Posted on

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwitterredditpinterestlinkedinmailby feather
Posted on

Everything is a Storage Cloud now – the commoditization of Storage into Apps

20131031-210708.jpgOne of the more interesting trends of the recent developments in Cloud Computing is how we define “What is a storage cloud” . This used to be easy – it was an FTP or a WebDav Server. Even 3 or 4 years ago this was still relatively easy, it was DropBox, or SugarSync or Box etc. Now however, the lines are becoming a little blurry. We are seeing many application services offering the ability to store documents.

For example BaseCamp, the project management service lets you store files as do other project collaboration services, however I doubt any of these services would like to be categorized as “storage”.

SalesForce is another good example. It’s a CRM service right ? Well, yes but it can also be used to store files and in fact it is promoting this ability as a “first class feature” from what was called Chatter but which has now been rebranded to SalesForce Files.

The list of examples are endless Jive, Yammer, Evernote, a plethora of services that offer file storage specific to the use case they satisfy within a company.

Dedicated Applications of this nature provide file storage as a bi-product of their service and for many companies, large and small, policing this sprawl of data is challenging enough without employes doing their own thing with Bring Your Own Cloud.

We believe that this trend will continue to accelerate apace and it is why we at Storage Made Easy have been concentrating on “joining up” these different data stores and providing unification, management and control across what are effectively many independent silos of Applications and Data. The more cloud services that offer ways to Interact with and store files the worse the sprawl gets.

Storage Made Easy Cloud Control

In fact this “joining up” of data sprawl and the reason it is important to get right, and the results of ignoring it, will be a feature of our very next blog post.

Facebooktwitterredditpinterestlinkedinmailby feather
Posted on

Storage Made Easy: Reflections on 2012 and looking forward through 2013

Now that 2012 has drawn to a close and we are in mid January we thought it would be useful to reflect on what we have seen through our own business as trends and pointers, look at some of the things we have done over the course of the last year and finish by looking at what Storage Made Easy brings into 2013.

Key Trends:

A key trend for our business was a switch from online personal and SMB clients to more direct channel and corporate clients using our hybrid Appliance. The work we are doing with Huddle on the channel side and Xtime and Finser on the direct side are great examples of this trend. From July our business moved from a model of online Personal / SMB SaaS to Direct Corporate / Channel sales utilising our hybrid on-premise cloud appliance. Pre July the revenue split was 90:10 online SaaS and today the model is 10:90 weighted towards the direct business/channel revenue stream. We see this as a key indication that :

a. Larger companies want to ‘own’ their own data and are focused on making their storage integrate with what they already have such as their existing identity management systems (in many case Active Directory) and existing structured data systems.

b. Companies want to stop staff using un-authorised services and have come to the conclusion that they need to put structures in place to not only prevent this but to offer an alternative.

b. Companies are focused on the data legislation and governance of structured data so that they can track all file events, a mandatory requirement for certain verticals, such as government and healthcare for example.

c. The ability to search across disparate data sets easily and also on the move is becoming more and more important for companies as they try to make productive use of their core corporate asset, their data !

Our Focus for 2013:

Our Focus for 2013 is going to be as follows:

1. Simplifying our pricing proposition. The result of this will be visible over the next few weeks. We have tried to be as flexible as possible with what we provide to users but we find that this can result in users being paralysed by the paradox of choice so we will be making these much easier to understand.

2. Concentrating on formally launching our on-premise cloud Appliance. Having done a limited release launch in 2012, we will be shortly making available the ability to download the Appliance direct from our site.We have spent a fair bit of time re-designing the installation procedure with regards to networking, https keys etc,  to make it easy to install and get going. Below is an overview of the Architecture of the SME Appliance.

3. Enabling easy IaaS deployments so that users and companies can easily deploy their own personal or company cloud onto IaaS infrastructures. We already do this for Linode  but we will be expanding this to Amazon EC2 (and maybe one other provider we cannot discuss yet) and making the whole process an easier click through process.

We had a great growth year in 2012 and we look forward to continuing that in 2013.

 

 

Facebooktwitterredditpinterestlinkedinmailby feather
Posted on

IBM Bans DropBox. Here is why you don’t need to follow suit

You may have missed it but IBM recently banned their 400,000 user based from using DropBox and other services like it. Jeanette Horan, IBM’s chief information officer, said that the restrictions has been in place since a review of IBM’s BYOD policy.  A great article underlining the reasons IBM made this policy change can be found in this Information Week article from Kevin Casey.

“The risk of allowing BYOC is inherent in any organization that owns confidential or critical information, which I would assume is every corporation in existence”

however how do you enforce it ?

“There’s also that minor matter of enforcement. IBM has the wherewithal to practice what it preaches, but when IT and financial resources are already spread thin, trying to keep people from sending corporate files to their personal Gmail accounts might be an exercise in futility.”

