Following the rise of BYOD, IT departments face a new challenge in controlling their organisation’s digital assets while liberating employee productivity and information sharing.
At one time it seemed like the only choice employees hankered for was to get their preferred mobile phone or a particular brand of laptop; they had precious little impact on other technology decisions unless they ran the IT department.
Then dumb phones became smart application platforms and tablets appeared – and both suddenly soared as consumer choices, changing everything.
First, it was bring your own device (BYOD), which prompted many IT teams to focus on managing hardware, when the reality is the device is a multi‑purpose communications platform and so carries with it many other risks.
Now, BYOD has morphed into BYOC – bring your own cloud, content and collaboration (and, more often than not, chaos).
And it is collaboration, sharing and communication that really challenge IT departments’ remit to control their organisation’s digital assets.
Things have moved on a long way from casually sending files in emails or simply copying them onto a memory stick. Not only are there any number of storage services offered by cloud-based providers, there are many other ways to share data, too.
So what can an enterprise do to balance the desire of employees to use and share data with their favourite social tools and still apply sufficient corporate control?
Read more on collaboration
VMware combined Socialcast with AirWatch features for its Collaboration Bundle.
What do IT leader needs to know to decide on the future of the organisation's communications strategy?
How can organizations encourage collaboration?
First it has to decide where to focus. There are many social media models that introduce additional mechanisms beyond email to form the communications flow or timelines of chatter and interaction. These include both traditional and "new-wave" suppliers’ social enterprise-oriented offerings, such as IBM’s SameTime, Jive software, Salesforce’s Chatter, Microsoft’s Yammer, Facebook at Work or even LinkedIn.
There are important decisions to be made about which, if any, to adopt formally and how they might fit in with regular email. But for many organisations the more pressing need will be how to dealwith information.
The social information sharing challenge
There are elements of information control and organisation that have an impact on whether formal enterprise grade tools or casual consumer products and services are used. Recent Quocirca research into BYOD, conducted in large enterprises across Europe, reveals the safe storage of information is the major concern, well ahead of device and application management, with two‑thirds of organisations admitting data security is a top worry.
This is not surprising, given there are cloud storage systems aplenty already being used by employees. Most have applications for all the main mobile platforms and are very easy to use. Some suppliers directly formed to address the concept, such as the enterprise-focused Box and ever‑popular Dropbox, while others have emerged as an aspect of an existing supplier’s overall proposition, including Google Drive and Apple’s iCloud, for example.
While security of personal data is of some interest to individual users, there have been breaches that have caused concern. Despite this, many trust that a password and unencrypted data stored with a well-known supplier will be okay. Many of the cloud storage services operate this way, but there are some that go a step further. SpiderOak enables users to perform local encryption before their data is synced and Mega takes an above-average approach to security, thanks to its history giving it a certain paranoia concerning government snooping.
These might provide employees with the familiar simplicity of tools for sharing data with friends, colleagues and between different devices, but will be a headache for the enterprise.
Starting to take control
While there are many offerings to try to simplify the multiplicity of cloud storage using a layer of management controls – Otixo, Jolicloud Drive, Gladinet, ownCloud, for example – these are more likely to appeal to employees as consumers, as none have much traction or standing in the enterprise. Without being acquired or being absorbed into the services of a larger supplier, they will still struggle in this regard.
One in this category with a decent pedigree, however, is Primadesk, which came from the team that developed firewall software ZoneAlarm. In addition to allowing individuals to aggregate their cloud storage, it also provides secure virtual file management for the enterprise. This has the corporate advantage of sharing without copying enterprise files, applying encryption and tracking usage, while still making life easy for the user to find and share documents of interest.
There are corporate versions of popular cloud storage players – Box and Microsoft OneDrive for Business, for example – but according to the research, while 44% of large enterprises are allowing the use of cloud storage on BYOD, only 25% use corporate versions of cloud storage tools. This is something that should change as enterprise-strength security features and tools continue to evolve to have more consumer-like interfaces. Asking employees to use an enterprise version for important or work-related files will become much more straightforward.
As well as the general-purpose cloud storage mechanisms, there are also plenty of tools aimed at helping to organise work into to-do lists, tasks and projects. These consumer-oriented approaches to organising are not formal, but are still based around “things to do” and contain enterprise data. Content stored in them can be sensitive from an enterprise perspective and need assessing.
Whether it is presentations in SlideShark or LinkedIn’s SlideShare, or cloud-based note-taking in Evernote, or the slightly more establishment Microsoft OneNote or Google Keep, the organisation needs to exert some control, or at least influence, over individual employees and the mechanisms they use.
One route is to impose corporate storage systems from established enterprise providers in use elsewhere in the organisation, such as Citrix with ShareFile or Oracle with its Enterprise File Sync and Share offering. These provide the strong controls enterprises need, but in smaller organisations will be less familiar than other platforms such as Huddle or Microsoft’s SharePoint.
Although the latter has a long-established corporate history, it is becoming more socially oriented, and while the addition of community sites, micro-blogging and better mobile integration might not be enough on their own, they are a good start.
For those looking for even more rigour and control in shared workspaces, there are approaches which started out in the most secure and closed environments. For example, Intralinks, known for providing secured shared workspaces for certain specialists in highly stringent processes, such as mergers and acquisitions, now offers a service for the entire enterprise with its Via product.
Finally, there are the constraints of mobile devices to consider and some tackle enterprise collaboration by starting out from the mobile edge. For example, Moxtra has taken the well-established workplace notion of binders for pulling together all related content to be used collaboratively in a project and made it not only accessible while mobile, but with a mobile-first approach that is consumer-familiar and friendly.
One approach is to focus purely on the content, rather than where it is stored. FinalCode offers a system that encrypts files and uses a centralised means of control to command what recipients can do with the file – whether this be copy and paste, print, forward and so on.
Steps to address the challenge
Few organisations need to take draconian measures to tackle the risks associated with consumer and social application use in the enterprise, but neither is it safe to ignore the issue. With a few simple steps the risks tothe organisation can be contained, without overly constraining employee choice:
- Understand the appeal of consumer tools – mostly it’s about convenience and ease of use, so the organisation needs to look for safer alternatives designed to be easy to use and adopt.
- Set the bar – make sure everyone understands security risk, why information needs to be protected, what their responsibilities are, and what the consequences will be if they fail to meet them.
- Don’t sweat the trivial – forget trying to apply strong rules to trivial information – it doesn’t matter if the menu from the staff cafeteria is shared on Facebook. Focus on important data, grade it so that suitable strength policies and tools can be applied where really required.
- Fix mobile next – casual mobile use of data is a risk; a system that works well on the personal-choice mobile devices of employees will make it far easier to get them on side, happy and secured.
- Look for and pre-plug leaks – assume data will flow freely across the organisation, but put data leak protection in place to minimise potential leakage.
- Don’t stop collaboration – inappropriate use of social media might have negative consequences, but banning it or forcing difficult tools on employees will simply restrict collaborative working styles which after all, most pro‑productivity technology is trying to encourage.
Social media and consumer‑driven sharing mechanisms might seem to be a headache for the IT department, but they not only fit well with personal preferences, they also hit a pressing enterprise need – a more collaborative and open approach to working.
It could be argued that without the explosion in adoption of social media, a lot of organisational structures would still be stuck in a hierarchical, stove-piped rut, where sharing was done sparingly to retain control, rather than liberate productivity. How things have changed – but they will go further, so all organisations need to take a proactive approach to ensure they can retain some control while liberating employee productivity.
Rob Bamforth is a principal analyst at Quocirca.