Mobile devices and consumer cloud-based storage have changed the IT management landscape. As a result of the mobile revolution, far-flung company data often resides off-premises or on devices that are employee-owned. IT is struggling to manage this data proliferation and dynamism.
Traditional security policies and procedures, which have assumed that data resides on devices controlled by the organization, are often inadequate. So are controls designed for on-premises infrastructure. When data moves to the cloud, internal access controls are no longer protecting content.
Users may grant excessive privileges or share documents outside the appropriate group of collaborators. These mistakes can ultimately lead to data leaks or unauthorized changes to content. Managing this vast array of data in multiple locations cannot be addressed only through technology. Governance policies and best practices must be instituted as well.
Moreover, end users -- who have driven many mobility-related challenges -- need to be educated about the risks associated with storing and sharing corporate data in consumer cloud-based storage services. In addition, IT has to take on a more rigorous role in protecting the confidentiality, integrity and availability of data regardless of its storage location.
Why users turn to consumer cloud-based storage services
It's easy to grasp why consumer cloud-based storage have become so successful: They make users' lives easier.
If you access information from your laptop, smartphone or tablet, for example, consumer cloud-based storage services provide an ideal way to store files. There is no need to manually transfer files between devices or to resort to ad hoc procedures such as emailing yourself files to open on other devices. Sharing files is a simple matter as well. You can upload photos from a family event and share them with multiple relatives with little more than a list of their email addresses.
More on consumer cloud-based storage
Setting consumer cloud storage use policies
These features are also useful for business operations. Cloud storage services enable users to work with corporate documents on multiple devices. File storage services that provide synchronization among devices can be especially useful for those who have to maintain local copies of documents.
A salesperson, for example, may not have Wi-Fi access on a plane, so having the latest sales information before boarding can help him get work done while he travels. Cloud-based storage services effectively decouple documents and data from specific devices and provide a better fit for many professionals' work lives today.
Consumer cloud-based storage can also facilitate collaboration. For decades, developers and other IT professionals have shared files using FTP servers. These servers provided many of the basic functions of cloud storage services. Files could be organized in directories and users were granted varying levels of access. Data could be stored in encrypted or plain-text form. FTP directories could be replicated among servers using commands such as rsynch.
The problem with this type of collaboration is that it requires technical knowledge about a dated and minimalistic file-sharing protocol. For example, users typically log in and navigate a directory structure using a command -line interface or a simple browser-based interface.
Just as public clouds have reduced the need for technical knowledge to provision and manage virtual servers, so too have cloud storage services removed the technical barriers to entry for file sharing and synchronization.
In addition to device-independent access to data and easy-to-use collaboration, a third, less-apparent potential driver is the inadequacy of existing, internal collaboration tools. Collaboration and document management have come a long way from the days of command-line FTP servers, but even contemporary collaboration tools may appear less user-friendly than consumer cloud-based storage services.
The perceived superiority of consumer cloud-based storage services may reflect a lack of policy controls and not a difference in core functionality. For example, an internal document management system may have features such as device-independent access. It might seem less user-friendly because a user cannot simply provide a list of collaborator email addresses to share a folder with others.
Unlike cloud-based services, internal systems may enforce access policies. For example, they may restrict collaborators to those defined in the corporate Active Directory or Lightweight Directory Access Protocol directory.
Options for corporate data in the consumer cloud
Many consumer cloud-based storage services offer businesses the same easy-to-use interfaces to which consumers have become accustomed, along with additional access controls and management features.
Consumers have several options for cloud storage services such as Dropbox, Box, Google Drive and SkyDrive. Some vendors are aiming for the enterprise market without competing with established consumer cloud providers. From an enterprise management perspective, the same policy issues that arise with consumer cloud services are relevant to these more business-oriented services.
ShareFile, Cubby, Egnyte and Accellion offer file synchronizing and sharing services for the enterprise. For organizations that prefer to establish private cloud-based file services, software from CTERA and OwnCloud can combine the benefits of cloud file synchronization with the control of a privately managed application.
Consumer cloud services and related business versions fall on a spectrum with minimally managed services at one end and complete control of private versions of file synchronization and sharing on the other end. The spectrum does not dictate which policies are required, but it reflects the level of controls needed to enforce those policies.
In addition, some third-party vendors offer other cloud services. OneLogin, for example, offers identity management functions such as single sign-on, multifactor authentication and directory integration for a range of Software as a Service (SaaS) applications, including consumer cloud storage services. Okata and Centrify are also single sign-on options for cloud services. Thru offers a secure managed file-transfer product that integrates with Dropbox for Business.
Consider using existing security controls within your organization, such as at loss-prevention systems, to complement those from cloud storage providers and third parties.