The truth is, file sync and share is here to stay. What enterprises need is a way to take back corporate data from the public cloud, while providing a simple, secure solution for their users. What enterprise users need is a granular level of control over their data in a simple, easy-to-use CRUDS approach. Only then will we have the granularity of control that we need to feel confident that our data remains our data, so we can focus once again on getting our jobs done.
You and I have something in common: we both want to get our jobs done. If you are reading this article, you probably use some sort of file sync and share service at work. Perhaps those videos are too big for the corporate server, or you just want a way to access your data from anywhere. Whatever the reason, you have a service you use, and it helps you get things done. You have also read the warnings, and are aware of the risks this service entails, but use it anyway because there is no alternative. This is the state of the art for most people: using a service that is drop dead easy, in the cloud, and free.
The problem is that all of this corporate data is now out there in the file sync and share cloud. Legal firms, financial services institutions, consulting firms and more – their customer and corporate data is out there, somewhere, whether or not they admit it. What if we could get IT to take back our work data from the cloud, put it in something that us enterprise users would actually want to use, in a form that is sanctioned and approved – what would that service look like? What do we really want from a file sync and share solution in the enterprise?
There are a few capabilities that are table stakes. First, it would have to be drop dead simple to use. No more complex collaboration solutions, I just want easy access from anywhere. Second, it would have to store data somewhere on site so I can be sure my sensitive data doesn’t end up somewhere bad. Third, I want to be sure that data is encrypted in transit and on the server, again so my data stays my data. These are the basic features, but they don’t really push the envelope. As an enterprise user, the one thing I really want above all else is control over who accesses my data and what they can do to it.
To solve this problem, I find myself looking to relational databases. These systems have been around for decades, and are very good at providing granular permissions for access to data. They do it using a very simple set of functions that define what you can do with data stored in the database: CRUD – Create, Read, Update, and Delete. A given user can have access to the data in any combination of those functions. This appears to cover most instances, but something is missing in the traditional CRUD architecture when we apply it to file syncing and sharing: the right to sync a file.
CRUD is good for access to the files, but it needs to add a level of permission around who can sync files from and to a folder. Once synced, the system will need to continue to provide CRUDS permissions to files as defined by the file owner. This adds one letter, and makes the acronym CRUDS. If I could have complete CRUDS control over my files, providing appropriate access to other users and groups (employees, partners, and customers) I would start to feel a lot better about using such a solution offered by IT. And, as IT, I would feel a lot better about the security of corporate data.
As a practical use case, I read an article about a lawsuit between two US legal firms a couple of weeks ago. The article outlines how a former partner in the plaintiff’s firm, after resigning and moving to the defendant’s firm, left a laptop on in the plaintiff’s office, behind a locked door, logged into a public cloud file sync and share solution. The lawsuit alleges that the partner used file sync and share as a corporate espionage tool to stay up to date on the case after leaving the plaintiff’s firm. Trust me when I say this isn’t the first or last time this will happen.
If this firm had leveraged a CRUDS based solution hosted internally, it would have been simple enough for the plaintiff’s firm to simply remove the defendant’s access. Moreover, if a user can specify the level off access to a file or directory, the defendant’s account could easily have been locked, with all CRUDS rights removed. Any legitimate access by the defendant could have been handled on a CRUDS folder or file basis, preventing this sort of nefarious behavior. This is just one of many useful ways to leverage a CRUDS based system to get to your data, and share it responsibly.
The truth is, file sync and share is here to stay. What enterprises need is a way to take back corporate data from the public cloud, while providing a simple, secure solution for their users. What enterprise users need is a granular level of control over their data in a simple, easy to use CRUDS approach. Only then will we have the granularity of control that we need to feel confident that our data remains our data, so we can focus once again on getting our jobs done.