One of the challenges that the BYOD and consumerization trends are creating for IT departments is employee use of public and/or personal cloud services. We’ve covered some of the big challenges this presents in terms of data security and ownership as well as the potential business continuity problems stemming from multiple versions of documents stored across different cloud services by multiple employees.
IT concerns may be more common and well-known, but there are cloud-related issues that employees need to consider as well – particularly if they use a work email address to register for a service, access a service from work, or use a service to store or transfer work-related files.
Gartner analyst Andrea Di Maio recently discovered how registering for personal cloud services with a work email address can impact employees during a conversation about BYOD policies with an unnamed Bay-area CIO.
In the other case, the CIO told me that there s a proliferation of devices, despite the lack f a formal BYOD policy. When we touched upon one of the typical risk, which is the use of personal clouds (such as DropBox, iCloud, Google Drive), he told me that one of the personal cloud providers contacted him, providing a list of hundreds of employees in his organization who had registered for their service (presumably with their business email address). The purpose was clearly to sell the enterprise version, but this raises a vary interesting question: to what extent are consumer software providers respecting their users’ privacy and how is our personal data being used in ways that we would not anticipate.
This story gets to the heart of concerns that employees should have with such services. If you register or access a service from your workplace, the cloud provider will gain a handful of useful information about you including your name, employer, and possibly even the office or building where you work. They’ll also know the type of computer or device that you’re using, its operating system (and version), the browser or dedicated app that you’re using (and version), and potentially your location. Mix that with a set of personal and/or business documents that you store in the service and you get a tidy parcel of information about your personal and professional life.
Privacy policies can help you feel secure to an extent, but as this story illustrates that’s not bullet-proof security.
Depending on his company’s technology use policies, the CIO in this story could have requested the employee accounts be shut down, demanded access to their contents, or asked for additional information about the employees in question and their use of the service. He also could have begun monitoring the traffic, emails, and other digital accesses of the employees in question. All of this could have led to manager or HR involvement and, again depending on policies, disciplinary action or even termination.
Anytime you register for a service with a business email account, mobile phone number, or other work-related details, you’re giving your employer some potential access that service while you work for them or after you leave. Similarly, if you use your iPad (or MacBook or Kindle Fire or any other personally-owned device) to connect to a service over the company wireless network, you give away some details about the interaction and about your device. Products like Mobilisafe can use details like those to allow or deny access to corporate resources or to flag your device so that IT investigates its use.
The moral of the story is that BYOD and cloud services can have downsides when it comes to privacy, particularly in the workplace. It’s a good idea to understand your company’s policies around personal devices, company-owned computers and devices, wireless networks, and even your work email account. It’s even better to take that into consideration when choosing how to mix your personal and work technology use.