X
Tech

Enterprises must secure personal clouds

With use of personal cloud services among business users growing, IT departments need to be mindful of associated risks so they can safeguard against security vulnerabilities, says Gartner analyst.
Written by Liau Yun Qing, Contributor

SINGAPORE--Similar to how the adoption of bring-your-own device (BYOD) grew in the workplace, personal cloud services are increasingly used in the office. But rather than block such services, IT departments should look at ways to accommodate such use and plug any potential security risk.

Speaking at a briefing on consumer devices here Tuesday, Song Chuang, research director at Gartner, said the consumerization of IT will expand from BYOD to bring-your-own services as consumers move to use personal cloud services in the workplace.

The analyst listed cloud storage provider Dropbox, Apple's online storage locker MobileMe, and Evernote as examples of personal cloud services that will make their way into the office environment.

Although IT departments will want to control network access, ultimately, consumerization will always win, Chuang said. Therefore, instead of preventing access to personal cloud services, IT managers should identify potential security risks from "bring-your-own services" and how these can be managed.

One such vulnerability is data leakage from non-corporate devices, he noted. Should employees store and access corporate information on the personal cloud via their personal devices, sensitive business data can be leaked when the device is stolen or compromised.

To prevent this scenario, Chuang said IT departments need to limit users to a list of pre-approved cloud services which are supported within the company. It will also need to communicate and educate users on the company's IT policies and implement mobile device management to enforce these rules.

With cloud services, user data is also hosted on public servers, he said, adding that this creates another security vulnerability.

Files that are not encrypted potentially may be read by anyone with access to the server and security glitches can cause files to be exposed, he said. To counter such risks, he advised users to encrypt their data before uploading it to their personal cloud so the content cannot be deciphered even if the service provider's network is compromised.

Chuang also highlighted potential vulnerabilities in cloud applications, which allow malicious hackers to exploit the loophole and gain access to the system, and therefore, customer data. To guard against this, he suggested IT departments block the use of unauthorized personal cloud software on workstations. Alternatively, they can turn to security and access control tools to manage these applications.

Personal cloud to be center of user's digital life
According to Gartner's predictions, personal cloud will hit mainstream adoption by 2015.

Andrew Johnson, the research firm's managing vice president who was also at the Singapore briefing, defined personal cloud to encompass the storing, sharing and streaming of content, through multiple screens in an always-on and always-available lifestyle.

"People will not pick just one best device," Johnson said, adding that users will choose devices for different functionalities based on different screen sizes.

Lilian Tay, principal research analyst, further noted that consumers were moving away from the PC as the center of their digital life. Instead, personal cloud will be the center of consumer devices, allowing users to access content on multiple devices, noted the Gartner analyst, who was also at the briefing.

According to Johnson, the complexity arising from the emergence of various cloud services and device types will drive consumers to choose these products based on the company's brand.

By 2014, he noted that brand value will be the key differentiator for consumer device. As a result, to better compete, vendors will need to ensure strong brand perception that stretches across multiple devices and services, he said.

Editorial standards