A company’s digital boundary is now without boundaries. Workers store presentations in Dropbox and customer information in Salesforce, right alongside personal texts from their kids and their favourite mobile game. The personal cloud has become the center of our digital lives. Think about your day – the photos you share, the maps that guide you, the videos you watch, the instant messages you send – they all go through a cloud service. And mobile is, more and more, the core consumption model for the cloud. Your mobile apps are your doorway to and from the cloud.
The growing popularity of cloud services makes security more complex than ever. In this new, consumer-driven world, it is difficult for IT to trackwho is accessing which files, when, and from what device. As a result, one of the biggest security threats to enterprise data are employees uploading work documents to their personal cloud storage accounts. Employees want to use Dropbox. The company says “no”. Employees do it anyway because it makes them productive. If the company restricts their favourite app, employees find another. Ask a CIO what keeps them up at night and they will say corporate information going into employees’ personal cloud storage accounts.
Enterprise Datacenters
The reality is that enterprise information now lives everywhere, whether we like it or not. The datacenter is no longer central. Information lives in:
• Traditional IT infrastructure
• Business cloud services
• Personal cloud services
IT can handle the first two. But that last one is a huge problem in terms of security. As soon as IT restricts one app, another one pops up, like playing a game of Whack-a-Mole. This game may be fun at the arcade but it’s not a security strategy.
The natural reaction of many IT organizations is to restrict the use of these services. But saying “no” is not an option. As Vivek Kundra, the first CIO of the US Federal Government said in 2011 when he visited MobileIron, “The more I say ‘no,’ the less secure my organization becomes.”
Nearly all employees are using consumer services for work
Ovum, the global analyst firm, validated this statement last September. Their study found that, of employees using file sync and share tools at work, only 9% are satisfied with the commercial offering given to them by their corporate IT department. As a result, 89%, or nearly all employees, are using consumer products for storing and sharing work documents.
Why do employees use their own services even when IT provides an option? It comes down to productivity. Employees focus on productivity and they prioritize using the tool they prefer over security – if they even consider security at all. Another factor is that there is no single correct tool for an entire organization to use. Different users have different needs and they will choose the solution that is right for them. Finally, the pace of innovation is so great that employees will frequently want to use new apps. The issue for IT is that if they appear unresponsive, employees will see them as irrelevant and ignore them.
IT needs to be able to support choice while securing corporate data. The goal is to be able to say to employees, “any app, any repository,” and be confident that there is a security and policy framework to make it happen. This is where MobileIron comes in.
File-level security
Last October, we introduced our initiative to secure the personal cloud. Our goal was to provide secure access to both cloud-based and on-premise content repositories through the MobileIron Docs@Work mobile application. Earlier this year, we moved to phase two and launched the MobileIron Content Security Service (CSS) to protect work documents stored in personal cloud services.
The problem with traditional content security solutions is that they functionally link security and storage. This requires the migration of work documents to a new content storage repository in order to enforce security policies. This increases complexity by creating more repositories for the enterprise to manage. Most importantly, this approach does not solve the personal cloud problem because employees – always prioritizing convenience – continue to store their work documents in cloud services that IT cannot secure.
The breakthrough with CSS has been separating the security controls from the data storage repository so that a document can be protected across multiple repositories throughout the lifecycle of a document. By doing this, MobileIron takes security down to the document-level so that the document is secure even if it is stored in a personal cloud repository outside IT’s control. CSS is the first solution that lets employees “bring-your-own-storage” without compromising security. IT can now let employees use Dropbox.
The real potential of mobile computing is to enable people to work the way they want, using the tools that they find most useful. Employees can choose their apps and clouds in the consumer world and they want best-of-breed tools at work too. The challenge for IT is that collaboration tools and data repositories will remain fragmented and the pace of change and innovation in mobile is faster than any other enterprise technology. CIOs want to drive productivity not create a culture of limits and lockdown. That means be able to say yes to the personal cloud.