The bring your own device (BYOD) trend is growing, with more businesses allowing employees to use their own smartphones and laptops for work purposes, which presents a big opportunity for cloud service providers to sell the cloud as an alternative to storing company data on personal devices.
An increasing number of businesses are removing company-issued smartphones from their budget lists and allowing employees to use their own smartphones. As a result, IT departments are faced with the task of not only supporting employees’ smartphones, but also making sure work-related files accessed on personal mobile devices remain secure.
Employees are pleased with the BYOD trend because it means they don’t need to carry two laptops, two smartphones and two tablets. But cloud providers say IT departments often feel somewhat squeamish about allowing employees to use their own devices for work, because they need to ensure that company email, corporate secrets and sensitive data won’t be shared with competitors if devices get lost, stolen or hacked, or if their owners move on to new jobs with competitors.
And that’s where providers say the cloud is increasingly starting to factor in as a solution.
“Businesses are looking at the cloud as a solution to BYOD because they’ll have more control from both a security and disaster recovery standpoint,” noted Robert J. Chandler, president and CEO of Cloud9 Real Time, a cloud provider based in San Diego. “Almost on a daily basis, a business will contact us and let us know that an employee has left the company and we need to wipe their information remotely and terminate access.”
Getting comfortable with cloud apps on personal devices
Globally, almost 60% of full-time employees participate in some form of the BYOD, according to a research white paper released in November by Ovum and commissioned by cloud provider Logicalis. And almost three-quarters of the 1,242 IT professionals surveyed in 2012 by reseller and service provider CDW said their organizations’ decision to take on cloud computing was “significantly influenced” by employees’ use of personal mobile devices. Thirty-nine percent had already adopted a cloud solution, up from 28% in CDW’s 2011 survey.
Businesses are looking at the cloud as a solution to BYOD because they’ll have more control from both a security and disaster recovery standpoint. Robert J. Chandler, Cloud9 Real Time
“The BYOD trend is not one that’s going to be stopped,” said Jeetu Patel, general manager of EMC’s Syncplicity business unit. “It’s not just BYOD; it’s the multiple devices people own for different purposes. When I’m on a train, I want my iPad, at work I want a laptop and at home I want a big-screen desktop. And I want all of my data to follow me.”
Many customers end up feeling more comfortable with containing corporate information on the cloud, rather than allowing employees to keep data on their personal devices.
For example, Jennifer Katrulya, CEO of Danbury, Conn.-based accounting firm Business Management Resource Group (BMRG), a Cloud9 Real Time customer, said all her employees work on their own smartphones and tablets. Employees share documents through a cloud application and are advised not to download and save sensitive work documents on their personal devices.
“We have a list of applications that we ask them not to keep on a device because we feel that the best way to maintain security is to keep things off the devices to begin with,” she said. “We are careful to use applications in the cloud, and we’ve been pleased with the way it’s been going.”
Cloud security still a stumbling block in BYOD trend
Cloud providers say they are able to market mobile cloud services to businesses as the way to go, largely because they are able to show clients new features that allow managers to have greater control over the privacy of company information on employees’ personal devices.
“We can have more control over things with the cloud,” Patel said. “If I leave my iPad at the gym, I want to be able to make sure that I can remote wipe any sensitive data from it. If I send an email attachment, I want it to have an expiration date. And if I have a contractor that I am sharing data with, when the contract is up I want to be able to stop sharing that data with them.”
Providers say IT departments often come in with long lists of requested features in an effort to ensure that data is kept secure when accessed from personal mobile devices. Patel noted that every organization’s security standards are different and, as a cloud provider, he makes sure he adapts his company’s cloud proposals to address each client’s needs.
Yet providers do continue to face the challenge of selling the cloud to businesses that question whether cloud security is adequate. It can be tough to market the cloud as a BYOD enabler when clients are not sure the cloud is secure enough to begin with, said Dean Weber, chief technology officer for the cyber security group at CSC, a cloud and managed services provider based in Falls Church, Va. Businesses are somewhat reluctant to embrace cloud as a solution to BYOD, he added.
“Organizations are coming to us and wanting to move to the cloud and also saying they have a BYOD problem, but what they’re not doing is putting the two of those together yet,” Weber said. “I don’t believe they are doing them simultaneously, for the most part, because organizations don’t have that risk appetite.”
Weber said that delivering cloud services in the precise, secure way companies require can be costly, which leads some businesses to shy away from adopting the cloud for BYOD purposes. Some companies are starting out by testing relatively low-risk assets, such as email, while keeping more precious applications out of the cloud.
Cloud service providers say they attempt to alleviate those concerns by recommending that their customers create BYOD policies that spell out exactly how personal devices can be used for work purposes, including what kinds of documents should be saved on the devices and which ones should be accessible via the cloud. In the research by Ovum and Logicalis, only 20% of those who were using their own devices for work purposes had signed a BYOD policy.
Patel noted that some businesses talk about locking down a majority of data from staff, providing a limited few the access to cloud applications and leaving the majority out. But as a cloud provider, he tries to tell potential clients that this way of thinking is a mistake.
“If you say you’re not going to allow people to use Dropbox, that’s the worst thing you can do,” he said. “What people do is go create a separate network so they can use Dropbox. It’s like telling your kid when they’re a teenager, ‘You should not do these 10 things’ without explaining the reasons; they’ll go out and do it just to rebel. Instead, the organization needs to be thinking that it can enable a better service for users, so people can get the service they want, while IT can get the security it wants.”