Line of office workers with individual clouds

New risk on the block: Bring your own cloud

The next big thing in the consumerization of IT is fast bearing down on network administrators: bring your own cloud. Employees have disrupted the enterprise by bringing their own mobile devices onto the network, and now the use of consumer cloud accounts such as iCloud, Evernote and Dropbox to store and access business data threaten to do the same.

A recent survey on shadow IT by Nasuni revealed that one out of five business users surveyed said they use the consumer file-sync-and-share system with work documents. On the bright side for agencies, among the industries surveyed, government and non-profits are the least likely to use file-sharing services outside the corporate enterprise.

Still, the security risks of government information being stored in personal clouds has been well documented. They carry an additional risk because copies of documents may reside on the agency network, the employees’ phone and his home computer, the security of which is beyond agency IT managers, according to a recent ZDNet column.

IT managers can protect the network by restricting access to cloud sites with enterprise filtering, banning the app from network and writing policies that forbid the use of personal clouds. As an alternative, some IT departments are working to secure employees’ personal cloud storage accounts. According to a recent article by Cisco’s Kristi Essick,  several alternatives are surfacing:

  • Building API connections between personal cloud and enterprise apps, as predicted by Forrester’s Frank Gillett
  • Partitioning documents into work and personal containers with a service such as Microsoft SkyBox or iCloud.
  • Using an enterprise version of the consumer cloud service. Evernote and Dropbox have versions that allow IT departments to sponsor and manage employee accounts. 
  • Using a secure personal cloud service that provides Dropbox-like convenience, but which is hosted on secure corporate networks. VMware’s Octopus and Google Drive offer this service.

The National Association of State Chief Information Officers’ issue brief, “Capitals in the Clouds Part V: Managing the Risk of Free Cloud Services.”  also offers IT managers suggestions on how to determine the best method of tackling personal cloud storage.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected