Cloud Computing Use Case: Working with Amazon S3 data from a terminal over SFTP

We quite often assume that when working with Cloud data it will be from the web or from mobile “on the go” devices. To be fair this can often be the majority of cases, but the Enterprise throws up all sorts of different use cases and I thought it would be useful to go over one of the more esoteric ones.

One of the customers that use the Storage Made Easy on-premise Enterprise File Share and Sync Cloud Control product is a medical company. They use the SME product as a hybrid on-premise cloud product that is able to offer storage locally and on Amazon S3. Both sets of storage use the Amazon S3 API. The SME Appliance is able to make local storage accessible over an S3 compatible API and then off-board this storage to Amazon S3 as required. This meant that the companies scripts and applications could easily work locally and with Amazon S3 with very minimal configuration changes.

Hybrid Cloud S3 API

Their field staff quite often find themselves in a situation where, when working remotely, their only means of access is using a terminal ie. there is no direct web access and mobile devices are blocked and cannot be turned on.  In the past this meant that the consultant used to carry around CD’s / DVD’s in which information that may be required is burned off.

The consultants did however have direct  access to terminals which were internet enabled.   As the SME EFSS product also include a protocol gateway this mean it was possible to get direct terminal access to remote files using SFTP.

Cloud Storage SFTP

 

As the SME EFSS Gateway product integrated with the companies Active Directory services then terminal access was still using Single Sign On and the Active Directory credentials for each user access

User access can be obtained directly from the command line as per the example below..

Mac sftp google drive

Once authenticated the user can do a simple “ls” to get a file listing.

Mac SFTP

Once connected the view of the folder/files is available and can be worked with via the command line.

Mac SFTP S3

All access to the files are also logged and audited, including the username, the IP address and the types of interactions occurring, all part of a the HIPPA compliant process the customer implements. These reports can be exported and made available in excel to any compliance officer.

Summary:

Secure access to files and data can take many forms and in the Enterprise the edge cases also need to be catered for as well as the more common access use cases.

 

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud makes control of enterprise content silos key for Enterprises

As the Cloud permeates all aspects of business enterprises in particular are waking up to the cost benefits that Cloud can bring, from outsourced pay-as-you-go applications to cheaper and easier archival, to storage of non sensitive documents and data.

An often repeated truth is that Enterprises have 3 of everything. When I worked in the Middleware space it was not unusual to see one department using IBM WebSphere, another using WebLogic and yet another experimenting with JBoss. The same adage goes for enterprise content management.

In the not to distant past if I brought up Enterprise Content Management then it could be referred that I was only discussing Documentum, Alfresco, SharePoint or some CMIS type product, but in today’s world the term can also apply to documents stored on OneDrive, DropBox, Google Drive, Amazon S3 etc. Throw in CRM’s that store documents such as Salesforce and online project management tools such as BaseCamp and you start to grasp just how many independent content and documents silos that companies have to deal with.

This is bore out by a recent survey by AIIM called “Get more from on-premise ECM”. The highlights of that survey are:

50% of companies already use 3 or more storage solutions (this echoes prior research that SME also undertook.)

40% of companies are investigating cloud

This presents two large challenges to companies:

Accessibility of data – where is it ? which App ? Which data store ?

Governance of data – How do you you universally secure data and set polices across data silos and Apps ?

The Storage Made Easy EFSS Cloud Control Solution was built specifically to address these types of challenges.

Cloud Control

It supports over 45 private and public cloud stores and Apps, with an API for those not covered so it can pretty much connect to anything.

Cloud Connectors

Connecting to private and public content stores and Apps that functions as content stores, such as Salesforce, is a facilitator to make accessibility easier as when users search for a document the search is conducted across the content estate, not just in an App silo.

Also SME has an Enterprise connector to Apache Lucene / SOLR to enable deep search of file content from any desktop and any App. This not only increases the accessibility and availability of data, it also immeasurably increases worker productivity.

Governance of data is a thorn in the side of Enterprise IT when it comes to the storing of Cloud data and the NSA snooping scandal and recent celebrity photo hacking has not done anything to help the sensitivity of it. Cloud Governance and Control is firmly in the spotlight of Enterprise IT and more importantly Enterprise Management.

Often what you see from vendors is a “my cloud is better than your cloud” approach to this problem ie. a vendor adds one specific security feature and tries to use this to get companies to move their data or sensitive data to this solution. Alternatively a company can target one facet of Governance and Control, lets say encryption for example, and build their product and service on this one feature only.

The SME solution takes a more holistic approach to provide governance and control across the whole content estate. It does not try and get you to move your data to it (it’s data agnostic and does not store data) and it does not just work as a silo or offer one feature. It provides an integrated sensible approach to corporate content governance and control:

– It integrates with existing Active Directory or LDAP systems to provide a single-sign-on solution for identity management.

– It provides an encryption service to enable remotely stored data to be encrypted and only accessible with authorization.

– It provides secure file sharing and combines this with pre-set business policies. Files can be password protected and time expired and these can be applied as policies. For example you can choose to set a policy that all files have a 24 hour expiration time and which must require a password for sharing.

– It provides a comprehensive audit log of all file events for all content. For remote file shares it tracks the IP address of the remote users accessing the file.

– It provides GEO Locations restrictions to enable restrict or prevent access. For example if you have an outsource accounting company who require access to a particular folder you could restrict their access to being over a certain IP address and only from a web viewer.

– It has built in Bring Your Own Device controls that allow the setting of per user permissions with regards to web, desktop or mobile device access. It also works with Oracle Mobile Security and OpenPeak Sector in the event the company already has these BYOD controls in house.

– It integrates with what you have providing desktop cloud drives, plug in’s for Microsoft Office and Open Office as well as email plug in’s for file sharing.

Content Management, Cloud Governance and Collaboration is only going to get harder, not easier, as companies embrace new data stores and new applications that store data. To facilitate a productive, accessible, controlled experience the control points simply have to be joined up.

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud Storage Security concerns ? Why Hybrid Cloud offers the best of both worlds

Hybrid Cloud

With the recent celebrity photo scandal fresh in the minds of companies who are either using or anticipating moving to use Cloud questions regarding security, architecture and governance are fair  ones to ask.

Without a doubt cloud computing offers advantages to companies that encompass ease of use, productivity and cost savings, however companies have concerns about if, how and where they store their sensitive data. This is where hybrid cloud can play a part.

What is Hybrid Cloud ? Hybrid Cloud essentially continues to offer businesses all the benefits associated with the public cloud whilst enabling them to continue to have choices of storing certain types of data privately.

The benefits of a hybrid cloud strategy are that it addresses the security concerns of sensitive data whilst offering a dual strategy, unlike a pure private cloud implementation.

The Storage Made Easy Enterprise File Fabric provides such a public / private hybrid cloud solution but takes it a step further in the following ways:

– The File Fabric integrates with many existing private data applications and public cloud solutions. Private data application examples are SMB, CMIS, SharePoint, FTP and NAS/SAN. Public cloud solution examples are Amazon S3, RackSpace Cloud Files, Google Storage, Azure Blog Storage, Salesforce etc. The File Fabric does not force you to work with other storage or data that comes with the solution. The File Fabric is storage agnostic and it works with what data sources exist within a company.

integrate clouds

-The File Fabric offers a control point for all corporate data wherever it is stored. As  a control points Storage Made Easy can be configured to audit log all file events which can be exported as an excel file or as Syslog events for use with Business DashBoards. It also enables encrypting of sensitive files through the gateway that reside on public cloud Apps, or the choice of keeping these files entirely private behind the firewall but still accessible. GEO location tracking and restrictions are also built into the platform as is secure file sharing across all data stores enabling a common file sharing policy to be set.

Cloud Control

– The File Fabric provides a single pane of glass into all cloud services  and integrates into corporate identity management systems such asSAML,  LDAP and Active Directory. It can function as a public and private cloud data control point and can also be set to enable users to add their own consumer cloud accounts if this is a company policy, and it can track which corporate documents are moved, or shared, into a users consumer cloud account.

single pane of glass

– More effective governance is provided as the File Fabric not only provides the flexibility and security of the hybrid cloud model, it also provides a cloud control point for existing private data and public cloud data sets.

 

 

Facebooktwitterredditpinterestlinkedinmailby feather

5 ways uncontrolled file sharing can hurt your business

uncontrolled file sharing

1. Unknown sensitive company information leaked

Not knowing what potentially sensitive company information is being shared can have a big effect on your Company. Sharing sensitive product designs, customer information, financial information etc can have a direct negative effect that may not be seen but will be felt.

Storage Made Easy provides policies that operate above all private and cloud data and enables policies to be set that incorporate time expiry and password protections inclusive of audit tracking and GEO location restrictions.

2. Data Breach

There is an increasing amount of privacy legislation that a company has to adhere to, such as HIPPA, FIPS, European privacy legislation. Not controlling the flow of information can result in severe financial penalties, or worse, jail.

3. Sensitive data on non company data services

The rise of Bring your Own Cloud within companies can result in corporate data being stored on unsecure services that can be breached and are outside of the control of corporate IT.

With Storage Made Easy on-site Cloud Control Appliance companies have a universal policy control gateway which can be used to control access to Bring your Own Cloud environment such as DropBox. This includes browser, mobile or API access to such services. This gives enterprises a single platform to securely manage and protect file sharing by centrally enforcing corporate policy on Bring Your Own Cloud data flows.

4. Slow Network / Reduced Quality of Service

Users tend to share files in companies. Once the file is shared it can be forward by the recipient anywhere. This touches upon point 1 of uncontrolled file sharing. Users should be sharing links not files so they can be tracked and controlled. There is another benefit of this which is to do with the network congestion that occurs inside of companies and this network congestion.

Lots of people sharing similar large files can lead to network congestion inside of a company which can not only be costly to productivity, it can be costly to the company as more bandwidth is consumed. Link Sharing shifts the bandwidth for the file download to the remote user.

Storage Made Easy provides add-in’s for Microsoft Outlook and Mac Mail that promote such links sharing inside of enterprises.

5. Copyright infringement

It is not unusual for users inside of companies to use their corporate emails to share digital music and digital books with friends. This not only exposes the user to copyright infringement it also exposes the company and with no control it is silent threat that explode at any time.

The key take-away is that uncontrolled file sharing can be bad for business and companies should give serious to consideration to how the promote governed file sharing that does not just work on one data cloud but works against all public / private data clouds that is in use at a company.

Facebooktwitterredditpinterestlinkedinmailby feather

In a post PRISM world why your Company needs joined up File Sharing and Governance

The recent controversy with regards to Prism and data snooping has brought the security of corporate data to the fore however the biggest threat to corporate data lies not with the corporate nemesis that is Prism but with the number of data leaks that occur every day in companies.

These include new phenomena such as Bring Your Own Device (BYOD) and Bring your Own Cloud (BYOC) as well as the thorny issue of what files are shared over email.

Data is any companies biggest asset and not controlling how corporate data is disseminated is a ticking time bomb waiting to explode in your company. Why? Take your pick, Legislative reasons, fraudulent reason, competitive reasons. There are many reasons why not controlling data dissemination could trip your company up.

Companies need to consider how to build an Effective data governance serves ACROSS their enterprise data silos. Doing so will define a cohesive set of parameters for data management, data usage, as well as the ability to create governance processes for a companies internal use, and for their supply chain, which ultimately leads to information assets that are well managed.

SME Data Governance framework

In the world of Cloud it is key that Data Governance and data policies work not only with data behind the corporate firewall but also cloud data and cloud services.

So what should you consider as a company to manage your data assets ?

1. Understand what information is sensitive across all data silos, have a federate access control mechanism that works with your user across this private and cloud data silos. Storage Made Easy provides such a federate mechanism to assign and control user permissions and access at a very granular level that overlays one or more data stores.

SME federate permissions

2. Set policies for data access and enforce them through common tools. For employee sharing of data through tools such as email, make it easy but also set policies that can define expiry time and password protection. Storage Made Easy has plug in’s for Microsoft Outlook and Mac Mail that enables productive file sharing across all cloud / private data but which has built in support for policy enforcement.

Mac Mail large file sharing

These policies should also ripple through to the mobile Applications used in a company:

iOS secure file sharing

3. Use Cloud Encryption for sensitive data and ensure that you control the private key. See our previous post on encryption and securing data for further information.

Cloud File Encryption

4. Audit all your company data. Irrespective of the policies set you should get in the habit of auditing your company data. SME enables the setup of an automated email to a specified user of the previous day file events such as sharing, files updated etc.

Cloud Storage Audit Log

5. Set BYOD policies and device access policies that work like your company works. For example, have a contract firm that you gave access to a specific folder ? Then designate that they can only access the folder using a web browser and only from a specific IP address.

BYOD GEO Restrictions

Summary

Companies need to connect disconnected information to enable corporate governance.

Cloud Corporate Governance

Facebooktwitterredditpinterestlinkedinmailby feather

Are your employees gambling with the public cloud ?

A recent article on ComputerWorld by Yorgen Edholm highlighted the growing issue that is affecting companies whereby employees “bring their own cloud” to work ie. they use their private personal accounts to interact with people at work using corporate data.

Yorgen does a good job at highlighting why this is an issue:

“How would you feel if a competitor picked up your product specs? An investor got a copy of your quarterly financials before earnings?”

“Every IT team knows that busy employees don’t always clean up after themselves.”

“From my perspective, the public cloud is not the problem but rather the unsupervised use of the public cloud by employees that make the public cloud problematic for storing and sharing files.”

As Yorgen rightly points out:

“In the end it comes down to control. How much control do you need over your data, who has access and where is information being stored?”

The issue is one of control. The problem that most companies have in the first instance that they have no policy with regards to use of private or public clouds and no way to enforce it. Almost all of the Enterprise File Share and Sync Solutions that exist today suffer from a lack of control. This lack of such controls is highlighted by recent research by the Osterman Research Group.

The way Storage Made Easy handles this is:

– Companies can continue to allow employees to use private or personal clouds.There is a governance option regarding this in which administrators of the SME system can grant employees the ability to add personal clouds.

– Once added any meta information can be audited. This is information such as a file title, date, if the file was shared etc. This works if the file is used from the SME system or if the file is sent direct from a Cloud Provider, such as DropBox. Alerts can be set to inform an Administrator for a certain file and event.

This helps to have visibility of data used with private employee clouds and provides some reactive control but it does not solve companies having pro-active control of their data and not just private consumer cloud data but all data that can be shared from within a company.

To aid with proactive management of data SME provides governance controls across all data cloud that are mapped to the SME service and Apps and App Integrations to enable companies to mandate or promote the use of these within their company. An example of this is Microsoft Outlook in which the SME PlugIn enables files to be shared across all public / private but promotes the use of secure file sharing with password and expiry options (and which is inclusive of auditing).

The auditing feature enables a complete file event history of any corporate file store that can be exposed as a .csv or excel, or that can be simply checked online through the service. As well as auditing the events,remote access to the file is also monitored and IP addresses logged.

Another aspect of control is security and where the cloud is being used particularly the security of files being stored remotely and the trust that you put in the remote provider to protect unauthorized access to data. As Yorgen pointed out in his original article:

“Take the recent NSA PRISM situation as an example. Users were not aware that their service providers were cooperating with the NSA to gather personal information from the public cloud – putting the spotlight on how little control organizations have over government access to their hosted data. While use of IT managed storage doesn’t mean that the government can’t demand access to data, it does mean that your organization would know what data they were gathering, rather than reading about it in the newspapers later.”

The SME system puts the security control back in the hand of companies by enabling companies to securely encrypt data using a private key that is stored on a remote cloud service that can be done on a per file basis or for all files.

Yurgen ends his article by quoting a source:

“One CIO friend told me that, for her, using a public cloud means losing peace of mind.”

Storage Made Easy aim is to provide an agnostic cloud data control solution that gives company this peace of mind.

Facebooktwitterredditpinterestlinkedinmailby feather

IBM Bans DropBox. Here is why you don’t need to follow suit

You may have missed it but IBM recently banned their 400,000 user based from using DropBox and other services like it. Jeanette Horan, IBM’s chief information officer, said that the restrictions has been in place since a review of IBM’s BYOD policy.  A great article underlining the reasons IBM made this policy change can be found in this Information Week article from Kevin Casey.

