The Struggle to Extend Enterprise-grade Mobile Access to Files
Two seemingly incompatible forces have collided in the enterprise over the past few years. The standard approach to storing and protecting files has come into direct conflict with the employee’s demand for mobile access to data. Employees want their files no matter where they are or what device they happen to be using. And they have proven that they’ll do anything to get those files, even if it means circumventing IT departments and all their carefully constructed security and enterprise controls.
So, how should enterprises extend employees the mobile access they demand without sacrificing performance and access for control, security and compliance? Most providers have approached this problem from one of two directions – consumer file sharing or enterprise storage.
The first set of solutions, file sync and share, has its roots in the user’s perspective. The easy interface, consumer-like features and simple productivity all appeal to the employee. Plus this group, which includes Box and Dropbox, benefits from a massive consumer customer base and broad name recognition. Yet popularity means little when you’re trying to satisfy enterprise IT requirements. As a result, the file sync and share providers have been building out features to attempt to make their service approach enterprise-grade.
For example, file sync and share solutions encrypt user files, but the solutions provider does the encrypting. In other words, they hold the encryption keys, which means a rogue employee at the solution provider could unlock your data. A government agency could even subpoena them and unlock your files without your knowledge. In addition, file sync and share providers have added enterprise controls such as integration with directories, but even with these changes, that fundamental flaw remains. They still own the encryption keys.
Another problem lies in the way these solutions extend access. With file sync and share, you end up with a second copy of your data somewhere else. Not only do you pay extra for this copy, but you increase the likelihood of multiple employees working on different versions of the same file. In a larger sense, whether you’re talking about security or file conflicts, what you sacrifice with file sync and share is control. You give up control of security, user access and the data itself.
The other common approach to extending mobile access comes from the enterprise storage players. For these vendors, security, compliance and control are second nature. In one sense, they have already accomplished the most difficult feats: making storage work at enterprise scale; building systems that can keep up with high performance workloads; and importantly, addressing encryption and compliance. It’s the mobile access piece that presents a challenge.
The standard enterprise access protocols – NFS, CIFS, SMB – do not work on phones and tablets. These devices are not built to access corporate networks like a PC or laptop. So enterprises turn to a third-party software overlay like Syncplicity, which EMC bought in 2012 and jettisoned this summer. There are a number of these kinds of solutions, with mixed levels of functionality; but they face many of the same obstacles. Once they move corporate files to a mobile device, for example, they have to figure out how to secure them, and this has not proven to be an easy task. Installing one of these third-party solutions also means adding yet another layer to an already complex and difficult to manage storage stack.
Ideally, a solution that extends mobile access to employees should combine the user-first perspective of file sync and share with the gravitas of the enterprise and all its associated security, compliance and control. These are difficult standards to meet, but an even harder task falls to the enterprise CIOs who must strike a balance between protecting corporate data and keeping employees happy and productive.