By Michael O'Dwyer, Contributor
Small businesses can take advantage of public cloud services to store data at little or no cost. But there is a downside: information can be hard to manage and even lost.
Most professionals are familiar with the big public cloud players such as Dropbox and Google Drive as well as voice over IP (VoIP) services such as Skype. All are capable of sharing or transferring data remotely using any number of mobile device apps.
“The primary reason for businesses to use [public] cloud storage is that it’s easy and cheap, and requires very little support and infrastructure overheads,” says Paul Lin, chief executive officer of Buuna, an Australia-based app development and consulting digital agency.
Although security is not a major concern, not being able to display different versions of a file or determine its location is. And monitoring public cloud activities is virtually impossible when there is a bring-your-own-device (BYOD) policy for employees who access these Internet-based storage services.
Hard to prevent loss
On top of that, the sheer number of free or low-fee options available online for collaboration, storage, VoIP and text chat makes it difficult to prevent the loss or sharing of information. Without being able to track data, companies find it difficult to comply with the growing number of e-discovery requests.
“Small businesses and any business need to see cloud storage not as a threat to security but as another inevitable channel of data transfer,” says Lin. “Just like you can’t stop employees from copying data onto USB sticks and carrying it out of the office physically, you can’t stop cloud storage from being used to transport data.”
IT budgets are often a driving factor in companies turning to public cloud services. Most are free, while private cloud storage — which is hosted by the company’s own servers or leased from a third party — require an initial investment of at least $5,000.
“Private cloud storage defeats the purpose and concept of cloud storage,” says Lin. “You have more control than pure cloud storage, but at the cost of having to support the infrastructure with your own IT team. It’s an expensive investment, and not economically viable unless you are running a large company with extensive resources to install and maintain this setup.”
Add BYOD to the mix, and the lapse in e-discovery compliance is even worse.
“Trying to prevent [access to public cloud services], as history is showing, can be an exhausting, and oftentimes, fruitless distraction to businesses, especially given the pervasiveness of BYOD,” says Mike Peroni, vice president of operations at Content Raven, a Marlborough, Mass.-based provider of secure cloud-based file management and analytics solutions. “Securely sharing content inside or outside of the organization must be easy, or employees will seek ways to circumvent.”
Unable to monitor
Others are more worried about their legislative data requirements.
In a BYOD environment, users can send data using their own mobile carrier’s network, which is not monitored by IT. In addition, blocking each individual service on Wi-Fi is impractical and unlikely to block everything, given the number available, with new ones appearing daily.
“Perhaps the biggest problem introduced by public cloud services,whether storage or collaborative, VoIP services or chat programs that allow file transfer is the lack of traceability for e-discovery,” says William O’Brien, chief operations officer of Brainloop, an Acton, Mass.-based provider of software as a service (SaaS) solutions for secure collaboration and regulatory compliance.
“Companies have some specific obligations to provide electronically stored information and if you don’t know where it is, it is impossible to fulfill those obligations correctly,” he adds. “When such information is not available under e-discovery litigation, courts will not understand that employees have stored data elsewhere and will penalize offending companies with substantial sanctions and fines.”
File-level protection
However, it is possible to protect files and still allow productive access to those who need it.
“Companies can somewhat control access by using company emails as the login [to public clouds], rather than personal ones, so the company can reset the password and access the cloud account as required,” says Buuna’s Lin. “However, this is a policy and management [method] of control, as there’s no easy way to assert control through technical means.”
However, this does not prevent sharing to personal accounts.
“Virtual data rooms or collaborative workspaces on a private cloud are probably the best solution as file-level access control ensures users cannot transfer file to other devices,” says Brainloop’s O’Brien. “This must be achieved without decreasing productivity while still maintaining data integrity.”
A recent survey indicated that private cloud adoption doubled in the last year.
Content Raven’s Peroni suggests that a private and public hybrid cloud, which offers the best of both worlds, might be more productive for external sharing requirements such as presentations.
Hybrids allow segregation of files, with internal files stored on the private cloud and general information viewable by all on the public cloud.
“Once the business demands that the content be shared externally, such as board meetings, customer training, reseller transaction, transition in patient care, etc., private clouds can be limiting,” says Peroni. “Public clouds do a better job with sharing, but expose the business to massive data leakage, often time by well-meaning employees, not malicious outsiders. There is no one-size-fits-all solution driving the hybrid model.”