Eric Smith
Chief Technologist and CISO
Bring Your Own Cloud
Wednesday, May 06 | 9:00AM–10:00AM | Conrad B, Second Floor
Session Type:
Professional Development
BYOC (bring your own cloud) is here, and it's eroding our institutional data classification controls. Unlike BYOD, which has been our standard operating procedure for decades, BYOC is a complex and potentially catastrophic security issue that can't be solved by perimeter hardware alone. In BYOC, users research and test various cloud services, create individual accounts, then quickly use these tools to store, process, and share institutional data—usually without consent or knowledge of IT staff. In this session, we'll discuss our consortium's approach to this BYOC challenge, including initial assessment, policy and governance, and templates for evaluating potential cloud services.
OUTCOMES: Understand popular BYOC services and how they are being used at your institution * Absorb policy elements that ensure that ISO/IT is involved in services evaluation * Learn how to evaluate a potential cloud service