Securing (And Sharing) Content In The Cloud

23 Mar, 2012

One of the challenges facing companies with digital assets stored in the cloud is just how they secure their intellectual property while still enabling legitimate access particularly among collaborating employees.

One of the ways to achieve this is to deploy specialist cloud-based collaboration tools that facilitate secure sharing. I asked Barrie Hadfield, chief technology officer and co-founder of SkyDox, about this issue. Here is an edited version of our conversation.

How has the cloud disrupted the way the enterprise secures intellectual property?

There is some irony in that while the cloud has enabled unparalleled file sharing, collaboration and communications for the population as a whole, it has simultaneously eroded security the protocols designed to protect IP within enterprise collaborative ecosystems.

According to Forrester, nearly half of all information workers use between four and seven different collaboration tools to do their job – that's staggering, really. Many of these tools are consumer-oriented cloud collaboration tools designed to make personal documents, photos and videos easy to share with anyone.

These same tools are often used in the workplace, without the knowledge or approval of IT administrators, and simply ignore data protection policies. Obviously, this has been exacerbated by the bring your own device (BYOD) trend – in which employees email, store, and save company documents across multiple personal devices, some of which might be misplaced and may not be authorised by the IT function for enterprise use.

What are the considerations that a company should take into account when allowing their employees to use cloud collaboration and storage tools?

First, it is important to recognise that employees are going to use collaboration tools no matter what – and in some ways, rightfully so.

Strictly from a collaboration standpoint, the cloud has made working with partners and clients outside the firewall easier than it's ever been and it's allowed employees to be constantly connected, hence driving workforce productivity. And younger workers are especially accustomed to interacting via the cloud whenever it's convenient for them, so banning these tools would be outright foolish and could ultimately hurt your organisation.

Instead, what organisations need to do is first is to curtail the use of any application that could potentially compromise intellectual property by offering more attractive enterprise-grade and highly secure alternatives that provide a single platform that blends, file sharing cloud collaboration, social business, storage and synchronization.

From an employee standpoint, a centralised platform should be a welcome change. After all, there are inherent frustrations in cobbling together a patchwork of different consumer tools. For instance, doing so makes it difficult to track the most recent version of a document, to provide an audit trail of activity, and even access if the document, if it's saved on three different devices.

So how does a company secure their intellectual property without shunning all cloud collaboration tools?

First, centralise your organisation's collaborative ecosystem by providing a hub that you have administrative rights over. This way, you can have oversight on what is happening with company documents and you can provision users and set the permissions, access and activity rights for password protected content. Of course any data that is stored or is in transit, it should be encrypted. This permission-based and encryption-based approach is what's really missing in consumer, cloud-based tools.

Companies should also make sure the enterprise platform meets – and ideally, exceeds— features that are available on consumer platforms and is simple to use, otherwise employees will continue to circumnavigate corporate tools.

Finally, I think the most crucial functionality for social business is being able to collaborate in multiple ways internally and externally, with a platform that is device and application agnostic, so employees can access it from their desktops at work or their iPads at home.

I would also advise integrating a collaboration platform with traditional 'legacy' applications, like Microsoft Exchange, Microsoft Office, Lotus Notes, and SharePoint, for several reasons. For one, this eliminates that extra step that many consumer grade applications force you to take – removing the document from productivity applications and then uploading them onto a diffrent technology platform. But more importantly, once your document is sent to a consumer platform or unauthorised device, the company has lost its audit trail.

What role should mobile devices play in this – do they require additional steps to ensure a safe and secure environment?

A recent Forrester report showed that the employees purchase 70 per cent of iPads and 50 per cent of smartphones used in corporate environments. That is great for because it means employees are connected at all hours, but hugely problematic when it comes to tracking intellectual property.

What typically happens is, a document is uploaded to a consumer storage platform, so that the employee can download it on their personal device afterhours or share it with others. If the device is not authorised by the IT department, the company has no visibility about where that file is stored, how it is modified, and who has access to it. Ideally, preventing this should not require extra steps, if you structure your enterprise collaboration platform correctly.

If you have a centralised permission based collaboration platform where all company documents are stored in the cloud, your employees can access it via whichever device they want – but it also prevents unauthorised downloads. The takeaway here is, you should always have visibility into property's audit trail – no matter which device it is accessed on.

Since this sector is still in its infancy, what changes are on the horizon?

All the signs suggest that companies are waking up to how much control they have surrendered over their intellectual property in the last decade. The next step is for enterprises to rebuild their collaborative ecosystems for employee convenience and for organisational compliance.

With this in mind, I think we can look forward to cloud-enabled ecosystems that allow companies to retroactively delete a secure file from an employee's personal computer if, for example, they leave the company.

In addition, as the volume of data being stored in the cloud increases, organisations will start building collaborative ecosystems that intelligently link content, metadata and users by interest to provide social business networks. Ultimately this semantic classification of digital content and the ability to enforce policy-based content sharing across corporate and personal device file collections will lead to the "socialization" of collaboration tools.

(Barrie Hadfield is co-founder and CTO of SkyDox)

More News from Financial Times