Dealing with the consumerisation of data storage

Clive Longbottom, Service Director

Quocirca Comment
It only seems like yesterday that organisations were being warned to watch out for people using thumb drives. The capability for someone to walk in to an organisation with a storage device in their pocket, download documents or other data via their PC and walk off with it was just too easy and a big threat to information security. Suddenly, there was a wave of organisations super-gluing the USB ports on computers and of vendors providing software that blocked the use of external storage systems. Now there are new versions of the same problem have come into play. One is the use of cloud storage systems like Dropbox, Apple iCloud and Microsoft SkyDrive. These enable an individual to access data from any of their devices at any time provided that there is an internet connection in place. Depending on the system used, the tools are pretty easy to use from being able to select a file and upload it drag and drop or even direct integration with Office software. The capability for users to move corporate information from the direct control of the organisation into a storage space not even under the individual's own full control abounds. Organisations need to change mind set from one of attempting to stop usage to positively providing a better approach. It is important that organisations accept that with the increased mobility of the workforce and the higher usage of external contractors, consultants and others in a collaborative supply chain that the secure sharing of information is required to provide access to specific information to specific people via external systems. On top of this, today's world is a multi-access device one. A system that only supports Windows is no longer suitable for the modern workforce. Ensure that any system under consideration enables users to view and wherever possible edit or comment on documents that are available to them, on any common device/operating system combination.

Avoid workarounds
Any solution being considered has to be at least as easy to use as the consumer-focused versions. If a system is seen as getting in the way of an employee's work, then they will just work around it and carry on using the systems they have chosen for themselves. The key is to make the chosen system as easy to use as the common consumer ones but to have more capabilities such that the individual can easily grasp the advantages in using it. To make the system more attractive to the user, identify the functions that are required to meet their needs not just the capability to store documents in the cloud, but areas such as being able to apply granular security to such storage, so that groups can share individual documents, that an external individual (e.g. from a supplier or customer) can be given access to a document for a defined period of time. Document sharing systems such as Box provide these capabilities, and are more targeted towards business use than the free (or low-cost) consumer tools. This not only suits the individual, but also begins to

Perception vs reality
The standard response has been the knee-jerk reaction of attempting out-right prohibition. Employees are told not to use such systems but this is often a policy with no actual policing. Furthermore, senior executives often seem to think that such prohibitions do not apply to them and they tend to be the very employees who are dealing with the most sensitive information. Therefore, many organisations fall into a "perception of security" there is a policy in place that in theory creates a secure environment, but in practice, employees are using the prohibited tools.

Dealing with the consumerisation of data storage

http://www.quocirca.com

2012 Quocirca Ltd

move the overall organisation.

control

back

to

the

In the majority of cases, file sharing and cloud storage will not be enough. Look to capabilities over and beyond sharing: advanced tools such as KnowledgeTree provide document management capabilities along with workflows, document versioning, discussion capabilities and audit trails of actions that have been taken on documents; these are aimed fully at the business user. Alfresco, an open source document management system, also offers advanced capabilities, and has recently launched a cloudhosted version. Users need to be pointed in the right direction on the job to ensure that they don't do something that is against the corporate direction or at least, if they do, they do it with the full knowledge that it is wrong, and that it has been audited. The use of data leak prevention (DLP) systems from vendors such as of CA, McAfee, Symantec, Websesne, EMC/RSA and Trend Micro enable data traffic crossing an organisation's boundaries to be checked and actions to be carried out if the data contains certain types of information or if non-preferred external sites are being used. Therefore, traffic that is targeted to go to the likes of Dropbox, or documents that are deemed to have to remain under the direct control of the organisation, can be blocked, with the individual being reminded that this is not an acceptable storage environment for corporate intellectual property, and helping them to redirect it to the preferred system.

information backup system. Therefore, for the individual's but more importantly the organisation's sake, make sure that any system chosen will be backed up single storage risks the loss of the organisation's intellectual property. Ensure that the cloud provider has an adequate back-up strategy and that the organisation will be able to gain access to this if required. Finally, do not forget your "incumbent" software provider. Both Microsoft and IBM have systems that may fit the bill. Microsoft has improved its hosted versions of SharePoint along with Lync and Office 365 to provide organisations with a business-class cloud-based environment that may work for many. IBM has launched SmartCloud for Social Business which is an integrated, full function system for organisations. It is important that organisations respond to the needs of not just the direct employee, but also of the other people involved in the extended value chain. Security has to be granular, so that individuals can be given the correct level of access for short periods of time; that employees can be locked out from their information when they leave the company. Consumer-focused, or even "prosumer"-focused systems are not often fit for corporate use by businesses of any size. Moving to a system with greater functionality alongside greater control and security is far better for all concerned but the chosen system has to be easy to use so that individuals choose to use it helped by being nudged in the right direction through effective security policies and tools such as the DLP to police the policies.

Accessing backups
And don't forget that many individuals are using systems such as Dropbox as a personal

This article first appeared on The Guardian

http://www.guardian.co.uk/media-network

Dealing with the consumerisation of data storage

http://www.quocirca.com

2012 Quocirca Ltd

About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of realworld practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption the personal and political aspects of an organisations environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to advise on the realities of technology adoption, not the promises. Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocircas mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time. Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community. Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocircas clients include Oracle, Microsoft, IBM, O2, T-Mobile, HP, Xerox, EMC, Symantec and Cisco, along with other large and medium sized vendors, service providers and more specialist firms.

Full access to all of Quocircas public output (reports, articles, presentations, blogs and videos) can be made at http://www.quocirca.com

Dealing with the consumerisation of data storage

http://www.quocirca.com

2012 Quocirca Ltd