Bring your own cloud (BYOC) isn’t the same thing as bring your own device (BYOD), though the two concepts have similarities and bring similar risks and rewards to an organization.
With BYOC, end-users use personal cloud apps for work, whereas with BYOD, they use personal devices for work.
Say someone in your organization has a great big file they need to give someone else access to. It’s too big to email as an attachment, and putting it on a flash drive would involve getting up and taking it all the way to another floor. So this end-user figures, “Hey, I’ll just put it on my personal Google Drive and share it that way.” Or DropBox. Or some other sharing app on which the end-user has a personal account.
OK, for one thing, kitten videos do not use less space than cat videos. For another, sharing them is not a valid function for the finance department.
They’re Probably Already Doing It
There’s not much use in hand-wringing over whether people in your organization will start using BYOC, because chances are they’re already doing it. And it’s easy to see why. If there’s not a work app to do what they need, and they have a personal app that will do it, then they figure it’s the productive thing to do. But while productivity gains are laudable, they raise the risk of big problems, like what happens when a file full of company-confidential information is accidentally shared with an end-user’s Kickball team along with the spring schedule.
When IT Is the Last to Know About Cloud Apps
Another major problem with assuming that nobody is using BYOC is that the IT team may only find out about it when something goes horribly awry. If you work in an organization of thick-walled silos where IT is nonetheless tasked with caring for the entire IT infrastructure, watch out. The marketing unit may not ask IT before signing everyone up for SalesForce on “Marketing’s Own Cloud,” and IT remains blissfully unaware, until the network is strained to the breaking point and everything crashes.
The collapse of the Roman Forum is believed to have been caused by a major database overload in 179 BCE.
Or, suppose the technical writing department decides they’ll save the company money by having everyone get their own DropBox account for file sharing. How nice. Except using personal DropBox accounts for business violates the terms and conditions. And if someone is off-site and starts sharing stuff over an unsecure network and gets hacked, well, it would be a comedy of errors except nobody would laugh.
Look for cloud apps with enterprise versions, and use those instead of consumer versions. In other words, use the enterprise version of Google Drive rather than letting end-users use personal Google Drive accounts. Not only is it legally safer, the enterprise versions often include added security measures.
Why You Need a BYOC Policy
You need a BYOC policy before BYOC habits get entrenched. This is the best way to minimize risks. Your BYOC policy should clearly state why you’re allowing it. Maybe you’ll allow BYOC strictly for archival, or for sharing big files. It’s important to specify what end-users are allowed to use BYOC for and not allow it for other things. The BYOC policy should make sense across the entire organization, and employees should all have a copy of it. Ideally, all employees should be briefed on it so they won’t dismiss it as just another email or memo. You might consider using your IT service desk’s self-service portal to let end-users access BYOC training to ensure policy compliance.
Performance Monitoring and Capacity Planning
What you don’t want is an out-of-control proliferation of cloud tools. Many cloud tools are flexible enough that they can be used across multiple departments, so you can keep the number of tools to a minimum. Performance monitoring tools can help you figure out when “tool clutter” gets to be a problem.
You also want to keep an eye on the future. Learn what various departments want to do, and what cloud tools they would like to bring on board. Will they overload your network? Will they slow things down for everyone else? If your IT team has to take care of the whole organization’s IT infrastructure, then at the very least it needs a few windows into the sides of all those silos so as not to get taken by surprise by some major new network-hogging suite of applications.