Blackstone has policies against using personal cloud apps for business functions and blocks user access at work to a few popular ones, including Google Drive and Dropbox. But Murphy doesn't force staffers to use WatchDox. Rather, he touts WatchDox's ability to sync documents across all of a user's devices and points out that it's more convenient than having to use a proprietary application to access and manipulate content.
"Anyone who believes we can completely shut users off from creating their own content from a variety of [personal cloud apps], well, that's a fallacy," he says. Instead, Blackstone teaches employees about the firm's document use policy and offers WatchDox as an option. "We're just trying to make it easier for them to do the right thing," he says.
The Task at Hand for IT
But not all consumer-based cloud apps will necessarily be expanded to support enterprise security and compliance needs.
As the personal and professional worlds continue to blur, IT will have to adapt. Users will want to use some of their own personal cloud-based productivity tools, so for better or worse, IT will need to support mainstream personal cloud apps -- including Dropbox, says Gillett. Going forward, he says, "you need to look at integrating employees' personal cloud apps and data in the same way you connect with business partners today."
Ultimately, IT will have to stop worrying about how to control which applications people are using or where documents reside and focus on protecting the documents themselves, says Gartner analyst Ken Dulaney. "Companies will just have to permit these things and take a different look at security," he says, adding that IT will eventually embrace digital rights management schemes such as Microsoft's Information Rights Management service.
"We're working with Microsoft on ways to support that in a mobile context," says Nicko van Someren, CTO at enterprise mobile management vendor Good Technology. But the market for the use of rights management servers to track and control content is still embryonic, he adds.
While DRM has a bad reputation among consumers, the systems could work for business, Dulaney says. He sees an evolution of products similar to WatchDox, which encrypts files that move outside of the enterprise space and requires that users have an authenticated reader app to view them. To this, IT might also need to add public key infrastructure systems and certificates, Dulaney says.
But if the idea of DRM seems unpalatable -- and expensive -- the convergence of personal and professional clouds could leave IT organizations with few other options for protecting truly sensitive documents. IT departments will also be faced with the challenge of maximizing convenience while protecting those documents in a world where those assets need to exist on and move quickly between many different endpoint devices.
Sign up for CIO Asia eNewsletters.