by Orlando Scott-Cowley
An enterprise information archive should be much more than cheap storage and data resiliency, or place to hunt for (or lose) long forgotten evidence in the event of an eDiscovery case. In fact, the enterprise archive, be it for email, files or IM conversations, now has a vital role to play in increasing employee productivity, rather than just being a dark and dusty vault where data goes to die.
Boost employee productivity with an active archive
As analyst firm Ovum predicts enterprise end-user mobility will be top of the CIO agenda in 2015, ask yourself how quickly can your users find that two-year-old email or vital attachment while on the move? It’s worth considering how a lack of mobility will affect client response times or employee satisfaction in your organization.
The good news is that the move to better and brighter times has already begun. In its Magic Quadrant for Enterprise Information Archiving 2014, Gartner predicted that by 2019, “75 percent of organizations will treat archived data as an active and “nearline” data source, and not simply as a separate repository to be viewed or searched periodically.” For enterprise CIOs, this means we’ve got roughly five years to think about uncovering value in the vast quantities of data we store for undefined purposes at an undefined point of time in the future.
But balancing the information needs of an increasingly mobile workforce with secure and highly-available services often present a major challenge, particularly for traditional on-premises IT environments. As your data volumes grow exponentially, and you bank more valuable data, many businesses are looking to the cloud to solve these demands.
Elastically scalable storage, predictable subscription costs, performance, ubiquity of access and high availability are important factors but the real advantage here is increased flexibility around scale and style of deployment as well as use of these services. Cloud archives can more easily accommodate connections to live Outlook services, SharePoint and third-party APIs. Moving the email archive to the cloud makes it easier to allow employees to search all of their data through their phones and tablets, a simple victory that is largely unsupported by on-premises archive vendors. All of these reasons mean an ‘active archive’ can only exist in the cloud; the limitations to performance, scalability, access, security and usage are too great when the archive remains on-premises.
Cloud archiving vendors are also the only type of technology vendor who are going to have a product roadmap that aims to create new and innovative ways to bring your data to life. Most cloud firms roll out changes, improvements and new features on a continuous delivery schedule so there is always something new to delight your end users. By contrast, older less agile, on-premises technology vendors are usually stuck to a rigid multi-year release cycle that imposes significant burdens on your technical team – re-indexing your archive because of new ‘engines’ or search providers is a great example from two of the market leaders of on-premises archive technology. We don’t want to do that again in a hurry, that’s for sure.
Having an active archive for your enterprise information offers the business a single, secure repository in the cloud in which all your corporate memory can be stored is a simple, yet highly effective and strategic way for the long term retention of your data. For your end users, simply supporting their use of mobile devices will be a significant coup in what is seen as a stodgy and un-cooperative application service. But, continuing to delight them with ways of experiencing and interacting with that data today and into the future will at last give them a way to find more productive ways of working.
If you’re stuck in the past and trying to break free from the aging and outmoded on-premises archive, this video may help you. I recently sat down with Gartner research director, Alan Dayley, to break down the beneﬁts of the cloud over on-premises email archiving.
WATCH the video.
by Orlando Scott-Cowley
We’ve only been in the New Year a few weeks and it’s quickly becoming clear that 2014 is the year of the cloud. Even the committed laggards or cloud refuseniks are being compelled to move some services into the cloud.
But you would expect us to say that of course. As in all things, there’s always another point of view to consider. One of our older posts on the value of the cloud received a challenging comment that warrants a response. This comment gave us all the opportunity to reconsider why a commitment to cloud services makes sense for customers of all kinds and sizes, even those within regulated industries.
Barriers to cloud adoption have been broken down – initial reticence regarding data ownership in the cloud has been met with credibility built by vendors
The comment challenged our stand on the cloud:
“…Regulation may require certain data controls/protections/audit trails which a Hosted product can’t provide and Exchange (Windows Server Standard plus Exchange software, backups, redundant power, etc.) remain cost prohibitive….”
Initially I was just going to post a response to the comment, but as it has been some time since the original post, I thought that it was worth bringing this discussion right to the top of our blog. Thank you John for taking the time to comment on the post – I hope this post acts as an update, a reassertion of our belief that the cloud is actually more and more an ideal solution specifically for companies of all sizes dealing with the additional pressures of regulatory control.
Most Mimecast customers face these issues. So why is the cloud the solution to their needs?
In the world of email, these industries have high demands on storing and accessing their data – they need sophisticated e-discovery capabilities, granular legal hold functionality, centralization of archives and rigorous compliance capabilities. They have a heavy security requirement too, of course.
The bottom line is that neither on-premise or cloud archiving solutions address these demands perfectly. But what is clear is that in terms of centralization of data, cost to the business, and time to implement, cloud has and will continue to be the better option. And it’s these powerful values which are driving business as a whole towards hosted services, including finance and legal.
As far back as 2011, data were beginning to emerge about this wholesale shift to cloud services. At that point, about one-fifth of companies had already moved their email archiving to cloud or hosted options, away from on-premise. In the same study a significant number of those maintaining capacity in-house had experienced failures in hardware and software implementations, and one third had lost emails – possibly as a result.
