
A more inclusive approach is the adoption of the hybrid cloud. The vast majority of cloud users (84% according to Trustmarque) say they haven't got or don't know if there is a cloud usage policy in their workplace. That apathy and disregard for IT diktats is only going to get worse.
Perhaps there is only one choice for IT departments. "The personal cloud will have more of a role in enterprise computing as hybrid cloud architectures become the norm," says di Ventura. "Hybrid cloud will let organisations empower their users and keep them happy, while at the same time ensuring risk is minimised by using the right cloud for each workload."
One way of IT departments wresting back some control of the personal cloud is to design their own personal cloud apps. "The personal cloud will continue to evolve towards professional uses, and it's likely that as in-house expertise and skills develop we will see more and more services coming from the enterprise IT departments themselves as opposed to apps sourced from the public app stores," says Tebbutt.
What kind of business models are we seeing emerge built on the personal cloud?
The consumerisation of IT that has been fostered by free cloud storage services is creating new ways of doing things. "Because they can no longer say 'no, you can't use XYZ service for company activities', IT managers are faced with a choice – let their users roam free or deploy equally approachable solutions that enable them to also control how data is created, used, and shared," says Jeff Denworth, SVP Marketing at CTERA.
"The result is the proliferation of a new class of IT toolsets, IT controls and management capabilities coupled with an ease of use that simplifies the everyday work experience – all being democratised by a new class of IT-as-a-service platform providers." Denworth also predicts that new biometric approaches to data protection and authentication will also flourish.
What could the personal cloud look like in 10 years?
The personal cloud and shadow IT aren't likely to disappear, but the boundaries between them probably will. "In 10 years, there will be no distinction between the 'personal' and 'business' cloud," says Rege, who thinks that we're likely to see a holistic approach to the cloud in the workplace. "Security will exist at the file-level and employees will be able to use whichever productivity solution helps them do their jobs better."
As well as free choice of apps and storage, and biometrically-locked files, the personal cloud is likely to link to new devices. Think wearables linked to business apps in the cloud, and smart homes controlled from afar with unlimited and low cost computing power that "evolves every aspect of the IT experience from reactive and productive to predictive, preventative and proactive," according to Denworth.
Such is the popularity of personal cloud apps, that whatever it lacks, the personal cloud will probably overcome in time. Warren thinks that the personal cloud is already on a mission to become enterprise-grade.
"Personal cloud companies are acutely aware that the existing model is not fit-for-purpose in an enterprise environment," he says. "We will begin to see personal cloud providers working more closely with enterprise-class cloud, infrastructure and security providers. Combining an intuitive interface with enterprise-grade resiliency and security is a compelling business proposition for companies of all sizes."
How to ensure that shadow IT doesn't put your data at risk in 2015