by Dan Sloshberg
Bring your own device (BYOD) has redefined the way we work. It allows us to work from any device and access corporate files and networks from anywhere.
Now we also have bring your own cloud (BYOC). Workers are using the device and cloud service provider of their choice for a range of things they would traditionally have used corporate systems for, including file sharing. Without the proper policies in place, this can cause a major headache for IT.
Email remains the most prolific platform for communication and messaging in the workplace. However, certain limitations within email can lead to data security issues. Users simply want to remain productive, send and receive files of any size, and ultimately, work free of restrictions – and they want to do so in a familiar environment. Unfortunately, file size and storage limitations within commonly-used email platforms impose restrictions that force users to find workaround solutions. In most cases, the workaround solution is an unsanctioned, consumer-grade file sharing service.
With the right policies, personal devices at work don’t have to be a data security threat.
Ask yourself: Do you have policies in place to control the use of file sharing services – and ultimately protect corporate data – across your organization? Are you among the 37 percent of organizations that have no policy in place? Or, are you among the 46 percent of organizations that “restrict and say no” to file sharing services altogether, according to research from the recent report from Bloor?
We get it. You are overwhelmed, under-resourced and focused on issues flagged as “top priority.” But if the protection of your corporate data is not a priority, it will eventually catch up to you – most likely in the form of information leaking out of the organization. Whether or not you choose to acknowledge the issue, employees at your organization are finding ways to send, receive and share files of all sizes. According to Workshare, 69 percent of employees are using free file sharing applications – but only 28 percent have authorization from the organization to do so. Consequently, data from Symantec shows through the use of rogue cloud-based file sharing services, 83 percent of large enterprises and 70 percent of SMBs have had sensitive information placed in the cloud without organizational oversight.
The repercussions of consumer-grade file sharing services in the workplace can include loss of IP; sensitive data leakage; loss of visibility and control over where data resides; and compliance, regulatory and eDiscovery breaches. Many of these will not only cause you inconvenience, a significant breach could cost you business, irreparably damage your reputation and result in significant fines from regulatory bodies.
How to Take Control of File Sharing at Work
The bottom line is this: users want your support. If you give them guidance, education and a viable, frictionless solution, they are a lot more likely to comply with your policy. Here are three easy steps to keep corporate information protected by putting in place a secure, controlled file sharing service:
1. Don’t ignore the problem. There is a lot of file sharing happening at work, and file sizes will only continue to rise. Instead of ignoring data protection, make it a priority by finding a service that allows users to work within email to send and receive files – regardless of size – instead of finding workaround solutions.
2. Select an enterprise-grade platform. Consumer-grade services leave your organization susceptible to data leaks and other security threats. They also make it hard for you when it comes to eDiscovery or statements of compliance. Find an enterprise-grade service that gives you visibility and control, while allowing users to work seamlessly within a familiar environment. Use a platform that is built with access controls; content control and data leak prevention; archiving, compliance and eDiscovery; expiring access; and centralized policy management, reporting and logging.
3. Train and educate users. Programs should be in place to help your users understand the sensitivities of different classes of information and the risks associated with mishandling sensitive data. Users should have a clear understanding of what cannot be shared outside the organization and secure ways of sharing appropriate information with external parties.
By following these three steps – and finding the right solution – you can take back control of file sharing in your organization. Interested in learning more? Download this report by Bloor Research: “Take Control of File Sharing Services … Best Practices for the Safe and Secure Use of File Sharing for Organizations.”
by Nathaniel Borenstein
A bit less than four years ago, Facebook decided to get into the email business. I wrote a blog entry at the time, warning it a bit about what it was getting into.
Facebook announced the closure of its email service earlier this year. Facebook emails will automatically be forwarded to whatever email address Facebook users have listed as their primary one.
I warned it about the technical complexities of email, and the pitfalls that required email veterans on the team to avoid repeating. I really thought the biggest problem it faced might be technical. I figured that with its brand, it certainly had ‘market permission’ to enter the email space.
But we never got a chance, really, to find out how good Facebook mail was, because almost nobody used it. I didn’t see that coming, because I thought that there was potential value in integrating Facebook messaging with email. I should have known better, though, because I made a similar mistake back around 1982.
In 1982, I was developing and maintaining email clients for a couple of timesharing systems of the day, when I discovered that two future friends were developing a bulletin board system and a calendaring system for the same environment. We decided that what was really needed was to integrate all three into a single user interface that streamlined everyone’s communication.
We called the system BAGS, after our last names – the Borenstein Anderson Garlan System. It was modestly successful, and was maintained for many years after I moved on. But people didn’t use it as a single user interface. Some used it for both email and bulletin boards, but separately, as if the fact that they were all one program was something they needed to work around. Like Facebook, we found that users just weren’t drawn to the kind of ‘universal interface’ that draws computer scientists like moths to a flame.
It turns out there are good reasons why people have always had multiple communication mechanisms. The characteristics of a communication technology, coupled with the community rules, standards, and customs that develop around that technology, inevitably result in a mechanism that’s better for some things than others.
