2014 has been widely deemed 'the year of the data breach,' with many high profile incidents raising much-needed awareness for organisations around the need to understand where their data is stored and who does what with it. But alongside this, enterprises had a steep learning curve to deal with, as they had to get to grips with integrating so many employees' devices into their IT systems, and with them a bigger number of personal cloud-based apps and storage platforms than ever. It's fair to say that the CIO has now had to accept that, like personal and preferred devices, the personal cloud has well and truly arrived.
Chris Halbard, EVP and international president at cloud solution firm Synchronoss expects adoption of these consumer tools to increase significantly in 2015, driven by increased smartphone ownership and faster mobile network speeds.
'Another key driver will be consolidation,' he says. 'As previously pure-play mobile operators evolve into full converged service providers, the premium content they offer will in turn accelerate cloud adoption among end-users. Therefore expect bundled services from operators that include more allocated personal storage per user. Operators will also invest in new and innovative features and products that complement their storage offerings, such as music sharing and streaming services to mobile.'
The rise in popularity means that the cloud has become a key target for cyber criminals as hackers play the numbers game, with weaknesses being found and exploited on a regular basis. Enterprises have had to invest in important security measures such as single sign-on, for use across multiple devices and Oses, but even with these in tow, it's only a matter of time before a large-scale hack takes place.
'In the same way they have targeted ISPs to reap havoc on internet users, a major cloud provider is likely to be breached in 2015, directly influencing hundreds of thousands of individuals in one go,' warns George Anderson, director of security firm Webroot. 'Think the Apple iCloud hack, but on a larger scale.'
The popularity of personal devices being used in the workplace has meant that the once clear divide between personal and work information has been blurred, explains Anderson. Despite the clear benefits of cloud storage to employee productivity, it's still another acccess point in an already porous network perimeter.
> See also: The advantages of a cloud-first approach to modern security
'Organisations need to embrace change, move with the times, but not lose sight of the importance of security,' he says.
Many would argue that the problem last year was that many enterprises failed to plan out their mobile strategies. What’s more, many organisations didn’t have the right tools in place to allow employees to make the most of working across multiple devices.
'As a result,' explains Anderson, 'many workers were bringing in their personal, public cloud-based applications into the workplace. However, if a company puts together a solid plan for how workers can utilise mobile devices in a secure manner, there will be no downside to a mobile-enabled enterprise. This should be the priority in 2015.'
What's become clear in the age of personal cloud is that the specific device itself no longer matters to users, however.
Claire Galbois-Alcaix, director of Cloud Solutions, believes this is the case.
'Users want their digital content to be constantly accessible, mobile, and housed in sleek, sophisticated apps,' she says. 'This is clearly illustrated by the millions of people using Dropbox to share and store pictures, or the legions of fanboys that purchase every product Apple creates, so they can access the information they need from the device that is closest at hand.'
This evolution will push enterprises to develop the types of solutions they offer their employees. In short, she says, they can no longer only provide desktop-based offerings. And while enterprises have been caught up in the idea of maintaining secure devices, secure content over any device should be the key priority.
In 2015, human-generated unstructured data will continue to be one the fastest-growing data sets, and the most relevant for digital collaboration, mobile or otherwise.
'It will also – more than ever – contain valuable and sensitive data, and thus be subject to intense security and compliance requirements, whether it's on-premise, in a private or public cloud,' says David Gibson, VP at unstructured data management company Varonis. 'In total, companies are beginning to generate several zettabytes of data per year and they must be fully accountable for any and all of it.'
Knowledge is power
It's when employees and their organisations aren't fully knowledgeable about how best to secure their data, that they leave their organisations vulnerable.
'Employees are concerned about their level of privacy, and rightly so,' says Gibson. 'On the other hand, organisations have anxieties about being exposed to external devices they do not control through cloud technology. Regular, engaging and relevant training should be in place to educate employees about the importance of security and the responsibility they all have to keep the data they hold on their devices secure.'
Communication between those overseeing security and the rest of the business is a vital component in safeguarding the IP of the business.
'Enterprises need to clearly articulate and create awareness on what contents need to be stored and used in the personal space when it is used within a professional environment,' advises Ram C Mohan, executive vice president and head (IMS and Key Accounts Group) at Mindtree. 'This means communicating awareness about cloud storage and guiding the team to best select the appropriate storage solution, as well as training them on what and how to store, and protect and share.'
Mohan also advises companies demonstrate and provide client management tools that would help them manage storage effectively- and clearly articulate what controls have been implemented to use personal storage within a professional environment.
'Employees should be encouraged to change their login details regularly and, if possible, use a service that enforces two-factor authentication so access does not rely solely on passwords.'
Experts seem to agree that employees can and should benefit from the collaboration and ease of use that cloud apps provide, as well as availability of content that can be shared across the enterprise. However, it's important to identify, secure and enable the adoption of selective cloud storage and create awareness internally with appropriate recommendations. If need be, enterprises can benefit from partnering with service providers in order to leverage from lower storage costs, and they can leverage technologies such as OpenID/LDAP for identity management, and develop wrappers to embrace these storage solutions as part of the corporate enterprise.
Drug of choice
Alternatives to cloud such as flash storage drives are continuing down the path of providing more capacity for no more money. But despite the rise in cheaper storage, the use of personal cloud in enterprise doesn't seem to be on the wane. Personal cloud storage solutions are unlikely to be eclipse by cheaper storage drives, because the motive for using cloud storage is generally that it is more convenient and flexible, particularly when using a mobile device.
> See also: Up close and personal: taming the personal cloud in the workplace
As Mindtree's Mohan explains, low cost drives can help store and forget, while solutions such as Dropbox or Google Drive allow indexing, search, collaboration and easy access across devices.
'I feel both will coexist, and more and more usage patterns and utilities will emerge for cloud storage,' says Mohan. ' This is not something that enterprises can treat lightly, it needs to be continuously monitored for any vulnerability and have mechanisms to address any data leakage.'
It might be time for organisations to face the fact that employees are using personal cloud services without permission from their IT departments. Yet, warns Varonis' Gibson, it isn’t in an organisation’s best interest to block access without offering a sanctioned, secure alternative.
'Organisations will continue to offer sanctioned alternatives to personal cloud services,' he adds,' and if your organisation isn’t offering one, chances are you’re losing your intellectual capital faster than you realise, as the organisation has little hope of retrieving, protecting or realising value from files stored in employees’ personal accounts.'
Ultimately, IT must embrace the use of personal cloud-based tools and features, even if they don't work out. Often it can be cheaper and faster to take on these tools as managed services, rather than build them in-house themselves. File sync and share and mobile access are key to staying productive these days, and employees readily admit they will use these services to get their work done – with or without sign off from IT.