Also, remaining barriers have been broken down.
Initial reticence regarding data ownership in the cloud has given way to proof of credibility built by vendors providing well-trained engineers and experts available to support the service. These services offer parity with traditional options. For example, in the case of archiving, email should be stored in its original format mirrored to multiple locations. In addition, written into a vendor’s SLA should be a guarantee that the customer’s data will only be stored within appropriate jurisdictions, to ensure compliance with the regulations imposed in some sectors.
So to answer the original question, is the cloud always the solution? The answer is actually in a few cases it may not be for everyone. But as cloud services continue to mature, these exceptions will become few and far between.
by Orlando Scott-Cowley
Last month Israeli security forces imposed their right to examine your email at their border crossings; the initial panic was calmed by a clarification from the Israeli Attorney-General stating the specific circumstances for the search. Previously, in 2009, the United States imposed a right to search your electronic devices, and keep them for further examination, at border crossings too—without any suspicions of wrongdoing. Are these signs that our local data is no longer private when we travel?
State sponsored search of your devices, and data, now becomes the latest privacy worry for any international travellers; we’ve always been worried about malicious attempts to gain access to our data, or having our laptops stolen from airport security screening points, but now the case for travelling completely clean is made.
Many technology travellers I talk to have always maintained a set of clean equipment, which is only used on trips outside their native country. Before and after every trip their laptop, smartphone, and tablet get factory wiped and restored from a known good image. This is especially important when returning from a trip to ensure the platforms remain clean – those devices are also replaced more frequently than home devices, and are occasionally stripped to check for “extra hardware”.
Maybe; but more sensible than paranoid, as we’re in the days of state sponsored hacking such as Flame, Stuxnet and Duqu.
If you’re wondering how you manage to work in such a sterile environment – have a think about how the cloud supports your remote working now. Keeping your data on your local hard drive isn’t the necessity it once was; it seems quite antiquated to me.
Cloud services that allow you to store your data online mean you’re only ever a click away from that data, and given the ubiquity of Internet access these days, that’s never a problem. Of course data stored in the Cloud isn’t beyond the reach of search warrant of subpoena, but at least it’s not local on your device being carried through a border crossing.
Email inboxes should remain empty until you’re safely through a border crossing, and on a known and trusted network. Once you’ve downloaded your recent email remember to remove the account and wipe the device before you leave the country too; there’s no sense taking the precaution for inbound border crossing and forgetting about the outbound.
The same applies to file data, leave your files in the cloud and only access them when it’s safe. Don’t store anything locally unless you can securely wipe the hard drive after use.
From an enterprise IT perspective; CISOs and CIOs should educate their users on how to handle such incidents, and of course draw up a policy for international travellers. It does occur to me that your IT department can help, by disabling your access to ‘their’ services on your devices until you give them the go ahead once safely at your destination. Deleting your stored passwords on devices would also prevent the access of data not stored locally.
For travellers the Cloud should now be as essential as your flight socks and money belt. As someone before me once said – “Don’t leave home without it”.
by Orlando Scott-Cowley
This weekend Evernote became the latest cloud vendor to have its systems breached; user data including passwords has been compromised. In case this is news to you, a quick recap – Evernote assured us that passwords were correctly hashed and salted unlike LinkedIn, who neglected to salt their passwords. Evernote didn’t tell us whether or not the salts were compromised too. The attack “follows a similar pattern” to others so we can assume some sort of long term APT style compromise.
There are a couple of interesting observations one can make as a result of this last hack.
The usual amount of your-data-in-the-cloud-is-not-secure media hysteria has been dished out; no doubt some Evernote users will be busy deleting their notes as a result, even though their contents are probably as interesting as the ingredients list on a bottle of water. Being an Evernote user (yes, I have reset my password) I can’t help but think this isn’t about data in the cloud, or about the cloud at all; this is more about a target. Evernote was the target in this instance, before them it has been LinkedIn, Facebook, Yahoo, RSA Security, New York Times, Iranian nuclear centrifuges, the list goes on. Once the target has been identified this sort of “coordinated attempt to access secure areas” is likely to succeed regardless of the data’s location. The data could be anywhere; in the cloud, a server on your LAN, one of your users’ laptops (Facebook), a mobile device, a filling cabinet (remember those) or even data left on someone’s desk – the attackers will use whatever means they need to compromise that data.
Secondly, if there is weak security protecting that data, again the location is unimportant. Putting the data in the cloud on a dedicated platform means, as in Evernote’s case, the breach can be monitored and contained by people who’s job it is to do that. There is very little one can do to contain the old school espionage attack that reads secure material from your desk or even from your rubbish bin.
Evernote did the right thing and alerted its users to the hack, emailing them to advise password resets. They did slip up slightly though, by providing a link in the same email that also suggests users should “Never click on ‘reset password’ requests in emails — instead go directly to the service”. But to be fair, this is the first time Evernote has had to deal with this threat.
What this sequence of events really means is that 2013 could be the year that cloud service providers will rebalance their priorities, so that preparedness for attacks will be as important as getting the latest app version out the door, and also that we as consumers realise the importance of our data regardless of where we leave it.