Personal cloud becomes a regulatory nightmare for enterprise, governments

October 14, 2014

Everyone from enterprises to small businesses are finding that they are caught up in the trend of employees expecting to be able to work whenever and wherever they want. The rise of mobile and cloud computing technologies led several analysts to predict this change in workplace habits, and now remote workers with instant access to all workflows have become commonplace – an expectation on the side of the employees that employers are expected to meet.

As with many technological innovations, this development has taken business into uncharted territory when it comes to regulation, especially regarding the storage and access of sensitive company data from unauthorized devices at remote locations. In particular, employee use of personal cloud solutions that fall outside the authority and purview of the enterprise have become a hotbed of regulatory issues.

Cloud storage – the double edged sword
Storage solutions like Dropbox and Google Drive have allowed employees to store their work in the cloud and access it from anywhere. In addition, the features of these applications that foster sharing and collaboration have also brought about a boon in productivity and ideation that was previously unmatched.

InfoTech Spotlight reported that while these personal cloud storage applications include their own respectable security protocols, they are often not quite as stringent and personalized as a cloud storage system implemented by a company itself. Additionally, employees using personal cloud solution often have company data scattered over multiple accounts on several different platforms.

This is a problem for any company, but this problem can be magnified if the organization is one that deals with highly sensitive data and information, such as a government agency or contractor.

Regulatory problems for government, business
According to Forbes, regulations such as HIPAA in the United States and the Data Protection Directive in the European Union introduce a host of compliance issues for agencies and organizations dealing with sensitive data.

Data that is not housed on-premise can be a major problem. With on-site data storage, an organization knows exactly where its data is. When employees have that data spread out in various personal cloud storage applications, the exact location of the data is unknown. Being that different localities have different laws regarding data, any breaches or malfeasance from an internal or external source could be difficult to deal with legally.