Abstract Last years brought us few interesting IT solutions associated with small and middle size business. Deeper look in them let us see that technology connected with data stored with usage of cloud technology and the politic of using own computers of employees at work called Bring Your Own Device(BYOD) are getting the most popular. In this article we will bring your attention to aspects of security associated with those two technologies and created on connection of them. Keywords cloud computing, bring your own device, security, privacy, security policy 1. Introduction Past years have brought us some interesting IT solutions for companies. Getting acquainted with them allows us to focus on technologies related to Cloud Storage, and policy to use private devices at work, called Bring Your Own Device (BYOD). It is worth noting the risks associated with each of these solutions individually, as well as at the points where they combine. 2. Standards In 2012, KPMG, the consulting and audit company conducted a survey between Cloud Computing service providers. It concerned the biggest challenges in the implementation of cloud technology. In 2014, subcommittee SC 27, responsible for the preparation of guidelines to guarantee data security, began working on projects related to the Code of practice for information security controls for cloud computing services based on ISO/IEC 27002 (ISO 27017) and the Code of practice for PII protection in public cloud acting as PII processors (ISO 27018). The first of these standards is currently in the initial stage of development. The project is to be completed in the second half of 2015. It will include information on the practical management of security in cloud computing, based on the recommendations that are in ISO 27002. Standard will include guidance for both clients and service providers. The ISO 27018 is in final stage of development, and its publication is scheduled for the end of 2014. It will be responsible for the security of Personally Identifiable Information (PII). The document is created using the suggestions contained in the ISO 27001 and the guidelines provided by organizations concerned with the protection of personal data. ISO 27018 is directed primarily to providers of public clouds such as Amazon Web Services, Google Compute Engine and others. 3. Problem Analysis In the course of our work we have analyzed the functioning of a company which uses modern IT solutions. We have based out investigation on a schema shown in Fig. 2. Focusing on infrastructure using cloud-based technologies and Bring Your Own Device policy we have discovered some interesting threats to the operation of modern enterprises. Through the interview with the Head Network Administrator in one of Lodz companies have obtained information about its functioning which allowed us to draw certain conclusions. Next stage of our work was to analyze the current network infrastructure in the company and assess the risks that may affect it without, however, issues such as the 0 day vulnerabilities or industrial espionage activities inside the company. This regarded not only the existing equipment but also the technologies used to store data. Based on our work, we have come up with some conclusions described in this article. It is not only a set of hazards and practices regarding modern companies, but also our solutions to improve security. 4. Risks Associated with Cloud Storage “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” - Cloud Computing definition by NIST. While discussing the risks associated with cloud technologies, it is necessary to discuss the four technical models of clouds. 1. The traditional model - in which the client has its own server room. All the safety issues are owners responsibility. 2. Software as a Service (SaaS) - The capability provided to the consumer is to use the provider’s applications running on a cloud infras