Throughout the last two years, there has been a tremendous amount of activity regarding two areas; The Consumerization of IT, and the Cloud. This includes tons of postings and articles published about each one as to their impact, unique value and issues to computing utilization. Now the question needs to be posed as to what may be the relationship between these, are they separate areas, or are they intertwined environments of the modern computing world. And if the case is that they are intertwined, how do we address the issues this brings up, both the good and the bad.
My belief is that these are intimately involved elements within a larger spectrum of computing, where one can’t separate the two or find a well defined demarcation line between them. And, most importantly trying to keep them separate may impinge the thinking about how to deal with the issues they bring to computing overall.
As an example of current silo thinking, cloud is often spoken of within a framework of some representative cloud computing system “out there” where remote applications are running, data is remotely stored, accessed on some company provided device, desktop or laptop system. Cloud in essence is a computing environment that utilizes not just private, or public (computing for hire) data centers or systems, but private or public pipes, routers, and other systems data travels through or is stored on. The reality is that cloud has no edge or a line where one can say, this is cloud, and on the other side, this is not cloud. It is a global conglomeration of private and public systems where utilization is traversing during the normal course of business, personal or company.
So, what does this have to do with consumerization of IT? If we think of the cloud as an amalgam of different systems companies and users can take advantage of, the aspect of the invisible edge moves again with the utilization of devices that have been seen more as traditional consumer devices. The movement to consumer type devices, BYOD, has further pushed the portable and dynamic edge of private or public cloud. To further this dynamic environment, the personal devices are now owned and in essence managed outside of traditional IT domain while they access and store information by a consuming public that connects to other consuming publics in a myriad of ways. This can include various applications and social media, so that whether a public works for your organization and uses their device to access your systems or not, all of their linkages to other consumers means in effect their device has exponential links to others uncontrolled by IT, accessing your computing environment. When you then take the devices anytime, anywhere and linkage access that then links to cloud, means that all these linkages are potential open portals to your computing environment, creating in effect an endlessly scalable number of unknown doors to your systems.
This means Consumerization to Cloud is a wide net of computing, points of entry, and escape vectors for unprotected data that organizations can’t totally control because of the endless nature of the links this chain of computing represents in today’s computing world.
Does this mean it is all hopeless, with so much we can’t control, where our data is running, where it is stored, what points it’s accessed from, that we might as well go to the beach and throw sand dollars at some unseen whales offshore to see if they notice us? No, it means, that as professionals, understanding the aspect of all these linkages, what that means our information and that we must address protecting data from multiple aspects. Reducing risk starts with protecting systems regardless of their type or point of entry, either on those systems, or from a point of access to core systems and data. Then the key must be to orient protection from a data centric perspective, with devices and the areas data is traveling and stored are the first layer in protection scheme, with data sensitivity focused on dynamic protection to data itself a primary objective, regardless of whether it is in cloud, on consumer type personal devices, or company systems, data is the king that underpins all of the mechanisms that define what is protected, and how that protection in implement.
The core is to understand the interrelatedness between all computing environments, there are no longer independent systems, clouds, or devices, and once we have a better understanding of that, the better we can protect the core of any business, the data; it’s all about the data.