Private Cloud File-Sync-and-Share for Data Leakage Protection, Part II

Bring your own device (BYOD) file-sync-and-sharing has exploded in 2012. There are over forty (40) companies offering at least one product to organizations of all sizes. Over half of those companies offer a consumer grade version of their file-sync-and-share. With so many options, CIOs are unable to focus on choosing solutions to enable their organization’s workforce while managing data leakage. CIOs can’t choose products because the market hasn’t been consistently defined. In an effort to define a Buyer’s Guide, DCIG is conducting a survey for Mobile Device and Cloud File Sharing (at the end of this article).

DCIG’s assessment of the BYOD file-sync-and-sharing market exposed over forty (40) companies offering products and solutions. As DCIG evaluated the products and solutions 10+ key words were used in product names:

• Backup
• Cloud
• Collaboration
• Content
• Enterprise
• File
• Mobile
• Online
• Private
• Share
• Sync
• Transfer   

Core to DCIG’s Buyer’s Guide effort is defining a market. Our survey at the end asks readers to stack rank the terms listed above.  Our goal is simple – understand how buyers and sellers are defining this market. Better understanding the market will enable CIOs and their teams to focus on identifying, assessing and buying products.

CIOs have concerns, but little information to make go-forward decisions. The 2012 CIO Enterprise Cloud Data Mobility & Security Survey by cloudstoragestrategy.com exposed concerns from 150+ CIOs at medium and large size organizations.

Figure 1: Size of organization represented

80 percent of CIOs and their teams responded that they are very concerned about data leakage. Data leakage is when an employee copies or moves files from an internal system to one or more system(s) outside an organization. For better or worse, data leakage occurs every day.

Figure 2: How worried are you about data leakage onto the public cloud (i.e. employees using consumer-based tools to store corporate data)?

Many organizations monitor access to outside systems by maintaining internal and external access logs.  Access logs provide awareness to what files have been accessed (e.g. \\server\finance\Q1CY13 or www.dropbox.com). Awareness does not result in prevention of data leakage. To prevent data leakage, CIOs must have products they control, only then they may turn off access to external systems.

Data leakage onto public clouds

Data leakage onto public clouds can be characterized by five (5) risks:

• Data availability. Employee moves data to an external system.
• Loss of control. Employee leaves an organization, but corporate data remains externally stored.
• Data loss. Employee uses external data encryption and loses the private key to decrypt.
• Data theft. Employee uses airport Wi-Fi, kiosk, or lends mobile device.
• Compliance and regulatory issues. IT cannot meet compliance mandates

Figure 3: Data Leakage Concerns – ranked

90 percent of the CIOs indicated loss of control is their greatest data leakage risk. Loss of control occurs when corporate data remains externally stored, but with two distinct consequences:

• Employees who forget data is stored externally. These employees may be laid off, quit or fired.  There may be no or little impact to an organization for the uncontrolled data.
• Former employees who access the data even though they are no longer employed or public links shared outside initial intended recipients.  There is negative impact to an organization for the uncontrolled data and the lack of accountability to who has access to data stored on a public cloud (e.g. ex-employee takes sales revenue, margin and customer information to new employer.)

Both cases bring risk to organizations, but the second has a greater impact. Identifying and deploying a product to solve the second consequence eliminates risk for the former condition. Part I of this series covered what organizations need to control data and prevent data leakage.

Finding a product for your organization

Finding a product in an inconsistently defined market is frustrating. DCIG knows buyers are having challenges finding the right product. Buyers are gathering data from websites not knowing if the information is reliable. They fill out endless spreadsheets with features, only to end up, eyes glazed, and unsure of their analysis.

CIOs have many challenges related to managing data leakage, least of which should be finding a product. 50 percent of CIOs indicate they have budget, but cannot find a product. With more than 40 companies offering solutions, where is the confusion? The demand for products in a market that is not consistently defined has not been higher.
 

Figure 4: Greatest obstacle to managing data leakage

Examples of market inconsistency include:
< ul>

Enterprise Strategy Group identifies the market as “Online File Sharing and Collaboration” and “Corporate Online File Sharing and Collaboration“

Forrester identifies the market as “Mobile Collaboration.”

DCIG uncovered 40+ products by analyzing advertisement and organic search results across internet search engines, i.e. Bing, Google, Yahoo, etc.

Example research terms (prioritized order):

• share and sync files
• private file sync and share
• mobile collaboration
• mobile file sharing
• mobile enterprise file sharing
• mobile enterprise file sharing
• large file transfer
• share files online

In February 2012, DCIG identified the market as File-Sync-and-Share after meeting with buyers and sellers at LegalTech New York 2012. Within the file-sync-and-share market DCIG believes Mezeo’s product offer answers to data leakage concerns, while delivering a complementary mobile-first application development platform.

Minimally, organizations need products and services to manage BYOD file sharing and synchronization, please help us by completing Mobile Device and Cloud File Sharing survey below.