Where’s Your Data?
In the world of IT, what could be more fundamental than keeping control of enterprise data and making that data accessible to authorized employees? Yet today, a growing number of IT organizations find it challenging to meet this requirement.
The consumerization of IT and the dawn of the Bring Your Own Device (BYOD) era are part of the problem. Employees have come to rely on their own – consumer – mobile devices including iPads, iPhones, and Android smartphones and tablets as part of their daily work life. Now they’re looking for ways to share information across all these devices. Rather than waiting on, or requesting an official solution from the IT department, employees are signing up for free, public-cloud file-sharing services—such as Box, Dropbox, iCloud, Google Drive, and SugarSync. For users, these solutions appear to be fast, easy, and free, but for the enterprise they’re risky and potentially very expensive.
Through ad hoc individual subscriptions to these public-cloud services, enterprises are losing control over the confidentiality, integrity, and availability of enterprise information. Employees are sharing confidential information such as customer records and sales forecasts—information that in many cases is covered by industry regulations such as GLBA, FINRA, HIPAA, or SOX. IT has no visibility into which files are being shared and with whom. Audits—and IT intervention—are impossible. Enterprises can only hope that employees will be careful and that these public-cloud services won’t suffer data breaches.
But security lapses, service outages, and data breaches do occur. Dropbox accidentally turned off all password protection for all files for a four-hour period. Box recently suffered an outage that kept business users from getting to their files for several hours.
With that said, though, mobility – and BYOD – are here to stay. Enterprises need a way of ensuring that authorized users—including trusted external users—can share information across their devices securely. If public-cloud services aren’t the solution, what is?
Rethinking Cloud File Sharing
Consider how organizations select and manage cloud services in other areas of IT. When choosing cloud services for IT projects, companies typically trust the public cloud only with non-confidential, unregulated information. If information is confidential or regulated, most companies store it only on private clouds—dynamic, scalable cloud infrastructures hosted and managed internally.
Enterprise organizations should adopt this same approach for cloud file-storage and file-sharing services. Private-cloud services give users the freedom they want to share files across all their devices, while ensuring that the company has strict control over file access, visibility into information distribution through audit tools and logs, and the peace of mind that comes from IT controls that meet regulatory standards. In addition, a private-cloud file-storage and file-sharing solution can be integrated with internal access controls such as LDAP and with other internal IT infrastructure, such as content management systems (e.g., SharePoint), data loss protection services, archives, and more. The private-cloud solution enables enforcement of strict security controls, encryption of data both in transit and at rest, and provides defenses against brute-force attacks.
By adopting a private-cloud solution for file-storage and file-sharing, enterprises can enjoy the benefits of consumerized IT, mobility, and improved collaboration, without increasing their exposure to data loss, regulatory penalties, and other compliance risks.
Paula Skokowski is the Chief Marketing Officer at Accellion, Inc. She has more than 20 years of experience in product marketing, corporate marketing and new product introduction. Prior to joining Accellion, Paula was the vice president of marketing at General Magic and the director of marketing at Echelon Corporation. Earlier in her career, Paula worked as a product manager and application programmer of high-speed vision-guided robots for Adept Technology. She can be contacted at firstname.lastname@example.org