The senseless battle over easy, secure data access

In reading “IT, keep your hands off my cloud storage” by InfoWorld’s Galen Gruman, as well as some of the feedback to it, I was reminded of the many, many times I’ve had strikingly similar conversations with my own clients — both those in the IT trenches and the C-level folks expressing usability concerns on behalf of the user base. No matter how many times I’ve heard it, I’m always surprised by how often these two groups fail to find middle ground on the issue of access to data and data security.

Can’t we all just get along?

On one hand, IT is charged with — and held responsible for — protecting the organization’s data against loss or exposure. The easiest way to do that is to throw up huge walls around the enterprise IT infrastructure over which the organization’s data ne’er shall cross. That seems simple enough, and it’s traditionally the approach most enterprise IT organizations have clung to — relenting only when forced.

Unfortunately, that approach completely fails to take into account the legitimate business needs of the employees. From their perspective, if they can’t get that presentation done from home the night before a meeting with a client because corporate IT is preventing offsite access to their data, you better believe they’re going to at least complain or, more often, go right around IT and use unsanctioned (or even prohibited) means to get what they need — a point Gruman aptly makes in his piece.

Although there are a wide array of technical challenges involved in keeping data protected and secure and allowing easy access to it from anywhere, typically that’s not the real problem. More often, the problem is that nobody is trying to find a solution to the challenge. When a search for a solution happens, it’s usually due to a continuation of the “us and them” relationship between many IT organizations and their users — so there’s often not much conviction behind the effort.

Conventional wisdom would tell you that IT folks are a bunch of obstructionist know-it-alls, while users are drooling idiots hell-bent on posting company secrets on Facebook. In extreme circumstances, that may be true, but more often the issue is one of the two groups failing to communicate in any meaningful way with the other to actually focus on designing a solution to the problem.

The real trick, for users and IT alike, is to clearly articulate what is truly needed, then to collaborate on a technological solution that enables it in a safe and easy way. It’s not that hard, but failing to get together and create something that works for everyone will inevitably result in rogue users, stapled-on half-solutions forced by user demand, and an even larger chance that secured data won’t stay that way.

Lessons to be learned from media sharing

I’m struck by how similar this issue is to that of the ongoing war over control of media and intellectual property in the form of movies, TV, and music — which we’re all very familiar with, given the wide coverage of SOPA, PIPA, and ACTA.

On the one side, we have groups like the MPAA and RIAA doing everything they can think of to stifle the proliferation of the content that they create. Alternately, we have a sea of users who, according to content providers, are determined to steal everything they make and share it with anyone who wants it.

In reality, I don’t think the vast majority of these consumers are black-souled pirates, just as I don’t believe that corporate users are idiots dedicated to destroying corporate security. They merely want easy access to their favored content and will happily pay for it or jump through an extra hoop — if they’re given the opportunity to do so.

If you want some kind of proof of that assertion, a study conducted by economists at Wellesley College and the University of Minnesota recently showed BitTorrent sharing of recently released movies has very little impact on box office — except in situations where that content isn’t available to the consumer (a delayed European release, for example). Then the user is far more likely to break the rules and steal the content.

All these content providers need to do to kill piracy is make their content easily available to anyone who wants to consume it. If it’s easy to do while staying within the rules, people will follow them. If it’s not, people will break them. It’s that simple.

The exact same is true in IT. If IT continues to play the stereotypically obstructionist role, users will go around them — often with the tacit approval of management. However, “let us do whatever we want” is no answer, either. Solving this problem is a two-way street and requires users and management alike to tell IT what they need and let IT design a system that will enable them to do it — then live within that system.

Having your cake and eating it, too

How do you accomplish that? There are many widely used solutions to this challenge that allow both users and IT to get what they want. Many VDI implementations — VMware’s View, by way of example — make it astonishingly easy to offer up a secure, full-featured remote-access solution that is functionally identical to the access offered onsite.

Using this kind of approach removes the need for difficult-to-secure VPN access; can allow file transfers to flash drives or peripherals, as needed by the organization; and has almost ubiquitous support for popular mobile devices. However, watch out for the issues of providing desktop apps for smartphone or tablet usage that can’t be accommodated on small screens or support touch-oriented input; an as-is Windows environment often won’t work well in mobile VDI usage. Of course, for desktop and laptop PCs, you don’t have these concerns.

When corporate users need to access their data on the road without network access, you can even configure the system to allow you to check out your desktop VM and bring it with you on your laptop and resync it on your return — all while protecting your isolated VM from whatever silly stuff your kids might install on your machine.

All of this can be done while keeping corporate data inside the data center, where it can be protected and secured by IT. While consumer or pro-grade cloud file sharing might play a role in a mobility solution for end-users, it certainly isn’t the only answer.

The bottom line

The reality is that both IT and users need to be willing to work with each other to solve these problems. IT stating that data can never be accessed outside of the office is just as indefensible as the user base demanding access to whatever cloud sharing apps they might have tripped across. IT cannot do its job in the midst of uncontrolled chaos, but real solutions can only be found when IT and users work together to find a solution that meets everyone’s needs — not do their best to make each other’s lives miserable.

This article, “The senseless battle over easy, secure data access,” originally appeared at InfoWorld.com. Read more of Matt Prigge’s Information Overload blog and follow the latest developments in storage at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.