Data Governance is the new wild west so is your company embroiled in the anarchy or has it appointed a Sheriff ?
Document control and management is of vital importance to any organization. If sensitive information is sent outside of your company, once the documents have been sent electronically, control is lost and this can put files you shared at risk. They can be copied or forwarded anywhere in the world, in seconds.
For most businesses, the focus of their attention is on document management and on the organizational workflow and the storage of documents. Companies want to be able to integrate documents into a workflow and store documents in an organized and secure way that still allows documents to be found easily . Where the document is stored can frequently change. It could be SharePoint, it could be FTP, it could be on some external repository etc. Where the security process can fall down is when documents are shared externally or how they are available to be collaborated on.
The proliferation of employees bringing there own devices to work (BYOD and BYOC) and using preferred SaaS applications of their own choosing has led to corporate governance becoming even more of a challenge for those tasked with its enforcement as an increasing number of end users bypass corporate protocol.
Such ‘Shadow IT‘ can pose a significant security risk, as unapproved hardware and software that are used do not undergo the necessary security checks and the storage and dissemination of such documents is outside of corporate control.
Storage Made Easy provides a unified Enterprise File Share and Sync solution, which works with a companies existing private and public data, presenting these files in a unified view.. It enables enterprises to not only securely sync, but also to securely share and work with files, wherever they need to go, even on devices that are beyond IT’s control.
IT benefits from a solution that gives them control, and users benefit as they have automatic access to documents and files from multiple data repositories, with robust security wherever behind the corporate firewall, or using any tablet, smartphone or PC.
Storage Made Easy uniquely provides:
• The ability to view, annotate, edit and sync almost any cloud or private file from almost any storage to any device.
• Internal and external collaboration features to work securely with anyone without losing control of enterprise data.
• Complete audit tracking to ascertain who accessed files, where form, and what action was taken.
• Provides a secure way for the organizations to collaborate with external partners using business workspaces.
• GEO Restrictions – restrict access to documents by IP address and by client. For example let an external sub office only have access to a folder from a specific IP address from the web browser (or any other client you nominate).
• Full Bring Your Own Device Support to restrict access to by employees by device type.
• Sophisticated permissions that unify permissions to different back end document storage and which can also be used with Active Directory or LDAP
• A way to solve the “DropBox” “bring your own cloud” problem be auditing such clouds even when documents are uploaded direct.
• A way to encrypt files stored on remote clouds which a key that is stored behind the corporate firewall this protecting remote sensitive data.
In summary you do not have to choose between a homogenous and restrictive system or a lawless fenzy of different unapproved systems. The Storage Made Easy Enterprise file share and sync solution is storage agnostic. It is compatible with most private or public file sharing cloud data stores allowing users to continue using their preferred cloud storage provider while at the same time converging off-site and on–site private and public data. This allows a centralized point for corporate governance, thus providing a real solution to the Shadow IT and corporate governance problem.
More and more companies are embracing Bring Your Own Device (BYOD) as part of a Mobile Device Management Strategy (MDM) primarily as a means to save money. The cost savings can be potentially huge but what steps should you consider with regards to implementing an MDM / BYOD Policy ?
We highlight 10 things you should think about below:
1. Do a cost benefit analysis of current company owned devices. Remember to include insurance and accessories. Work out your real savings.
2. Bring Your Own Device does not mean you have to embrace every device ! Set some guidelines. Perhaps you want to limit it to iOS and BlackBerry or iOS and Android or indeed maybe you wish to embrace the top 4. Embracing MDM / BYOD does not mean anarchy rules, set a policy. Storage Made Easy Cloud Appliance supports MDM/BYOD for BlackBerry, Android, iOS and Windows Phone.
3. As part of your move to an effective MDM /BYOD policy, understand how your employees prefer to work. Are many of your employees mobile ? Field agents ? Sales Reps ? On the move ? Is most of their work conducted in this manner ?
4. Are all your data points accessible over mobile devices ? Are they joined up ? Is application access supported across all devices ? Part of what the Storage Made Easy Cloud Appliance does is to unify data sources so they are accessible from one application on a mobile device. This can support data services that perhaps don’t even have access from the chosen mobile device. It also makes it easier to work with data from a single dashboard rather than having to install ‘n’ number of Apps.
5. Have a secure file sharing policy. You do not want employees using their devices and sharing data that cannot be audited. Not only does this promote data leak, but for regulated industries it can break compliance laws. The Storage Made Easy Cloud Appliance promotes easy data sharing but it keeps audit logs of all links shared, from the person who shared them to the remote IP address that downloaded the data. It also enables password protections and time expiry on links.
6. Ensure you have control of user access into corporate data. You may not own the user device but you still want to have some measures of protections about how users get access to corporate applications and corporate data. You need to be able to turn access off without compromising the users device. Storage Made Easy addresses this by unifying data access and letting administrators control access for any user either by device, IP Address or GEO Location.
7. As part of your MDM User policy mandate Apps that promote security, such as anti-virus / malware Apps and App such as Divide which promote the creation of separate identities and user areas for business and personal data. Don’t be shy in having a strict policy. Even though you are implementing an MDM/ BYOD policy you may still need a small selection of devices for users that will not or cannot sign up to the policy.
8. Decide whether you are going to have ‘device wipe’ as part of your policy. This is one of the most contentious areas of MDM /BYOD and if you implement it you will need to include it as part of your policy that users sign up to and ensure they understand the consequences. Note that all devices enable remote wipe. For more information on this please see the ‘remote wipe’ section on the SME Wiki.