If you need to send me a message, what’s the difference between email and instant messaging? It’s not just a matter of whether you’re using a laptop or a phone, because either can be used either way. But when you’re using a laptop, you’re likely to be in a more relaxed or serious environment, so it’s natural to compose an email, which is likely to be longer, more nuanced, funnier, or otherwise more complicated than seems right for an instant message. On the other hand, if you’re running across an airport, dashing off an instant message will be rather more appealing. And if you’re like me, you’ll sometimes dash off an instant message to yourself, reminding you about a more complex email you need to send.
Facebook was one of the pioneers of social networking, which as a communication medium is radically different than email. People use it to communicate with whole groups of friends or relatives at once, and they think of themselves, generally, as operating in a semi-public forum. Email feels (rightly or wrongly) more closely controlled and limited in distribution. Combining two media that differ in important aspects is a recipe for confusion, and users intuitively resist it.
The email world and the Facebook world often leak into each other, but that doesn’t mean users want them to merge. The best email programs have user interfaces that are highly evolved to what users expect from an email medium – features that make it well suited to complex threads of discussion, but less well suited to ad hoc group discussions with your friends’ friends. Merging the two doesn’t necessarily make things simpler – the features of one can actually get in the way of the other.
The bottom line is simple: email is very, very important to a lot of people, and they are wary of anything that might weaken its usefulness. If Facebook had set up its email service to be entirely independent of the social networking system, it might have been able to attract users, and then gradually introduce carefully selected features that connect the two in useful ways. Perhaps that’s how it’s planning to approach its acquisition of WhatsApp; if it’s sufficiently cautious in how it integrates the two services, it might well succeed.
So, while we are saying goodbye to Facebook mail, perhaps it’s not forever. There’s still plenty of room for innovation in email, in social networking and in the spaces in between. But it’ll take a more open, incremental and modest design to succeed.
by Dan Sloshberg
Yesterday Microsoft confirmed it had an email outage on Exchange Online and Office 365. But they are not the only ones to have experienced this problem. Their cloud competitors like Google and even Facebook have had the same problems in the last few months. And if you have your email server in house you may well experience downtime much more frequently.
It is important to say that all email and cloud services will have downtime – some of it planned and some not. But when it happens it is always frustrating and disruptive. But you can do something about this.
It is for this very reason we said on our blog yesterday that two clouds are better than one.
The cloud presents a very compelling business case for customers looking to reduce the cost and complexity of their email environment. Many have already moved to the cloud or will in the coming months and years.
But when you move critical services and data like email to the cloud you must also plan for the inevitability – albeit rare – that the service will go down – just as you would with business continuity solutions on your own infrastructure if you kept it in house.
As it happened, we also announced yesterday our own suite of services for Office 365. These include business and email continuity services designed to give customers just the kind of protection we are talking about here in the event of downtime to Office 365, as was experienced yesterday.
We have provided these continuity services for other platforms for some time, protecting our customers against planned and unplanned downtime of their email be it Exchange, Google Apps or Lotus Notes.
So don’t let yesterday’s events put you off the cloud or Office 365 for that matter.
But if you are on Office 365 already (or thinking about it) or indeed have on-prem or other cloud email providers – do look again at your contingency planning. How will you cope when (not if) your email service is unavailable?
The cloud is great. But two clouds are much better than one when it comes to your business critical applications like email.
by Dan Sloshberg
Office 365 is more than fulfilling the potential we explored on this blog in March. According to Microsoft Corporate Vice President Jeff Teper, at the recent SharePoint 2014 conference, Microsoft’s Office 365 has completed its 18th consecutive quarter of triple-digit revenue growth.
Two clouds are better than one. With Mimecast as a strategic secondary cloud service alongside Office 365, organizations can reduce the risk associated with a move to the cloud and benefit from additional new functionality at the same time.
No wonder – the Office 365 proposition is now even more compelling with new iOS apps being well received and next generation business tools like Office Graph capturing the imagination. So, with momentum building, when CIOs consider switching to Office 365 surely the answer is a simple ‘yes’?
For enterprise organizations, it’s actually more complicated.
For these companies the choice of third party on-premises services, like downtime contingency and multi-layered security, reinforces their core Microsoft services to meet their requirements. However, there isn’t a simple migration path to Office 365-compatible equivalents of these usually complex and costly point solutions.
So what’s the answer? It’s certainly not to wait – moving to the cloud is inevitable and to delay adoption of Office 365 would mean your business would miss out on improved agility and reduced cost of ownership. But equally, you don’t want to run the risk of critical business systems like email being exposed to attack or interruption. The fact is, when it comes to your data, any risk is too much risk.
The answer is actually a blended-cloud approach.
A secondary cloud service, like Mimecast, can work seamlessly with Office 365 to enhance security and help ensure business continuity, data redundancy and archiving requirements are met. This is why today we announced a range of new services for Microsoft Office 365 that address some of the concerns CIOs have had about moving to the cloud, paving the way for a swift and risk-free migration.
Mimecast Services for Office 365 will be available in July. Enterprises can select from a range of targeted solutions or opt for a bundle of risk mitigation services. A blended-cloud solution combines the benefits of two clouds into a single, multi-layered service offering, diversifying risk across more than one vendor. Enterprises get key capabilities that help them adopt cloud solutions faster, and allow them to benefit from cloud innovation and agility. If you’d like to find out more about Mimecast Services for Office 365, take a look at our video here.