Security "Bits"

Leaky Bucket Effect on Your BYOD & SaaS Security Policies

By Rich Campagna | October 3, 2013 at 8:00 AM

Cloud Computing Security Creates a Leaky BucketBYOD and SaaS have caused many IT organizations to forgo their own security policies in favor of user enablement and flexibility.  Does this sound familiar?  You spent several years getting to the point where you have complete, agreed upon security policies into a tight package that follow industry best practices, are verifiable, and have been implemented across the board.  Then, a couple of years back, the CEO got an iPhone and demanded access to her email on it.  So you made an exception.  As people caught wind of this exception, they too demanded access, and before you had created a policy for BYOD security, everyone was already bringing in their own devices.  Along came Android devices and you made another exception.  After that, the Head of Sales came to you with a new cloud-based CRM tool that didn’t meet corporate security standards, but the salespeople “really loved the app,” so you made an exception for that because you never created a specific policy for cloud security.  Or even worse, the Head of Sales paid for the subscription on his credit card, without even consulting with IT.  Then, users started demanding a better solution for file sharing, so you picked the best SaaS file sharing product you could find, and made yet another exception since this one didn’t fully meet your policies either.  

If you’re like most of the customers we talk to, this is a very familiar scenario.  During the course of enabling users and key stakeholders with a wide range of “productivity increasing” devices and SaaS applications, the unfortunate result has been fragmented cloud and BYOD security policies full of special exceptions.  For the first couple of years, it wasn’t clear whether trends like BYOD and SaaS were here to stay.  I frequently found myself wondering whether the user really was going to win, or whether IT would, at some point, wrestle back control.  It’s now apparent that “enabler” is the new role of the IT organization, and that means providing users with the tools that they need and want.

As you embrace this new role of enabler, or IT Hero, if you prefer, think back to those security policies and why they were put in place to begin with.  Rather than making exceptions, maybe it’s time to put technology in place that will help you secure cloud apps and BYODs.  Intrigued?  Bitglass can help.



see all