9. Consider your policy for un-authorised Apps being used with corporate data. We have all heard of how DropBox has infiltrated enterprise IT by the back-door and is actually in use in department within companies but without official sanction by IT. Storage Made Easy handles this by enabling DropBox (or other un-sanctioned cloud storage uses) to be audited just as other corporate data, even if the user uses the DropBox service direct.
10. Policy is key. Staff need to fully understand and sign up to the MDM policy being introduced. It should be easy to understand, and easy for the staff to get access to the resources that they need from their Apps. On the company side understandin costs savings, investment needed, and security implications is key. Implementing an MDM / BYOD policy may look attractive but it requires thought and planning to be successful.
Want to know more on controlling cloud sprawl ? Read our whitepaper.
You may have missed it but IBM recently banned their 400,000 user based from using DropBox and other services like it. Jeanette Horan, IBM’s chief information officer, said that the restrictions has been in place since a review of IBM’s BYOD policy. A great article underlining the reasons IBM made this policy change can be found in this Information Week article from Kevin Casey.
“The risk of allowing BYOC is inherent in any organization that owns confidential or critical information, which I would assume is every corporation in existence”
however how do you enforce it ?
“There’s also that minor matter of enforcement. IBM has the wherewithal to practice what it preaches, but when IT and financial resources are already spread thin, trying to keep people from sending corporate files to their personal Gmail accounts might be an exercise in futility.”
Enforcement of policy is of course a good question and one that we are happy to expand on. What IBM are really describing is the issue of what is being termed as “Cloud Sprawl” ie. the plethora of online services that can be responsible for not only information leak, but also prevent cohesive company information visibility. We have blogged about this previously.
The SME Cloud Appliance and service is the enabler for governance and control of different Cloud Storage providers, such as DropBox, and of SaaS Services, such as BaseCamp for example. There are specific controls built into the Appliance to enable IT to govern how access is granter to information and also specific controls to not only restrict access but audit access:
This can audit access of all cloud storage types including personal clouds (if it is decided to allow them in the organisation). The auditing is granular and logs each event type and IP address of any file or resource interaction:
User login can groups can be controlled by Active Directory integration and Access permissions can be set against groups/roles across all information resources:
As we have shown, the Cloud File Server Appliance is a mechanism for IT within SMB’s and other companies to keep control of diverse information clouds and SaaS Cloud services whilst still promoting things such as BYOD and can be used as a SaaS hosted service or can be obtained as a Virtual Machine and hosted in-house.
Amazon Web Services has announced that it now offers a new storage gateway appliance (virtual machine image) that can be placed on a customers site. What benefit is this ? It really provides an easy way to integrate local storage or systems with the facility to replicate data to the Amazon Cloud. For example you could add the technology to an existing data center so that it resided between servers and storage so that you could easily start replicating data to Amazon S3.
Note,however,these are actually stored as EBS Volumes. So although users can access data stored in this fashion locally from the gateway, if they wish to access this data directly through AWS they would need to start an EC2 instance and attached the EBS volume. . This in and of itself makes it easier to then integrate S3 stored data with other AWS services (if this is important to you). Note that this is not ‘replacing’ what you already have (ie. “great, I can just use the Cloud”), it is in addition to what you already have.
Firstly lets look at what the requirements are to host the Gateway. These are:
(Also note that the Gateway beta is optimised for block write sizes which are more than 4Kb. AWS warns that using smaller I/O sizes are likely to cause overhead which can result in storage space that is effectively ‘lost’. This means that prior to installation there needs to be a check made on the file systems / volumes to ensure they can use the larger allocation sizes).
Firstly we’d like to point out that it’s great to see Amazon adding their own on-premise Cloud Gateway. It’s great to see them competing with the likes of EMC, TwinStrata, and Nasuni. It would have been nice to see NFS or CIFS supported as interfaces, as from our own interactions with customers, we believe that is what customers really want to see, but maybe we can expect to see that added as the Gateway offering matures.
(Differences between iSCSI & NFS: iSCSI and NFS both allow storage access over an IP networking infrastructure. The difference is that iSCSI enables block storage transfer whereas NFS and CIFS transfers files.)
Many customers may find that they already have the capabilities for which they would use the Gateway, such as snapshots, backup and archiving, which is a pretty old, mature and I would expect a little more cost effective mechanism of achieving similar goals. However with that said we can see many use case where, with our own Cloud File Server Appliance where customers will really embrace the Gateway.
So where does the AWS Cloud Gateway end and the SME Cloud Appliance begin ? Well, the first things to understand about the SME Cloud Appliance is that it acts at a layer ‘above’ the storage. It provides a mechanism to unify disparate data sources into one file tree, add unified user access management and permissions, add unified governance and e-compliance, has focus on enabling companies to manage ‘Cloud Sprawl’, and leverages the ability for companies to let staff “bring your own device” (BYOD). In short, as I often say when asked to comment about Storage in general, the response is “it’s all about the App”. Storage in and of itself is not a single source in companies and secondly having things stored is no good unless you have unified, search, logic, control and anytime anywhere access that supports all desktops and all devices. This is what we essentially are bringing to the table with our Cloud File Server Appliance.
To take advantage of the Amazon Cloud Gateway what would be required is for us to connect to the local iSCSI stored data within the Gateway and this is something we will be looking to do in the short term.