It is Autumn (really Winter!) in Montreal and I’ve come to expect to be greeted by ever decreasing temperatures and signs that Winter (more Winter!) is just around the corner every morning. I’ve also come to expect word of the next security breach that reminds us of how far we still haven’t gotten in terms of the privacy and security of our data.
Most recently, it is some of the popular cloud services that have come under fire. (One recent popular example is the access gained to private photos belonging to celebrities.)
Consumer cloud services are a great target for hackers – these platforms have made it easy for us to store absolutely everything about ourselves in one place: our family photos, private documents,
banking information, medical history and everything else that goes to the cloud when we allow our devices and applications to synchronize to and perform complete backups to these services.
In short, we’ve handed over a lot about ourselves to consumer-oriented cloud services. And the choices we make that have us balancing convenience vs. security are fair for us to make as individuals, but where does the enterprise figure into this equation?
Should the CIO, and anyone else invested in a business’ valuable intellectual property, be content to see their assets stored in services catering primarily to individuals, outside of content management systems, stored in locations that potentially trigger data sovereignty issues and never subject to recall, file retention or other compliancy policies?
But the truth is, lots of enterprise data does wind up in consumer-oriented cloud services. Part of the reason for this, is that they make many of the things business users need to do every day,
convenient. Take our ever-increasing need to exchange content with others for example: Presentations, images, video, design documents etc., are far too large for email and the people we need to exchange with are halfway around the world. What options exist to make this convenient for business users to do? Certainly the consumer-oriented cloud services that synchronize content make this easy, but at what cost?
As I’ve pointed out, these services are under attack and with password and encryption policies that are out of an enterprise’s control, the owners of the content being placed on these services, are reduced to mere bystanders to the security nightmare. Worse,
information exchange often means you only need to get content to someone else – but with these services, the content lives on there forever unless someone manually deletes it. But who ensures this content ever expires? These services make it easy to invite others to shared locations, but not nearly as easy to un-invite people or to get an organized view of permissions in one place across all of the locations created. So, the need to exchange information often results in valuable enterprise data sitting forever in largely unmanaged locations, with no regards to an organization’s retention, data sovereignty or security policy.
But none of these risks are necessary.
(And things get ugly when you use the wrong tool for a job)
Never being one to list problems without a solution, I’ll be back in my next posting with some alternatives to duct tape.