“The risk of allowing BYOC is inherent in any organization that owns confidential or critical information, which I would assume is every corporation in existence”

however how do you enforce it ?

“There’s also that minor matter of enforcement. IBM has the wherewithal to practice what it preaches, but when IT and financial resources are already spread thin, trying to keep people from sending corporate files to their personal Gmail accounts might be an exercise in futility.”

Enforcement of policy is of course a good question and one that we are happy to expand on. What IBM are really describing is the issue of what is being termed as “Cloud Sprawl” ie. the plethora of online services that can be responsible for not only information leak, but also prevent cohesive company information visibility. We have blogged about this previously.

The SME Cloud Appliance  and service is the enabler for governance and control of different Cloud Storage providers, such as DropBox, and of SaaS Services, such as BaseCamp for example. There are specific controls built into the Appliance to enable IT to govern how access is granter to information and also specific controls to not only restrict access but audit access:


This can audit access of all cloud storage types including personal clouds (if it is decided to allow them in the organisation). The auditing is granular and logs each event type and IP address of any file or resource interaction:
class

User login can groups can be controlled by Active Directory integration and Access permissions can be set against groups/roles across all information resources:

As we have shown, the Cloud File Server Appliance is a mechanism for IT within SMB’s and other companies to keep control of diverse information clouds and SaaS Cloud services whilst still promoting things such as BYOD and can be used as a SaaS hosted service or can be obtained as a Virtual Machine and hosted in-house.

Facebooktwitterredditpinterestlinkedinmailby feather

Thoughts on Amazon’s new onsite Storage Gateway announcement

Amazon Web Services has announced that it now offers a new storage gateway appliance (virtual machine image) that can be placed on a customers site. What benefit is this ? It really provides an easy way to integrate local storage or systems with the facility to replicate data to the Amazon Cloud. For example you could add the technology to an existing data center so that it resided between servers and storage  so that you could easily start replicating data to Amazon S3.

Note,however,these are actually stored as EBS Volumes. So although users can access data stored in this fashion locally from the gateway, if they wish to access this data directly through AWS they would need to start an EC2 instance and attached the EBS volume. . This in and of itself makes it easier to then integrate S3 stored data with other AWS services (if this is important to you). Note that this is not ‘replacing’ what you already have (ie. “great, I can just use the Cloud”), it is in addition to what you already have.

Firstly lets look at what the requirements are to host the Gateway.  These are:

  • VMware ESXi hypervisor (v4.1) on a physical machine with at least 7.5GB of RAM
  • Four (4) virtual processors assigned to the appliance VM along with 75GB of disk space for the Open Virtual Alliance (OVA) image installation and data.
  • A “proper” sized network connection to Amazon.
  •  iSCSI initiators on either Windows server 2008, Windows 7 or Red Hat Enterprise Linux

(Also note that the Gateway beta is optimised for block write sizes which are more than 4Kb.  AWS warns that using smaller I/O sizes are likely to cause overhead which can result in storage space that is effectively ‘lost’. This means that prior to installation there needs to be a check made on the file systems / volumes to ensure they can use the larger allocation sizes).

Firstly we’d like to point out that it’s great to see Amazon adding their own on-premise Cloud Gateway. It’s great to see them competing with the likes of  EMC, TwinStrata, and Nasuni. It would have been nice to see NFS or CIFS supported as interfaces, as from our own interactions with customers, we believe that is what customers really want to see, but maybe we can expect to see that added as the Gateway offering matures.

(Differences between iSCSI & NFS: iSCSI and NFS both allow storage access over an IP networking infrastructure. The difference is that iSCSI enables block storage transfer whereas NFS and CIFS transfers files.)

Many customers may find that they already have the capabilities for which they would use the Gateway, such as snapshots, backup and archiving, which is a pretty old, mature and I would expect a little more cost effective mechanism of achieving similar goals. However with that said we can see many use case where, with our own Cloud File Server Appliance where customers will really embrace the Gateway.

