In the 1980s and early 1990s, IT managers, accustomed to centralized computing operations, fretted about the loss of control inherent in the proliferation of the PC and of non-sanctioned applications like Lotus 1-2-3. Nowadays, the latest consumer-driven IT phenomenon is cheap, easy online data backup. More and more individuals are migrating to services like EMC Mozy and iBackup and, in some cases, corporate data is going along for the ride. And that's causing concerns for storage management.
"It is a given that if people have access to a useful technology that they are capable of using on their own, without support, at a low cost, it will be used," said Jay Heiser, research vice president at Gartner.
Of course, for businesses, noted Heiser, the need to control data doesn't disappear just because that data has passed outside of the walls of the business and into "the cloud." When that happens, "It can present some increased risk of leakage, especially if criminals have reason to believe that a particular individual might have possession of sensitive data," he added.
Justin Moore, CEO of Axcient, said when individuals at a company install online data backup software without the sanction of the storage department, data that is not supposed to be sent offsite for legal or compliance reasons might accidentally be sent offsite without any attention paid to the regulations around that data. What's more, he noted, where an employee has signed up for a backup service, he or she could continue to have access to critical data even after they have left the company.
Moore said the best solution is a one that is entirely controlled and monitored by a company and does not require agents (like those used by many consumer services) to be installed. "With an agentless solution … IT remains in control of the setup of backup and retention schedules for all data which they want to protect on site and offsite as well as access permissions to the backup data throughout the data lifecycle."Security concerns with online data backup
Jack Phillips, co-founder and CEO of IANS, a network security consulting firm, said the two top security concerns his clients face are virtualization and cloud apps -- including online storage.
With regard to online storage, he said many companies are even more concerned about "forgotten" or misplaced data than they are about data that is actually exposed or lost. However, he noted, from a legal perspective it is not yet clear how corporate data "stored in the cloud" will be judged. If it's safe, possibly encrypted...[it is] almost like it was still on the enterprise network, so is it a violation," he added.
Raghu Kulkarni, President/CEO of Pro Softnet Corp., which provides iBackup, is the first to admit that individuals rather than IT managers are the target customers, however, he noted, once they try iBackup, "they are able to see the benefits and explain it better to their superiors who in turn may make corporate wide decisions."
"We do mention in our terms that the user who is backing up the data has to make sure that they have sufficient rights to do so," he said. More to the point, said Kulkarni, it's not like the data is disappearing. "We do provide options to encrypt the data even before data reaches our servers, with a private key that is known only to the user," he added. And, said Kulkarni, if the user or their company is still not comfortable storing data in the cloud, they can opt for iBackup's hot site solution, which simply facilitates data backup and replication between the user's primary and secondary locations.
Likewise, Devin Knighton, a spokesperson for Decho Corp., which offers the Mozy online backup service, said concerns about the availability and use of consumer online backup services need to be kept in perspective with other aspects of wandering data such as high-capacity "thumb drives," emails and online applications.
"No matter what the medium, corporations should focus on what kind of encryption and security policies are used by the provider," he said.
So what should companies do? "Some organizations will take a knee-jerk approach and simply insist that all storage remain on their network," said Phillips. However, he noted, "With an expanding mobile workforce business users will increasingly demand access to these services so companies may need to be more flexible." That could mean sanctioning certain specific services under certain circumstances and putting in place use policies, he said.
Continuing on the theme of "if you can't beat `em, join `em," Brad Nisbet at IDC said companies may simply need to make data backup easier and more convenient so that everyone with corporate data, including remote users, will have no excuse to use unscanctioned backup methods. For instance, he noted, some companies are using network-attached storage (NAS), especially in remote or department settings, to consolidate data storage for backup purposes.
Even more to the point, companies are looking into online backup products that are either outgrowths of consumer services or else offer the same ease of use and convenience. "With those kinds of solutions, users get convenience and IT gets control," he added.
About this author: Alan Earls is a Boston-area freelance writer focused on business and technology, particularly data storage.