Information Management, Cloud Computing, NSA Row Highlights Cloud Security Issues for Content Management + CollaborationI have to admit, as an ex-Military communications specialist, when the whole “NSA is spying on us all” storm broke, I yawned, rolled over and went back to sleep while thinking “and …? They have been doing it for decades ....”

My cynicism may or may not be misplaced. However whether you look at the whole NSA spying debacle as either a storm in a tea cup, as the NSA and some cloud vendors would like you to; or as a serious hurricane blowing over troubled international relations waters like the German Government for example, there is an impact for cloud content management and collaboration vendors and solutions.

Cloud Security

There were many excellent articles last month about the future of Microsoft’s SharePoint platform, and how it currently integrates with Yammer, and how in the future it may be branded as Office 365 rather than boring old on premises SharePoint. Before we even go anywhere near the thought of a super powered foreign spy agency sifting through any of our data that transits the public internet (I am a Brit who lives and works in Canada!), I'll just point out that I work in the financial services industry.

So there are various regulatory agencies that specify rules and regulations, and we have big Information Security and Corporate Compliance divisions that takes those rules and regs, and parses them down to the point that we get a "direction" that we can’t use tools such as Yammer or SalesForce Chatter because they don’t encrypt data at rest (back to that later), and therefore don’t meet the needs of our regulatory regime.

I am sure there are plenty of readers out there saying “well, sucks to be you, because we are in FS, and we use cloud services!” Well that is good for you and it’s true, we don’t all have to work under the same set of constraints, but that leads me to my first point: reading the inter-webs and listening to the podcasts over the last couple of weeks, there are some people who are worried about the potential negative economic impact that the NSA “revelations” might have on the U.S. economy as both individuals and enterprises worry about the privacy implications of storing data in public cloud services.

Whether you’re a private citizen of the U.S. (or other nations) or a multi-national corporation, there are plenty of ways to encrypt content as it moves back and forth including TLS (HTTPS) and Virtual Private Network (VPN) “tunnels.” There are even ways to encrypt the data at rest in a cloud service, or to deal with it in other ways (again we will return to that later). As an Information Management professional, I am interested in -- even worried about -- the integrative and user experience elements.

Social, Local and Mobile - and Secure ?

Here is a quick scenario: You're using on premises SharePoint 2013, behind your firewall(s) for document centric collaboration, but you're using the Yammer integration in order to provide mobile access to social collaboration features via a range of devices as part of your Bring Your Own Device (BYOD) program. You have software available via the BYOD program for securing and wiping corporate data on the mobile device, and you have a VPN setup for secure transport of the data. You even have an encryption gateway provide that integrates with Yammer, encrypting your discussions about which competitor to buy next before it leaves your network and ends up on a disk in a server farm who knows where ....