Bring Your Own Cloud (BYOC) is continuing to be a problem in enterprises. Employees adopt third-party cloud services applications because they are fast, convenient, low cost and easy to use. However this Shadow IT does not have the approval of the IT department or meet IT policies. This poses a major risk to enterprises on a number of levels.
1. Security implications.
BYOC leaves enterprises open to serious security breaches. Firstly, the enterprise no longer retains control of its data and has no idea what is being uploaded and to which cloud services. Data can easily fall into the wrong hands or get lost. According to a report by Frost and Sullivan, more than 80% of respondents admitted to using non-approved SaaS (Software as a Service) applications in their jobs. Around 15% of all employees have experienced one or more incidents of malware, data loss, unauthorized or blocked access using a SaaS application.
2. Increased complexity
Having unauthorized and unmonitored BYOC applications running on enterprise networks introduces additional complexities and vulnerabilities into the infrastructure. IT departments who are already under siege trying to manage the complex nature of their own data centers and ensure capacity, have the added stress of trying to track and manage services totally outside of their control. Read Forrester’s Five Steps to a BYOC strategy.
3. Drain on resources
The majority of enterprise networks are not structured to handle a surge in file sharing created by BYOC applications. Suddenly IT departments are left unable to scale operations in accordance with workload. Such a drain on the network means that there is less bandwidth available for day-to-day operations which slows down processes and productivity overall. Read more about the risks in the Ponemon Institute’s The Insider Threat Of Bring Your Own Cloud.
4. Question of compliance
BYOC not only raises questions about compliance with the enterprise’s own security guidelines, but also with industry regulation and data protection legislation. Health providers and financial services organizations, for example, must comply with strict security and data protection regulations. With BYOC securing basic information is a challenge, let alone sensitive data. Security breaches can involve hefty fines, loss of reputation together with legal costs. Read more about data breaches, response and mitigation requirements.
5. Data silo danger
BYOC brings with it a danger of creating data silos as users store and process data outside of the corporate environment. This can affect all areas including document management, customer data and business intelligence. Because tools are easy to use and procure, any adherence to data governance is usually an afterthought. IT departments are left with the impossible task of trying to cleanse, reconcile and integrate data across a number of different silos, so that it can be shared with other parts of the enterprise.
The answer is to deploy cloud enterprise-approved cloud tools. Find out more about Private Cloud Services from Orange Business Services and Business VPN Galerie, which integrates public cloud services into the enterprise infrastructure.