HOT TOPICS: Customer Experience Marketing Automation Social Business SharePoint 2013 Document Management Big Data Mobile DAM

NSA Row Highlights Cloud Security Issues for Content Management + Collaboration

Information Management, Cloud Computing, NSA Row Highlights Cloud Security Issues for Content Management + CollaborationI have to admit, as an ex-Military communications specialist, when the whole “NSA is spying on us all” storm broke, I yawned, rolled over and went back to sleep while thinking “and …? They have been doing it for decades ….”

My cynicism may or may not be misplaced. However whether you look at the whole NSA spying debacle as either a storm in a tea cup, as the NSA and some cloud vendors would like you to; or as a serious hurricane blowing over troubled international relations waters like the German Government for example, there is an impact for cloud content management and collaboration vendors and solutions.

Cloud Security

There were many excellent articles last month about the future of Microsoft’s SharePoint platform, and how it currently integrates with Yammer, and how in the future it may be branded as Office 365 rather than boring old on premises SharePoint. Before we even go anywhere near the thought of a super powered foreign spy agency sifting through any of our data that transits the public internet (I am a Brit who lives and works in Canada!), I'll just point out that I work in the financial services industry.

So there are various regulatory agencies that specify rules and regulations, and we have big Information Security and Corporate Compliance divisions that takes those rules and regs, and parses them down to the point that we get a "direction" that we can’t use tools such as Yammer or SalesForce Chatter because they don’t encrypt data at rest (back to that later), and therefore don’t meet the needs of our regulatory regime.

I am sure there are plenty of readers out there saying “well, sucks to be you, because we are in FS, and we use cloud services!” Well that is good for you and it’s true, we don’t all have to work under the same set of constraints, but that leads me to my first point: reading the inter-webs and listening to the podcasts over the last couple of weeks, there are some people who are worried about the potential negative economic impact that the NSA “revelations” might have on the U.S. economy as both individuals and enterprises worry about the privacy implications of storing data in public cloud services.

Whether you’re a private citizen of the U.S. (or other nations) or a multi-national corporation, there are plenty of ways to encrypt content as it moves back and forth including TLS (HTTPS) and Virtual Private Network (VPN) “tunnels.” There are even ways to encrypt the data at rest in a cloud service, or to deal with it in other ways (again we will return to that later). As an Information Management professional, I am interested in — even worried about — the integrative and user experience elements.

Social, Local and Mobile - and Secure ?

Here is a quick scenario: You're using on premises SharePoint 2013, behind your firewall(s) for document centric collaboration, but you're using the Yammer integration in order to provide mobile access to social collaboration features via a range of devices as part of your Bring Your Own Device (BYOD) program. You have software available via the BYOD program for securing and wiping corporate data on the mobile device, and you have a VPN setup for secure transport of the data. You even have an encryption gateway provide that integrates with Yammer, encrypting your discussions about which competitor to buy next before it leaves your network and ends up on a disk in a server farm who knows where ….

So you're good, you have all the angles covered; but it sounds a little complex right ? There are lots of moving parts to manage there, especially if you’re a big organization. Other enterprises do though, right? So the fact that it turns out to be really, really expensive is ok, because everyone else has to cover that expense too?

Yes I am deliberately trying to sound like a bit of a scare monger. For sure there are excellent products out there, in use by hundreds if not thousands of major companies for securing your organizational perimeter, for encrypting data in transit and at rest in the cloud, and even on a user's personal device. However the point about complexity of architecture and expense is very real.

Yes, cost is relative, and your ability to absorb that cost depends upon your industry, your risk profile and how much your investors want to let you re-invest internally this year, but no problem is insurmountable (if you have enough money).

The Information Management User Experience

So when you have these potentially highly complex but very secure architectures in place to allow you to reap the benefits of public cloud, private cloud or even hybrid cloud services, what happens to the user experience ?

 

Continue reading this article:

 
 
 
Useful article?
  Email It      

Tags: , , , , , , , , ,
 
 

Resources

 

Featured Events  View All Events | Add Your Event | feed Events RSS