The increasing tendency for employees to store their company information on cloud services and mobile devices does not only pose a cyber-security threat for businesses. Fragmentation of corporate data creates unnecessary cost, escalates risk and potentially undermines business value, according to research from Freeform Dynamics.
The survey shows that 93% of IT managers in mid-sized organisations are struggling to curb this spread of corporate data across personal and business platforms and devices, while four in five cited security risks in emerging “shadow IT” networks.
While progressive businesses empower productivity by implementing “work from anywhere” and bring your own device (BYOD) policies, this has proliferated the tendency for individual users to store and distribute data via their personal and business PCs and laptops, mobile devices and over consumer cloud services, such as file-sharing and instant messaging platforms.
Departmental and workgroup closed user groups further escalate fragmentation, creating conflicting versions of documents that could lead to leakage, loss, legal and systemic risk.
“Many respondents reported business data being held on smartphones, tablets and removable storage devices, or in cloud services signed up to by individual employees,” says Andrew Soddy, business development director at Mimecast. “We can expect such activity to continue growing, given the accessibility and convenience of both sophisticated mobile equipment and online storage offerings.”
The independent report, named Storage Anywhere and Everywhere – Dealing with the Challenges of Data Fragmentation, and sponsored by Mimecast, confirms that IT professionals in mid-sized businesses, while faced with shrinking IT budgets and exponential diversification, play a pivotal role in ensuring sound corporate governance.
“Managing risk and ensuring legislative compliance is a delicate balancing act when adopting new technologies in the workplace,” says Soddy. “However, the managed adoption of cloud storage and archives is a good way of achieving consolidation without sacrificing the pervasive access and convenience craved by today’s workforce.”
Mid-market business is the lifeblood of the South African economy, both as biggest employer and biggest contributor to gross domestic product (GDP), yet service support for this sector is in short supply, as the vast majority of solutions are geared to either SMEs or large enterprises.
“Typically a fast-growth sector, the mid-sized business environment is characterised by high-volume data activity across diversified operations,” says Soddy. “By applying a holistic solution, Mimecast offers the South African mid-market compliance with legislative requirements and valuable data storage in an easily accessible and secure repository – the cloud.”
Recent high-profile cyber-security breaches emphasise the need for safe and reliable solutions for the under-serviced mid-market segment. The Freeform Dynamics study, conducted among UK and US respondents, provides a clear signal to local businesses that data fragmentation is set to become a growing concern as South Africa comes on par with global trends.
With over 80% of respondents believing business decisions are hampered by data availability and inconsistency, this illustrates the very real risk faced by managers who rely on disparate data for business planning and forecasting, including the knock-on effect that inaccurate industry forecasts can have on national planning and GDP forecasts.
Dale Vile, research director of Freeform Dynamics, comments: “IT professionals are finding it extremely hard to manage and protect corporate data. Managing the complexity and the storage overhead is expensive, and protecting the data is a security and business-continuity risk. Despite broad acknowledgement of these issues, only a handful of respondents appear to be in proper control.”
The study did highlight what the handful (13%) of leading businesses or ‘elites’, progressive in their approach to cloud-based data collation, are doing right.
“The elites in this survey show that policies and technologies adopted before the problem becomes too widespread can effectively combat data fragmentation,” says Soddy. “It’s also clear that archiving solutions play a major role here, enforcing retention policies, fulfilling compliance requirements and giving the CIO a single view of critical data.”
Whilst this group still has work to do to achieve perfection, this is what their example tells us:
* Measure ROI in business and IT terms – the value in taking decisive action is found beyond simple IT cost and complexity reduction. Business executives should look first at how change improves user productivity, followed by risk management or mitigation.
* Understand your data – establish comprehensive policies and procedures for classifying data, to enable objective decisions on what data is important or valuable, needs to be kept, where and for how long.
* Establish and police policies on how different storage mechanisms should be used – understand all the enterprise, personal, network and local storage used for data in your organisation. Define policy for what data should or shouldn’t be held in each, according to its importance or confidentiality. Train your staff.
* Protect your data everywhere – give clear guidance on expected practices for data encryption and backup. Pay attention to the rapidly evolving use of mobile devices and cloud storage. Manage use of data on personal or ‘non-authorized’ devices and services.
* Protect all your data types – implement specific measures to ensure adequate protection of all forms of data in your organisation. From the obvious like hard disks on PCs, data held in business applications and file shares, to IT-managed or personal cloud storage. Your company email system is the place where increasingly critical data is held and shared.
* Use systems, processes and automation to reduce the cost of maintenance – this reduces the cost and overhead of routine monitoring, management, troubleshooting and support considerably. It also reduces the expense and distraction of dealing with crises and taking remedial action when things go horribly wrong.
* Use cloud and hosted services – cloud storage can be used as a way of consolidating data for easier protection and management. The advantage of consolidating storage in the cloud, particularly when facilities for synchronisation with PCs, tablets and smartphones are included, is that it preserves the anytime, anywhere access benefits that users have come to value, with appropriate controls applied.
* Archive – use archiving systems and procedures to move information to long-term, read-only storage when it is no longer active. Data held in “live stores” needs to be backed up, held on expensive high performance media, and replicated or mirrored. All this consumes budget and resources. Archived data is unchanging and accessed less frequently, and can live on lower cost storage or even be taken offline or off-premise completely. Modern archiving also means users can still access it when needed.
* Take archive to the cloud – hosted archive solutions take the pain and cost out of implementation and give convenient access to data (subject to policy). An ‘always online’ cloud service (like Mimecast provides for email) where users can get to data easily via a browser or mobile application, resembles an interactive repository of historical business data.
“Today’s CIOs are not managers of IT real estate but custodians of corporate data,” Soddy says.
“Their focus is on securing, storing and managing data cost effectively, and then making it work harder for both end-users and the business as a whole. This task is tough enough with information siloes around the enterprise, but when you add in consumer devices and ‘personal cloud services’, it becomes almost impossible for a CIO to really know where valuable corporate information is being stored.
“On the one hand, it’s hard to stop the use of these services, but on the other there is no question that they represent a genuine security and compliance risk for companies on a global scale.”