So where does the AWS Cloud Gateway end and the SME Cloud Appliance begin ? Well, the first things to understand about the SME Cloud Appliance is that it acts at a layer ‘above’ the storage. It provides a mechanism to unify disparate data sources into one file tree, add unified user access management and permissions, add unified governance and e-compliance, has focus on enabling companies to manage ‘Cloud Sprawl’, and leverages the ability for companies to let staff “bring your own device” (BYOD). In short, as I often say when asked to comment about Storage in general, the response is “it’s all about the App”. Storage in and of itself is not a single source in companies and secondly having things stored is no good unless you have unified, search, logic, control and anytime anywhere access that supports all desktops and all devices. This is what we essentially are bringing to the table with our Cloud File Server Appliance.

To take advantage of the Amazon Cloud Gateway what would be required is for us to connect to the local iSCSI stored data within the Gateway and this is something we will be looking to do in the short term.

For further information see the Amazon Cloud Gateway Storage FAQ’s. Also note that Amazon are also doing a free webcast on 23rd February.

 

Facebooktwitterredditpinterestlinkedinmailby feather

Cloud federation and governance will dominate in 2012

It’s seasonally topical to write a blog post that will draw a close to the old year with some predictions for the New Year, so read on for a post that fits with that trend…

2011 has been an eventful year for SMEStorage. On the business side we have always been a privately owned self funded company. We have never been VC backed and we’re profitable and have needed to be to be self sufficient. To enable us to expand the founders took a decision to raise some money to enable the company to continue to grow and expand the company. To this end Vehera, the owning entity of SMEStorage sold a small amount of equity enabling Vehera to raise a million dollars to fund the companies push for 2012. This will give the ability to add some more staff to enable us to grow the opportunity we see for our technology with ISP’s and the Enterprise.

On the Technology front we continued building out our support for Cloud’s resulting in SMEStorage now supporting over 35 Storage and SaaS Clouds. We also released a native Windows Phone Client,and also the first versions of Mac and Linux Cloud Tools and we enhanced our native browser plug in’s with support for Google Chrome and Safari. We also enhanced our iOS App for iPhone and iPad many times over the course of the year as well as releasing a native Android client for Phones and tablets. In addition to all of this we also improved our core offering with a myriad of new features which included adding protocol adaptors that exposed Clouds mapped to SMEStorage over WebDav, FTP or the Amazon S3 API, even if the underlying Cloud does not natively support these protocols.

So what for 2012, well, firstly we’ll continue to add more services that can be federated and managed. Shortly we’ll be announcing support for SugarSync, and the UbuntuOne Cloud. We’ll also be adding services less traditionally associated with file stores. The first of these will be BaseCamp, which will be followed by some CRM SaaS services and we have in mind another project / collaboration SaaS tool.

We’ll also be adding even more Cloud governance and e-compliance features. If your interested on our take on Cloud Sprawl and governance please see our prior blog post on this subject.

We intend to push out our revised Cloud Appliance in early 2012. This will give any customer the ability to have a hybrid Cloud governance application that deals with Cloud and local data and service federation that they fully control and own. Customers will be able to host this in their own data centre as it will be available as a VMWare, XEN or KVM appliance. As an alternative we intend to enable easy access to an Amazon EC2 based instance. We also intend to make it easy for resellers to get their ands on it and offer it as a value add to their own business.

It’s our firm belief that with the greater adoption of Cloud, and the increasing array of Cloud Services that 2012 will be the year of Cloud Federation and governance as companies struggle to manage and control the Cloud services deployed in their organisation. We believe that with our advanced service features, comprehensive access clients, and Hybrid on-premise Cloud Appliance that we are well placed to help companies who struggle with these issues.

For general predictions, we’ll make just one, and that is that the “free lunch” is coming to an end. In a volatile economy services that offer “free” may look appealing, but all businesses need to make money to survive and free eventually needs to become paid, and companies need a solid business model to survive. Hoping to capitalise at some point on a large user base of free users is not a business plan. There is room for some element of freemium, we use it ourselves, but our belief is that it has to be underpinned by a solid business plan. If you’d like to read more about this, see this post which goes into a little more depth.

