Bring Your Own Cloud (BYOC) is often associated with personal services like Dropbox, but internal business units have also been known to sign up for cloud services without IT's knowledge, raising questions about everything from security to business service expectations.
But if you have a plan in place when it comes to business units accessing external cloud services for projects, IT and the business can get what they want without jeopardizing services or security. Here are the key things to consider:
* Establish policies on what material is acceptable to store on public clouds. Do not store confidential material outside of the company firewall unless your security organization has performed a security audit on the provider. Security organizations typically have classifications for different information and can assess if the necessary controls are in place by the provider. Clouds often do not offer data encryption and can leave your data vulnerable. Depending on the data you wish to store in the cloud, you should ensure that it is encrypted both in flight and at rest.
* Know where your data is hosted. Privacy laws are different in most countries. The privacy laws in many European countries does not permit data to be stored in certain countries, even the U.S. Confirm you know where your provider is hosting your data and align with your country's respective privacy laws.
* Understand the privacy and security policies of the provider. Research what kind of physical and logical security policies are in place and adjust your own internal security accordingly. If you are in the public sector, security needs can be vastly different. SafeGov.org is a recommended forum assisting IT providers in gaining a better understanding of cloud computing offerings as they relate to the public sector.
* Ensure vulnerabilities are not introduced into the environment. The IT infrastructure underpinning this data storage and sharing application can also be designed to ensure compliance with availability and data preservation policies such as back up, etc.
* Work with tools that provide a unified view of the infrastructure. This approach enables IT administrators to monitor public and private cloud resources and proactively stop service errors caused by service degradation or misallocated resources.
* Have an assurance plan in place. Whether it is for temporary cloud bursting or a permanent effort to integrate the cloud as a part of your infrastructure, you want to provide a consistent service experience. Your services hosted in the cloud or spanning your hybrid environment require monitoring for availability, performance and disruptions/degradations. The tools you choose should offer robust service assurance capabilities across your disparate environment legacy, virtualized, hybrid or even cloud.
Although BYOC raises many issues for IT to manage, IT should be aware of the cloud services employees and departments are using for corporate data and emphasize different ways to combat problems associated with BYOC.
Sign up for CIO Asia eNewsletters.