Business users are demanding tools that allow them to work with content from anywhere, at anytime and with anyone. Extending on-premise ECM systems to users outside the firewall and on mobile devices, however, is flat out hard and expensive. It’s fraught with technical and business challenges such as access to browser interfaces and cloud architecture, not to mention licensing considerations for external users. As a result, IT departments have been slow to formally extend on-premise ECM functionality such as file sharing, collaboration and workflow to the Cloud.
In response, business users have moved in droves to whatever content cloud service they could find that seems to address their needs. In a study earlier this year, a SharePoint security vendor, 45% of business users admitted to taking customer-sensitive content out of SharePoint to do their jobs to put on consumer file sharing systems and thumb drives to just to work at home and share with those on their projects. Unfortunately, by relying on consumer-class file sharing services, users introduce serious vulnerabilities into the corporate computing environment. In fact it’s predicted that by 2014, a worm exploiting cloud-based personal file synchronization services will cause massive, costly enterprise data loss and service disruption.
An AIIM 2012 Industry Watch survey indicated that only 19% of IT department actively prevent content from being downloaded in an ad hoc way while only 5% of these departments offer an “official” cloud alternative. Additionally, only 11% of respondents have a policy governing the use of business-class systems. That a lot of rogue content access!
So, what does business-class look like? First, business-class security. When assessing security, consider 4 aspects:
- Content in transit — When content is uploaded (in transit), is it transmitted over 128-bit SSL or sFTP/FTPS? Is email encrypted with TLS or other encryption protocol? Is fixed media encrypted while in transit to the data center?
- Content at rest — Is your content and metadata 256-bit encrypted while at rest?
- Content on mobile devices – If an employees mobile device is lost or stolen or an employee is terminated, can company content be wiped? In the case of BYOD, can you delete only company content and not the employee’s personal data? Can some content be required to be sync’ed while other content can never be sync’ed?
- Robustness of the vendor’s data center, and related security policies and procedures.– Has the vendor passed SSAE 16 and SOC 2 audits over their whole stack? Is data backed up? Is it redundant? Is there a tested disaster recovery plan in place?
Business-class means answering, “yes,” to all of these questions.
Using content cloud services is inevitable whether it is a corporate initiative or through the creativeness of business users. Selection of business-class tools provides the foundations to ensure that your content is managed to corporate policies and procedures. Why take a risk with consumer-class services?
For more information on content the way your business needs it, visit biels.com.