How to implement personal storage within your company

Advice Tom Brewster Apr 4, 2014

CIOs can embrace personal clouds, but must wrap the right security around them first

The use of personal clouds, such as Dropbox, has been expanding rapidly in recent months. Employees have been adopting them for various means, often for sharing corporate data without IT knowing a thing. This trend, known as shadow IT, has been doing the rounds for some time, but with the consistent release of new cloud platforms, the situation has become considerably more urgent for those in charge of protecting the organisation.

There is a general consensus here: IT chiefs have to accept the scores of personal cloud services entering the workplace, from Dropbox to SkyDrive to Google Drive to Evernote, rather than repel them. If they don’t embrace the increasing use of such popular software, they will hinder the business and irritate employees, says Alastair Mitchell, chief executive officer at cloud collaboration provider Huddle.

“It’s no surprise that personal clouds are infiltrating the workspace… Forcing complex, legacy systems onto employees isn’t an answer for businesses as people will just bypass them in favour of easy-to-use consumer tools,” he adds.

“IT departments need to step back and look at services that combine the security measures they need – audit trails and granular permissions for instance – with the ease of use of personal clouds. If people feel a new technology helps them get their job done, they’ll use it.”

According to security consultant Thom Langford, IT chiefs should take this shift as an opportunity to figure out why workers love cloud services and model their strategy around what they find. “Businesses should really try to understand why people are using these services in the first place. I would argue that in most cases it is because the tools that the business offers do not meet the demands of the users,” says Langford.

Forcing complex, legacy systems onto employees isn’t an answer for businesses as people will just bypass them in favour of easy-to-use consumer tools

Blocking such personal clouds, he argues, is simply not an option until the business has been able to meet worker demands for speedy, user-friendly cloud systems that they can access away from the workplace. “Internal IT functions have two real choices. They can up their game and start providing services that truly meet the need of the users and the business by providing cutting edge, best of breed facilities that offer all of the advantages of the cloud solutions,” Langford adds.

“Or, they can embrace these cloud solutions, albeit on their own terms. Carry out risk assessments, work with the providers to ensure security and technology demands can be met in the cloud, integrate with their internal systems, and simply outsource it.”

Encouraging best practice
It’s also worth encouraging and educating employees on best practices surrounding the security of cloud. This can boil down to offering guidance on the more secure products on the market, says Bunmi Sowande, technical consultant at F-Secure, who argues that almost all personal cloud services “are not secure enough to be used as a business tool”.

“Make sure employees are not inadvertently using insecure cloud services or sharing confidential information or Intellectual property on personal clouds,” he adds, recommending businesses get together approved lists of cloud apps.