Change is all around us
We are currently experiencing fundamental changes in our living and working environments. Among other things, this means that employees (have to) reorganize the way they work together. Now, the employee’s own home is often the actual workplace, and this is another reason why users now have a much more active role, while IT is moving to the cloud at an increasing pace. Still, of course, you need to make sure that sensitive data doesn’t fall into the wrong hands in the process.
Brave new world
The number of cloud business tools available is growing rapidly, for all sorts of uses. In the pandemic, there is a need to offer new virtual forms of engagement. Be it conferences in gaming-like virtual worlds or VR real estate tours: A wide variety of work environments are becoming more digital, and more diverse. Chat platforms are becoming an official communications channel and thus erode the dominance of email. The email attachment is being supplanted by new file-sharing options.
Empowered users shape the change
From a wide range of public cloud apps, the workforce selects what they reckon to provide convenience and efficiency, depending on the task at hand. The usability of interfaces is a key factor. Sometimes individual employees pick a tool, sometimes a team or a department is booking a new application quickly using their expense account. This is a problem for IT because the security of sensitive data must still be guaranteed.
Consequences for IT
In this age shaped by the cloud, IT managers have to deal with additional software, and handle much more data efficiently. They also have to organize new relations, links and interconnections. The result is usually a hybrid cloud environment – combining flexible public clouds with secure private clouds for sensitive data. The intranet and VPNs mostly had their days, and are increasingly only used in very marginal circumstances.
The key questions in this context is: How does corporate IT keep sensitive data and user identities under control?
Digital teamwork in a wide variety of cloud applications generates a lot of unstructured data. This includes conventional office documents, but also chats, sensor data, logs, photos, videos and audio files. Until now, this data has mostly been the sole responsibility of users. This jeopardizes security, compliance, costs and availability – which is why «data under management» is currently an urgent topic for IT.
Step 1: Identify the threats.
Consider this example: One of your employees saves a document in some collaboration tool. If he now generates a public link and sends that link to an external partner via email, your organization could thus be in breach of GDPR, which may well result in criminal proceedings. Your staff should not bear this kind of responsibility.
Step 2: Define confidentiality classes and rules.
Once you have defined what is confidential and on which level, you can then tag files and folders accordingly. Much of this can be done automatically these days. For example, ownCloud can evaluate the metadata of your documents or automatically recognize user-related data such as telephone numbers. Classification-dependent access permissions, expiration dates with deletion periods, and other mechanisms then help to adequately protect your data. It can be set up so that for example a customer contract then cannot be shared publicly, but can only be viewed, not downloaded, by users within your company.
Step 3: Build secure storage.
Offer staff secure storage that works for all current and future teamwork apps. You can then define and enforce rules for classified documents that are stored there. ownCloud for example could serve as a data hub for a lot of cloud apps, including Microsoft Teams, and various other workstream and workspace apps.
Step 4: Keep authorization under your control.
No matter which way your employees collaborate on which platforms – when it comes to accessing sensitive data, you need to be able to reliably distinguish authorized and unauthorized access. This is where modern cloud ID standards like OpenID Connect come in handy, as they allow you to run the identity provider yourself while still enjoying all the benefits of cloud-based single sign-on.
Step 5: Automate data governance.
A key governance function is recording all activity like storage, access, and sharing to be able to perform audits at any time. With the right APIs, keeping tabs is convenient, for example using Splunk or other SIEM platforms. SIEM stands for Security Information and Event Management.
To sum up with one sentence: in our times of changes, ownCloud could become a core platform to enable the introduction of new ways of digital communication and still stay compliant and safe.