Thoughts About Cloud Based File Sharing, or, "Take My Files - Please!"
In Are CIO’s falling in love with file sharing? CNN Money writer Michal Lev-Ram suggests that corporate Chief Information Officers are giving file sharing services like Dropbox and Box more consideration for enterprise use. It’s not a slam dunk, though, as the CIO from Zynga points out:
“I’m not a big advocate of using file sharing sites in the enterprise. While they have their use cases, reliability and security remain a concern for me as a CIO. I know a lot of file sharing companies are moving towards enterprise-level maturity, but most that I’ve seen are not quite there yet. This is not to say file-sharing sites aren’t a great solution for personal use. For enterprises, as it is with deploying any new technology, it’s important to exercise caution.”
My take: enterprise use of such services is a mixed blessing.
One the one hand, such services are readily available and easy to use with user interfaces and functionality potentially more attractive than existing standard network file sharing utilities. Since so many corporate activities involve collaborative access to and use of shared documents and files, anything that makes the sharing process easier should be encouraged, right?
Not if your chief concerns are security and privacy. People have to be taught how to use such services. Given how often it’s necessary to share files with “outsiders,” and given the difficulties and red tape involved with giving outsiders access to inside-the-firewall resources, it’s not surprising that employees are “voting with their feet” and bypassing corporate IT to use services like Dropbox, despite concerns about security.
While such security concerns are legitimate, it’s also possible — I’ve seen this happen more than once — to make security procedures so onerous and time consuming they become barriers to work. Hence, the unauthorized use of external resources like Dropbox and Google Docs grows, even in situations where shared directories with FTP transfer or SharePoint document access exist.
Just as people are “bringing their own devices” to work, they’re also using services they may have first found out about outside the enterprise. The same thing happened with personal computers and web sites and companies need to accommodate this reality.
Generally I’m in sympathy with people who want to collaborate and who are ready to take advantage of “newer technology,” even when that means bypassing the IT department. This has the practical effect of forcing IT to supply better solutions. It also forces management to put responsibility for security and privacy where it belongs: on the behavior of people.
Problem is, there’s more involved here than just making file-based collaboration easier. Document access, storage, and retrieval requirements all need to be pursued from a corporate perspective as well, starting with the need for managing documents and files online with legal, discovery, search, and records retention requirements being taken into account.
Such concerns may sound like “red tape” to the folks in the corporate trenches. But management can’t afford to ignore document retentions policies given we live in such litigious times. The obvious challenge: give the people the easy to use solution they need, but make it possible to incorporate, as unobtrusively as possible, the necessary backup, security, retention, and search capabilities that people really need.
I’m sure that enterprise-ready technology solutions are being developed and marketed to provide such capabilities, just as enterprise-ready social media and social networking tools have been developed and marketed. But it’s an illusion to think that the ultimate solution to opened-up document and file sharing will be technology based, especially when the additional issues mentioned here need to be managed efficiently and when new business processes must be developed to accommodate them.
Bottom line: sharing files, especially sensitive files, while it can to some extent be controlled technologically through controlled access, is fundamentally a behavioral problem, not a technology problem. The trick will be to enable people to “share files responsibly.” The cost of doing this and supporting it over time should not be underestimated.
Copyright (c) 2012 by Dennis D. McDonald