Enforcement of policy is of course a good question and one that we are happy to expand on. What IBM are really describing is the issue of what is being termed as “Cloud Sprawl” ie. the plethora of online services that can be responsible for not only information leak, but also prevent cohesive company information visibility. We have blogged about this previously.

The SME Cloud Appliance  and service is the enabler for governance and control of different Cloud Storage providers, such as DropBox, and of SaaS Services, such as BaseCamp for example. There are specific controls built into the Appliance to enable IT to govern how access is granter to information and also specific controls to not only restrict access but audit access:


This can audit access of all cloud storage types including personal clouds (if it is decided to allow them in the organisation). The auditing is granular and logs each event type and IP address of any file or resource interaction:
class

User login can groups can be controlled by Active Directory integration and Access permissions can be set against groups/roles across all information resources:

As we have shown, the Cloud File Server Appliance is a mechanism for IT within SMB’s and other companies to keep control of diverse information clouds and SaaS Cloud services whilst still promoting things such as BYOD and can be used as a SaaS hosted service or can be obtained as a Virtual Machine and hosted in-house.

Facebooktwitterredditpinterestlinkedinmailby feather
Posted on

Thoughts on Amazon’s new onsite Storage Gateway announcement

Amazon Web Services has announced that it now offers a new storage gateway appliance (virtual machine image) that can be placed on a customers site. What benefit is this ? It really provides an easy way to integrate local storage or systems with the facility to replicate data to the Amazon Cloud. For example you could add the technology to an existing data center so that it resided between servers and storage  so that you could easily start replicating data to Amazon S3.

Note,however,these are actually stored as EBS Volumes. So although users can access data stored in this fashion locally from the gateway, if they wish to access this data directly through AWS they would need to start an EC2 instance and attached the EBS volume. . This in and of itself makes it easier to then integrate S3 stored data with other AWS services (if this is important to you). Note that this is not ‘replacing’ what you already have (ie. “great, I can just use the Cloud”), it is in addition to what you already have.

Firstly lets look at what the requirements are to host the Gateway.  These are:

  • VMware ESXi hypervisor (v4.1) on a physical machine with at least 7.5GB of RAM
  • Four (4) virtual processors assigned to the appliance VM along with 75GB of disk space for the Open Virtual Alliance (OVA) image installation and data.
  • A “proper” sized network connection to Amazon.
  •  iSCSI initiators on either Windows server 2008, Windows 7 or Red Hat Enterprise Linux

(Also note that the Gateway beta is optimised for block write sizes which are more than 4Kb.  AWS warns that using smaller I/O sizes are likely to cause overhead which can result in storage space that is effectively ‘lost’. This means that prior to installation there needs to be a check made on the file systems / volumes to ensure they can use the larger allocation sizes).

Firstly we’d like to point out that it’s great to see Amazon adding their own on-premise Cloud Gateway. It’s great to see them competing with the likes of  EMC, TwinStrata, and Nasuni. It would have been nice to see NFS or CIFS supported as interfaces, as from our own interactions with customers, we believe that is what customers really want to see, but maybe we can expect to see that added as the Gateway offering matures.

(Differences between iSCSI & NFS: iSCSI and NFS both allow storage access over an IP networking infrastructure. The difference is that iSCSI enables block storage transfer whereas NFS and CIFS transfers files.)

Many customers may find that they already have the capabilities for which they would use the Gateway, such as snapshots, backup and archiving, which is a pretty old, mature and I would expect a little more cost effective mechanism of achieving similar goals. However with that said we can see many use case where, with our own Cloud File Server Appliance where customers will really embrace the Gateway.

So where does the AWS Cloud Gateway end and the SME Cloud Appliance begin ? Well, the first things to understand about the SME Cloud Appliance is that it acts at a layer ‘above’ the storage. It provides a mechanism to unify disparate data sources into one file tree, add unified user access management and permissions, add unified governance and e-compliance, has focus on enabling companies to manage ‘Cloud Sprawl’, and leverages the ability for companies to let staff “bring your own device” (BYOD). In short, as I often say when asked to comment about Storage in general, the response is “it’s all about the App”. Storage in and of itself is not a single source in companies and secondly having things stored is no good unless you have unified, search, logic, control and anytime anywhere access that supports all desktops and all devices. This is what we essentially are bringing to the table with our Cloud File Server Appliance.

To take advantage of the Amazon Cloud Gateway what would be required is for us to connect to the local iSCSI stored data within the Gateway and this is something we will be looking to do in the short term.

For further information see the Amazon Cloud Gateway Storage FAQ’s. Also note that Amazon are also doing a free webcast on 23rd February.

 

Facebooktwitterredditpinterestlinkedinmailby feather