How an FSS would have saved Mary

By Alex McDonald, SNIA CSI Chair, SNIA Europe UK Country Committee member, NetApp.

  • 10 years ago Posted in

MARY QUEEN OF SCOTS didn’t have an iPad. She didn’t even have a Blackberry or a USB stick. She lost her head because of what she wrote; her letters were being intercepted and she didn’t even know it. Poor Mary!
Mary really needed an FSS.

The rise of the mobile device
Back in the near-present day, and implemented by many thousands of companies worldwide, the Blackberry Enterprise Server (BES) gave employees email and a unified view of contacts (often integrated with the corporate Microsoft Outlook system) and a mobile phone in a single secure device.

With the rise in more powerful and larger devices like iPads and Android based tablets and phones – the BYOD (Bring Your Own Device) phenomenon – we’re moving to a new paradigm where many more of these remote applications and data storage is becoming a reality. The IT industry is seeing a demand for enterprise applications and data directly on the mobile device. There’s been a proliferation of new applications; for example, I recently took delivery of a parcel where the delivery company driver had an app that integrated GPS and mapping software provided by the device’s manufacturer with applications for managing routes, identifying pick up and drop off points, and getting my signature to verify delivery.

Not everyone is so enamoured of these devices though; there are many issues to be overcome, and a sizable proportion of IT organisations are finding it hard to integrate the new mobile device and application into their IT infrastructure. Existing tools and applications rarely fit the mobile model, and users have, to a greater or lesser degree, chosen applications that are quite unsuited to enterprise use.

The problem, it must be admitted, isn’t that new; the well-known issues of USB sticks, home PCs and unregulated laptops have been with us for some time. But the ease with which it can be done on today’s crop of mobile devices, and with plentiful and free services,
it has increased the potential for abuse to all corners of an enterprise.
Free cloud storage; the “Killer” app
There’s a new “killer app” out there, and it’s cloud storage offered by a number of companies; Google Drive, Microsoft SkyDrive,
Apple iCloud and Dropbox to name but a few. All offer several gigabytes of free cloud storage, and larger amounts for very small additional costs. And they have plenty of takers; in April 2011, Dropbox had 25 million registered users. In November 2012, 18 months later, Dropbox announced that this had grown over 4 times
to in excess of 100 million registered users.

These services are the modern equivalent of the USB stick, often appearing as a fully synchronized and always available directory or folder on the device. With Wifi enabled devices, storing them on the cloud doesn’t add much to the time taken to retrieve them. It lets the limited storage on their tablet or phone go further, and protects against loss of the device; and the same techniques can be used for home PCs and unregulated laptops.

File synchronisation services
Some of that cloud data storage growth is for more than storing pictures of cute cats or dinner companions. Some of it will be corporate data. Spreadsheets of sales, confidential company plans, personal information about suppliers, customers, contacts; a lot of company information is landing up in these unsecured and public facing cloud systems.

Here are a few ways an IT organization might deal (and have dealt) with this.
£ Ban the use of mobile or personal devices. (This, incidentally,
has also been a response to USB storage sticks; I’ve been witness
to corporate laptops with physically disabled USB ports for that
very reason.) This won’t work; the benefits of data on the move,
collaboration with remote, home-based or mobile colleagues are
too great to ignore.
£ Let it happen, but turn a blind eye. That won’t work; legally and
commercially, the risks are too great.
£ Provide a “Dropbox”-like service from the enterprise for employees;
often described as personal file synchronisation services (FSS).
The assumption that needs to be made is; any corporate data on a mobile device or home PC is on (or is going to be on) the cloud. Any other assumption is unsafe. Since the last option appears to be the only sensible one, how might we provide it? Gartner (”How to Control File Synchronization Services and Prevent Corporate Data Leakage”) suggests a carrot & stick approach. Setting written IT policies aside (the “stick”), the focus of this article is on secure, reliable and properly audited systems that provide FSS (the “carrot”).

A private FSS cloud
The first thought might be to invest in a private cloud. Many storage vendors are now offering cloud storage, and some make available “dropbox”-like software functionality for a wide range of devices, either as part of the storage solution or in concert with other vendors. This is an attractive option; and such private clouds can be used for other purposes too, such as application storage, for backups and other internal application data. What should you be looking for in an FSS? There are a variety of such offerings; EMC’s Syncplicity, NetApp’s ionGrid, VMware’s Horizon Data, along with open source offerings such as OpenStack and ownCloud. Many of these applications provide a set of services that cover the basics of an FSS.

Authentication; or “who are you?”
Internal access to corporate systems has always included this element. FSS systems need to extend authentication to the external mobile realm, whether users are online and connected or working offline. This allows you to have a uniform set of authentication by, for instance, effectively extending an existing AD (Active Directory) infrastructure. Many offer RSA SecureID and X.509 certificate based authentication and support SSO (single sign on).

Enforcement of policy; or “What can you do?
Beyond simple access control, FSS systems should also extend entitlements and restrictions that are required for mobile devices; the permissions and rights to do such things as make offline copies and edit or annotate content.

Encryption; or “for your eyes only”
As long as the user credentials or the decryption key are never stored on the device, authentication and encryption (for instance, AES) provide the reassurance that if the device should ever be lost, stolen or otherwise compromised, the data is secure from prying eyes. (Incidentally, Mary did use a cipher for writing her letters. Unfortunately, it was deciphered as it was nowhere near strong enough.)

Data transport; or “here’s the encrypted stuff”
End-to-end security is part of this environment. Networks are unreliable, and who knows who’s listening? Some form of secure tunneling -- VPN (virtual private network) and SSL (secure sockets) or their equivalent -- is required to make sure that your data is unintelligible to eavesdroppers.

Auditing; or “Why did the auditor cross the road?”
It’s an old joke. The answer is; “Because he had just been to a client to discuss revenue forecasts and was on his way back to the car.” Auditing is like that; precise to a fault. An FSS should be able to give you the what, when, how, where and who accessed corporate data.
There are many mobile platforms that are covered by FSS systems. Widely available and in no specific order there are: PCs and Windows tablets (Microsoft Windows), iPad and iPhone (Apple’s iOS), and often a variety of Google, Samsung and other devices (Android).

Some provide yet more services and added value, such as secure access to Sharepoint, Documentum, FileNet, home directories and so on. A “containerized” web browser can give secure access to internal systems as well as external web services. And beyond that, there is a wave of new applications supported by much the same infrastructure that can be deployed.

Off with your head
The mobile and BYOD environment may appear to be introducing new and difficult problems for IT departments to solve. But it’s worth reminding ourselves again that the issue of uncontrolled data proliferation isn’t new. If you haven’t done so, it’s time to act before you end up like poor Mary. Inappropriate access to sensitive company data will surely have your boss asking for your head.

For more information about SNIA and the Cloud Storage Initiative,
visit www.snia.org/csi
 

Infinidat has achieved significant milestones in an aggressive expansion of its channel...
NetApp extends its collaboration to accelerate Ducati Corse’s digital transformation and deliver...
Infinidat says that Richard Bradbury has been appointed SVP, EMEA & APJ. Leveraging his extensive...
Just months after announcing the availability of its backup as a service offering (BaaS), Cohesity...
Tintri®, a DDN® subsidiary and the leading provider of auto adaptive, workload intelligent...
Veritas InfoScale native deployment in Kubernetes environments, including Red Hat OpenShift, will...
Portworx by Pure Storage delivers scalability, availability, and better security to data rich...
The combination of Storage Made Easy’s Enterprise File Fabric and Object Storage from Cloudian...