I have a cloud. It allows me to do amazing things: access my files anywhere, e-mail videos or other large attachments that used to choke most e-mail systems, find my lost phone and share information with my friends. I subscribe to all of the services; Dropbox, YouSendIt, Box.net, Skydrive, iCloud and Google Docs to name a few of the common ones.
This is my personal cloud, and it has replaced my laptop as the centre of my digital universe. The information that used to be on my computer is now in my cloud, and I no longer have to worry about hard drive crashes, theft and backups. I am, of course, not unique in this regard; millions of people are adopting the personal cloud as their data-storage medium of choice.
As a consumer and private citizen, cloud services help me organize my life, help manage the information that I need for the volunteer organizations I work with, and keep my personal information at my fingertips.
But now it’s Monday morning, and I need to shift from my consumer mentality to that of my profession. I still have the same problems of information management and access, but now I am at my workplace, and suddenly, I don’t have access to my personal cloud.
Or do I? Maybe I’ll just install the Dropbox app on my work computer. This will allow me to work on the weekend. Or, maybe I will send the huge PowerPoint deck to my customer via YouSendIt. I can put those important files on Skydrive in case my hard drive crashes. I haven’t been at the office and my company’s backup system hasn’t processed my files yet. After all, what IT doesn’t know won’t hurt them, right? I am too used to my consumer services, and I can’t live without them! There’s no risk, right?
The truth is that placing corporate data in an uncontrolled public cloud poses huge risks. These include privacy and compliance concerns along with the risk and implications of corporate data loss. Public cloud services simply do not have the ability to address organizational security and compliance concerns because they are designed to address consumer needs.
Many organizations try to control the use of public cloud services by implementing policies that prohibit their use or by using technical strategies such as locking down operating systems, implementing firewall rules or even by using more complex methods such as Data Loss Prevention (DLP) systems. The problem is that these attempts to control data increase costs and add complexity to the infrastructure. In the end, they are a losing battle.
History reveals that most users will find a way to do what they really need to do. This was evident with the advent of DVD burners and with USB flash drives. IT security departments tried to prohibit them or lock them down, but users continued to find a way to use them. The same is true with public cloud services. If a determined employee needs to send a large file, it WILL be sent. And, if they do it once, they will likely repeat their behavior. This was demonstrated with USB drives a few years ago.
The difference now however, is that data in the cloud is accessible to the entire world if something goes wrong; whereas a lost USB drive or DVD had only a limited exposure. The utility of public cloud services is greater but the risk is correspondingly exponentially higher.
So what should an IT department do? Users are demanding public cloud services while management wants to mobilize the workforce and roll out tablets and smartphones. Security and legal departments are worried about compliance and data loss. The answer is actually quite simple: Move the public cloud services into the organization’s private cloud. This solution satisfies user needs while maintaining security requirements.
Of course, in reality, things are never quite that easy and there are many factors to consider such as storage requirements, system availability, required software, apps for various platforms to support, and, of course, the Private Cloud concept. What exactly does that mean? A private cloud, just a like a public cloud, provides elastic capacity, provisioning on demand, and a well defined cost per user.
When deploying personal-cloud-style services in a private cloud, its design should consider the following:
- Data growth may become problematic, especially when deploying large file transfer capabilities. In this case, deduplication is essential and compression should be strongly considered. These systems can be deployed on a SAN, but the costs of doing so must be carefully considered.
- Personal cloud applications typically do not require high levels of performance, so it is wise to store files on a lower performance tier. However, data availability is also essential so the datastore must be replicated or otherwise highly available.
- In a private cloud, data is controlled by the organization, but how is it accessed? Many personal cloud capabilities require sharing files with external parties whose accounts need to be controlled, ideally via specific policies. There may also be integration issues with corporate e-mail systems, authentication systems and document management systems.
All of these factors appear to complicate matters. Fortunately, as the “Consumerization of IT” trend continues to escalate, new products are entering the market that have been designed to address these needs. It is still an evolving landscape, but IDS Systems has been analyzing and evaluating the market in addition to testing products that address these issues. Personal cloud capabilities are certainly within reach, and can be deployed and integrated into your IT environment within days. For more information on how to leverage this technology in your organization or to arrange for a demo, please contact us.