All that remains to be said is to wish you all a “Happy New Year” and we hope all your hopes and dreams are realised in the forthcoming year.

Facebooktwitterredditpinterestlinkedinmailby feather

Take back control of Cloud Sprawl and Governance in your Organisation

The proliferation of Cloud Storage and Cloud SaaS Services is both a blessing and a curse for businesses. In the past IT was able to control and lock down which applications and services could be used, but today services such as Box.net, and DropBox, and a host of others gives IT at best a headache and at worst a challenge that is a constantly moving target.

End users are also driving for use of such tools as they strive to increase personal productivity which the various SaaS services provide, and which IT would like to ban or lock down so they become the antithesis of what they were intended to be.

Even tools that are authorised by IT are not necessarily immune to this problem. What happened to that file link a user shared from SharePoint? Who opened it? Was it supposed to be shared?

Recent research commissioned by Opsview reveals 67 percent of UK IT decision-makers worry about how easy it is for their staffs to sign up and install cloud services. The survey also found that 76 per cent of IT directors admitted employees are likely to flout IT policies in order to make use of cloud services. This research was backed up by separate research conducted by Global Technology Provider Avanade in which it revealed the emergence of Cloud sprawl  had 67% of 600 executives interviewed in the UK were worried that the rapid adoption of publicly-available cloud services was putting their company at risk.

What is required is some form of Cloud Governance to give back control to IT whilst still enabling users to use tooling that makes them productive.

This is just one of the many things we’ve built into our cross Cloud File Server, the ability to govern and control Cloud Sprawl:

 

The ability for IT to take back control  means that they can more effectively control data compliance issue challenges presented by Cloud Services, as well as those more broadly presented by e-compliance. Widespread use of digital communication technology has led to companies facing a new types of challenge with regards to the management of privacy, consumer protection, Intellectual Property, and content governance.

Compliance issues are of course not the only issue companies face when it comes to distribution of digital informtion across Cloud Services. Information visibility is required across all these services when, for example, doing something as simple as a document search.

The SMEStorage Cloud File Server can be used as either a SaaS service or an onsite Cloud Appliance to address these issues. Firstly any Clouds or SaaS services added to the File Server have information indexed and recorded, and made available from a single unified explorer view. As users create anew content and upload it to any of the Cloud and SaaS services that have been added to the Cloud File Server, each service’s API is used to securely capture, store and index the files. Note that no content needs to be copied. All this is stored and accessed from the original repository.

File event logging can be set at a micro or macro level to record any file event from any user with related IP addresses and GEO Location information. This information provided an audit trail that can be filtered and stored:

 

 

 

 

 

 

 

Also The Cloud File Server Admin can control which ‘private’ individual user clouds can be used or added within the Organisation. For example the Admin may decide to enable each user to add a Google Apps Docs Account and restrict all others, or may also enable users to  add personal DropBox accounts also. Any personal user Clouds that are added in this way can also be indexed, audited and file events recorded:


 
 
In addition to this any file uploaded has the GEO location recorded as to where it was uploaded from and where it was uploaded to, again for audit and compliance purposes. The integration of geolocation technology can also helps organizations restrict access to files or SaaS applications appropriately dependant on any data privacy or e-compliance law that differs or is required to be supported on a cross border basis.

The ability to index and record information from different Cloud Stores as described above also results in a powerful cross-cloud search capability, in which searches for content are made against all the Clouds that have been added, with results returned instantly.

In summary, unmanaged usage by company staff can not only lead to security issues for IT, such as incomplete or lost data, but can also lead to  potential breaches of corporate governance and regional data legislation rules. In addition it prevents companies from fully leveraging the cost savings that are associated with cloud computing, and ultimately can undermine such infrastructure adoption  by IT departments.

The SMEStorage Cloud File Server provides features that enable IT to:

  • Capture and Index SaaS and File Cloud Services

 

  • Provide event auditing with downloadable audit trail across all services added

 

  • Provide GEO restriction monitoring and filtering

 

  • Search across Clouds and Services for e-discovery needs and to promote information visibility and access

 

  • Use CloudSafe to backup content repositories to another Cloud for retention or backup purposes
Facebooktwitterredditpinterestlinkedinmailby feather