Security challenges emerging with the rise of the personal cloud
Personal cloud is growing in importance as it shapes how employees operate across their digital lives, according to Gartner.
End-user computing (EUC) and digital workplace managers responsible for building the digital workplace will be increasingly challenged as the personal cloud continues to evolve and intersect with IT initiatives.
“The personal cloud is the collection of content, services and tools that users assemble to fulfill their personal digital lifestyle needs across any device. Each user’s personal cloud is unique and evolving, as the user’s daily needs change and as vendors and products come and go,” said Stephen Kleynhans, research vice president at Gartner. “Looking forward, we see continued upheaval and challenges from the blending of personal and corporate digital tools and information within each user’s life.”
The next wave of the personal cloud will be shaped by two key trends — increased access to personal information and increased intelligence applied to the user experience and against the user’s information. Already, new photo apps have emerged that apply robust recognition algorithms to personal photos stored in cloud services, to automatically tag locations, people and events.
“The rate of change is accelerating as new technologies like Windows 10, ubiquitous sensors, wearables and smart machines alter the landscape and further blur the lines between consumer and enterprise computing,” said Mr. Kleynhans. “By 2018, 25 percent of large organizations will have an explicit strategy to make their corporate computing environment similar to a consumer computing experience.”
There are three specific areas where the next wave of the personal cloud will impact the enterprise:
VPAs will increasingly become the anchor point for users’ personal clouds and have broad access to both user and enterprise information, creating potential security challenges for the digital workplace manager
Virtual personal assistants (VPAs) are emerging as a critical new service that can mask the differences between multiple services and apps, and in the past few years all three of the big smartphone platforms (Apple iOS, Google Android and Microsoft Windows Phone) have added a VPA capability to their platforms.
VPAs often have access to not only personal data, but also potentially sensitive corporate data as information about meetings, employee travel and business operations may be exposed to the VPA. Gartner expects that VPAs will evolve to have different contexts — a personal one, a corporate one and perhaps even a group or team one. This will enable IT organizations to exercise some control over one context while still permitting a level of freedom to the user. Some organizations will be tempted to block use or VPA access to organization data. However, this will reduce a VPA’s effectiveness and simply encourage employees to bypass IT controls.
Internet of Things and wearables will exponentially expand each user’s personal cloud and raise new challenges for EUC and digital workplace managers in overseeing security and privacy
With the emergence of sensors, beacons and wearable technology, users are increasingly connecting the physical world into their personal cloud, expanding the number of endpoints, the types of devices, the usage models, and the amount and type of data that make up their unique collections. This flood of real-time data further blurs the line between what is work and what is personal, and it is exacerbating the security and privacy issues for both users and enterprises. Security, particularly authentication, is increasingly critical to ensure the information is not falling into the wrong hands.
Strong authentication technology will become increasingly critical across a user’s personal cloud as part of an overall data protection strategy, causing end-user computing managers to rethink their current authentication strategies
Critical to all of these new capabilities will be a reliable and secure way for users to ensure the security and integrity of data within their personal clouds. While strong authentication technologies are only the first step toward longer-term approaches to securing both user and corporate data, they do form an important initial step in the chain. Over the long term, this situation will change, and identity will be established in the device using strong multifactor methods, then used to establish secure sessions with various services.