The Content Hydra

There are three things we can be sure of in 2013.

First, there will be more consumer devices in enterprises. Tablets will become increasingly popular, running iOS, Android, Windows Mobile and other operating systems. IT departments will find themselves struggling to meet security and compliance requirements in a disjointed world of consumer devices.

Making IT's job harder will be the second thing we can be sure of in 2013. There will be more security attacks, and a growing number of them will target mobile devices. IBM predicts that mobile malware will increase 15% year-over-year. More mobile devices means more targets. Mobile operating systems are still relatively young, and security features are often absent or disabled. As mobile devices become the preferred platform for checking email and Web surfing, especially at night and on weekends, phishing attacks will end up snaring users on their mobile devices. And when those users next connect to their corporate networks, those networks may be compromised. (Some malware sites are designed to be live only on weekends to minimize the chance of detection and to take advantage of these new end-user habits.)

Third, issues of data privacy will become more complex and more urgent. Data breaches are increasingly public affairs; most states in the US have now passed data breach privacy laws, augmenting those that are part of industry regulations such as HIPAA. Enterprises may be using cloud storage for convenience and economy, but each country applies its own rules for privacy, and some data privacy standards like those adopted by the EU require enterprises to know the location and status of protected information. Regulators and litigators will continue to target enterprises discovered to have been negligent with private data.

Enterprises must ensure that by using cloud services, they do not increase their exposure to data breaches. At the same time, they must ensure that data in the cloud is as easily tracked and managed as data stored on-premise or in a traditional data center.

Twists and Turns

The three trends play off of each other and create special challenges for enterprises. More users are carrying mobile devices, and each mobile user is carrying more mobile devices—3.5 devices as of 2012, according to a recent survey by iPass. Many of those workers have desktop systems as well. The need for access to business data across all those devices often leads users to sign up for free cloud-based file sharing services like Dropbox. (After all, what good is a device for work if it doesn't let you get to the files you need to do your job?)

Public-cloud file sharing services like Dropbox solve one problem for users, but they create numerous problems for the IT, security and legal departments in enterprises. Many of these public-cloud services lack the features that enterprises need—an administrative dashboard that provides centralized control; logging, audit, monitoring and reporting capabilities; granular access controls for individual files; roles and group profiles to simplify user administration and individual users. The list goes on and on, exposing the organization to significant risk while IT administrators and compliance officers are blind to which files are passing into and out of the organization.

And these services have not been immune to data breaches—some of them glaring. For four long hours about a year ago, Dropbox accidentally turned off password protection for all files in all accounts. Later, the company was not able to tell users if their files had been compromised or not. When IBM did an internal security audit, it found confidential documents scattered across the Internet and publicly accessible file stores. It promptly banned Dropbox and Evernote from its employees' devices.

Public cloud services also create privacy and compliance challenges. If users post customer records to a public cloud service, not only has the risk of a security breach been increased, but legal requirements to know the location and status of consumer records have been violated.

Taking Stock

The profusion of mobile devices is going to continue. To remain productive, employees genuinely need a convenient way of sharing files across devices and among trusted users. At the same time, enterprise IT departments need to ward off security attacks and threats to compliance. Of course, IT departments are always interested in efficiency and performance. When appropriate, they should be able to take advantage of the considerable benefits of cloud computing. And what's a better application for cloud computing than file sharing across a booming population of mobile devices scattered across broad geographic areas?

Is there a way to unleash the power of the cloud to address the need for worker productivity, without compromising data security, privacy and compliance? Yes. The answer is to use private clouds. Skip the risky public cloud services and invest in a secure private solution configured and controlled by the IT department.

Win-Win for Users and IT

By deploying a private, mobile-friendly cloud solution, enterprises can ensure that employees get the file-sharing capabilities they want, while IT gets the management and monitoring requirements they need for security and compliance.

A well-designed private cloud solution provides employees convenient file sharing tools for all their devices, and enables them to share content securely with the people they are working with, both inside and outside the organization.

At the same time, private cloud solutions meet the security and compliance requirements that enterprises are struggling to meet. They provide secure access to enterprise content from mobile devices while minimizing risk of malware intrusion or data leaks. They give IT centralized control over file access, so that administrators can ensure that confidential files are accessed only by authorized users. And they let administrators and compliance officers monitor file sharing activity to ensure no policies are being violated. Audit logs enable IT departments to demonstrate compliance with regulations such as SOX and HIPAA.

Enterprise-grade file-sharing solutions also provide features such as FIPS-140-2 Certified encryption, which is required by federal agencies, and support integration with LDAP and Active Directory. The most advanced private cloud solutions also integrate with enterprise content management systems such as Microsoft SharePoint, enabling authorized users to leverage the wealth of business data stored in these systems.

And private clouds enable enterprises to leverage the scalability and flexibility of cloud technology for these all-important needs. In a fast-moving, mobile world, private cloud file-sharing solutions will help keep enterprises safe, compliant and productive.