How cloud can provide security from a BYOD policy

Advice Rene Millman May 4, 2012

Letting users bring their own devices can be problematical, yet combining this with a cloud policy could ensure security

Bring your own device (BYOD) isn’t just a trend in IT - in its own right it is forcing the adoption of cloud computing for many organisations.  

By 2014 some 80 per cent of professionals will use at least two personal devices to access corporate systems and data, according to Gartner research. And while the corporate desktop was all well and good for accessing legacy applications within the perimeter of the organisation’s infrastructure, the cloud has meant that new applications running atop them are free from the constraints of legacy clients tied to a desk and can be accessed anywhere from pretty much any device.

Admittedly, when end users first started using smartphones to access corporate data, they initially used email, which for the most part would quite happily connect to an individual physical server or server farm, mainly hosted on-premise safe within the corporate infrastructure. But such access prised open the infrastructure and made executives want to access more and more applications that were simply not designed to be accessed via the more traditional methods. The perimeter was soon to be blown apart.

With, at first, virtualisation and later cloud, organisations now have the ability to re-design apps that can keep smart device-using executives happy with their continued access to resources and give the rest of the organisation the means to escape the confines of the infrastructure and work anywhere with any device at any time.

It is a thought echoed by Matthew Lord, chief information security officer at IT services company Steria. If CIOs have not changed their systems to allow this kind of access they need to now.

“Today we still see key systems that can only be accessed internally and where only email has really been externalised,” says Lord. “CIOs should look to go beyond email and externalise internal apps in a secure way, while [only] offering the functionality the user needs on their phone, e.g. only the ability to view and approve a purchase order on SAP rather than all the functions they have when they are in the office.”

The consumerisation of IT is now so powerful with IT users accustomed to a Facebook and Gmail world, where they can access their applications and data from any time and pretty much any place.  

“Users are now bringing those same expectations to the office, with a blurring of work and non-work activities,” says John Gilmartin, vice president of marketing at data storage manufacturer Coraid. “The executive with the iPad accessing Salesforce.com and other “cloud” applications is forcing IT managers to re-think their service offerings.”

Gilmartin adds that to maintain relevance, IT departments need to deliver the same kind of flexibility and universal access, or the pace of applications moving into the cloud will only accelerate.

Others believe that if organisations are accessing a SaaS app from a range of devices already, then taking that to its logical conclusion organisation should not worry about implementing one or both cloud and BYOD.