Thinking Outside the 'Box'

In an age of Bring Your Own Device, it's easy to see how well-meaning employees might arrive at the concept of Bring Your Own Service, especially when that service is easy-to-use, fast, cheap, and reliable.
|

File-hosting service providers like Dropbox and Box have done an excellent job in the last few years providing prosumers - consumers who use products whose qualities are deemed above consumer-grade standards but below professional-grade standards -- with an easy-to-use file-exchange solution that integrates nicely with their personal lives.

But what happens when those same prosumers, so comfortable with using these services to conveniently share gigabytes of home videos with family members across the country, decide to use that same technology to share sensitive data in their professional lives?

In May 2012, Gartner, Inc. analyst Ben Huang discussed that idea in his research note, "Four Common User Scenarios That Demand MFT."

File sharing and collaboration may not be synonymous with MFT; however, the movement of files for sharing and collaboration is MFT-like. This particular usage scenario is where organisations are seeing a lot of vulnerability. Often dubbed the "dropbox issue," users are adopting technologies in the consumer file-sharing/storage/collaboration landscape that are often free, unsecure and of limited capability.

Further, in June 2012, Osterman Research found that:

...widespread use of third party, cloud-based storage and file synchronisation offerings...are sometimes used with IT's blessing, but more often not: Dropbox, for example, is used in 14% of 1,000+ employee organisations with IT's blessing - and in 44% of them without approval.

What happens, then, is clear -- prosumers who use these technologies subject the enterprise to a raft of considerations, including "Will these services scale?" and "Will they be able to reliably handle the volume planned for them and offer enterprise-grade functionality and security?"

Dropbox and Box offer premium services that tout "large shared quota, centralised admin and billing" and "scalable and customisable content management with comprehensive security and admin controls," respectively, so it might come as no surprise that the answer to these questions in many use cases is a considered but unqualified "Yes."

But will these services integrate seamlessly with the business and maintain the standards the IT organisation demands?

That answer is probably not as straightforward.

IT administrators initially resisted allowing "foreign" devices into their network for all of the right reasons. It was only after they evaluated the security and viability of the devices -- and sometimes even improved the devices' security and viability profiles -- that the devices became internally acceptable.

That set a precedent. Now, the IT department must stay consistent by keeping up with business-user demands and being less rigid with their rules -- even if those business-user demands seem excessive and even if those rigid rules make sense.

Then there's the matter of security. The industrious, hard-working employee, though always a terrific asset to any enterprise, is apt to forget that they belong to a community -- the company that employs them -- and must always keep the enterprise's best interests top of mind, despite the potential for security mandates to complicate -- or even inhibit -- their workflow.

Fortunately, with most email transactions, the employee's access and activity is governed by an enterprise directory accessible through LDAP - the Lightweight Directory Access Protocol supported by Microsoft Active Directory and similar services to provide identity and access control information to programs - which ensures controlled access inside the company. That means that failsafe mechanisms are in place to keep the employee from making a costly security mistake.

But with external vendors like Dropbox and Box, the enterprise must recreate that directory, which gives rise to issues of synchronisation and puts the burden of administration on IT, who already had plenty of internal responsibilities to attend to.

In sharp contrast, a professional, enterprise-grade file-transfer solution will integrate directly through LDAP and authorise all external transfers and all internal transfers with the enterprise directory.

Compare this again to external systems like Dropbox and Box, services the enterprise directory cannot synchronise with. What happens when employees resign or a temporary contractor's services end, and their routine removal from an internal email system can't be synchronised with the external system?

Further, file transfers demand multiple types of solutions, not just one. Dropbox and Box provide only one type of solution specialised for person-to-person use, which demands that other scenarios like system-to-system, person-to-system, and system-to-person connections, as well as brokerage of transfers between solution silos, must be handled by additional providers -- a complicated predicament, to say the least.

A professional, enterprise-grade file-transfer solution, however, abates all of those concerns and reduces a potentially long provider list down to a single point of contact.

In an age of Bring Your Own Device, it's easy to see how well-meaning employees might arrive at the concept of Bring Your Own Service, especially when that service is easy-to-use, fast, cheap, and reliable.

But enterprise transactions demand more. Despite our users' fondness of prosumer solutions and eagerness to be productive with them, mandates, regulations, and a host of other security considerations make these solutions the less-than-ideal choice. It's up to the enterprise to harness the productive energies of their users by providing a solution every bit as robust and pleasant to use as a prosumer solution, yet capable of maintaining a security profile prosumer solutions could never hope to offer.