The consumerization of IT, referred to by many people as “Bring Your Own Device” (BYOD), is a very hot topic these days as organizations grapple with the challenge of managing the risks in allowing their data to be placed on personal mobile devices, like smart phones. The challenge here is that some of the devices that employees decide to bring to work might not have the basic security or management capabilities. This challenge is compounded by the risks associated with these same devices connecting to ubiquitous social networks and the diverse ways organizations and people are choosing to connect and share data today – such as the utilization of cloud services.
The list of smart personal devices capable of connecting to private and public networks is rapidly and constantly expanding. For CISOs and CSOs, managing an ever growing list of devices isn’t a sustainable model. Some of the security professionals I have talked to are shifting their focus to managing the data instead of devices. They have concluded that device security is only a proxy for data security; if they can’t effectively manage the security of the devices that employees are bringing to work, they will focus their efforts on managing the security of the data itself. I think the industry recognizes the importance in securing personal devices and I expect to see them with much better management controls in the future.
So what does this mean in the cloud computing context?
I had a conversation with Jim Reavis, executive director of the Cloud Security Alliance (CSA) on this topic, when we got in front of the video camera at the RSA Conference in San Francisco just a few weeks ago. You can watch this conversation in the latest installment of the Trustworthy Computing Cloud Fundamentals Video Series below.
If you haven’t seen the other videos in this series, you can check them out below:
- Cloud Fundamentals Video Series
- Introducing the Cloud Fundamentals Video Series
- Cloud Computing & Business Agility
- Cloud Computing Requires Transparency
- Cloud Transparency as an Element of Trust
- The Benefits of Industry Collaboration to Cloud Computing Security
- Benchmarks and Evaluation Standards for Cloud Computing Security
- Evaluating Different Cloud Service Offerings by Comparing Security Controls
- e-discovery in the Cloud
- Compliance in the Cloud
- Cloud Computing Privacy at Microsoft, Part 1
- Cloud Computing Privacy at Microsoft, Part 2
- The Importance of Secure Development Practices for Cloud Services
Please check back on this blog regularly as we continue the Cloud Fundamentals Video Series and explore topics that are important for IT professionals and business decision makers who are interested in cloud security, privacy, and reliability.