News/Trends, Tech/Engineering

Cloud and Mobility: a Nightmare for Information Governance?

Cloud storage and cloud applications are fueling data sprawl issues. We need to consider how cloud adoption changes the ways data is managed, protected, and governed – and the corporate opportunities for using that data to maximum (ethical) advantage.

Once, back in the desktop computing era, we could assume that any information the user collected or created was stored on his PC; that held true, too, even when laptops began to take over. If an employee wrote a memo, the text (or at least the fingerprints of that text) could be found on his hard disk, whether as a Word document or buried in an Outlook PST file. At worst, the information could be found in the corporate datacenter, perhaps on an email server.

But with all of us today planning presentations on a tablet computer, writing corporate documents in cloud applications, and storing email messages in the cloud… how can an IT department know where any user’s data is stored? Much less protect it? And even more of a challenge: How can IT extract that information in the troublesome situations where governance and legal holds become relevant?

As technologists, we usually put our attention on infrastructure challenges, such as security or coping with networking bandwidth frustrations. Sometimes we consider the longer-term effects of enterprise cloud adoption, such as the downstream corporate effects of mobile endpoint management.

Yet, with that awareness: There are repercussions from corporate data moving to the cloud. Most of these actually are very good effects, or they can be (starting with availability from anywhere). However, to get the most benefit, IT leaders need to take all the changes into account as they design migration plans.

The subpoena no one expected

Imagine this scenario: An organization is served with a subpoena wherein one or more users’ data is considered relevant (perhaps a matter of intellectual property or questionable hiring practices; it could be anything). The company’s lawyers need to find anything that user wrote that touches on the matter-at-hand. Once, that might have meant that IT was called upon to look at the user’s computers; later that would encompass any servers in the datacenter where the user stored files, such as a home directory or mail servers. Mobile endpoints such as smartphones added to the IT burden of “Where else do we need to look?”

Now with cloud applications, such as Microsoft Office 365, the compliance investigation requires looking on multiple devices and in multiple clouds. It’s like discovering you need to turn over a whole new set of sofa cushions.

From a user’s point of view, the data is in the cloud, and it doesn’t matter where. We all appreciate that accessibility (if for no other reason than avoiding the laptop drive of shame). That “anywhere, anytime” access is also a laudable benefit to the organization, overall.

But it changes how organizations view governance, compliance, and legal matters.

When it comes to cloud computing, organizations need an independent third party to ensure their data is collected from all these new sources, preserved, and ready for discovery. They need to put policies around data preservation and legal hold on multiple devices and their applications.

The opportunity? The cloud can be used to advantage as a collection of all these distributed sources. It can give us all a holistic view of the user, with a 360-degree view of user information whether the data was stored on a desktop computer, mobile devices, or in cloud applications. We (as an industry, though we like to think Druva will be at its forefront) can develop a single dashboard of all the user’s data across all active assets, and let authorized personnel make meaningful sense out of it.

Generating a Holistic View of User Information.

Druva inSync will now collect information from enterprise-deployed cloud applications, in addition to the desktop, server, and mobile devices we currently support. Initially, we are beginning with Microsoft Office 365.

The story starts with restoration of endpoint data stored in the cloud. Fumble-fingering Ctrl-A- Delete (wherein you unintentionally delete the contents of your entire document) is just as devastating on a cloud document as it is on your local hard drive. Plus, malware, ransomware, and human error can wipe clean a cloud application; a secondary safe copy will come in handy. Even better: This makes eDiscovery easier, because the single view of all the user information across multiple devices and applications can help find relevant information pertaining to a legal matter.

As I wrote, we’re starting with support for Microsoft Office 365, but this is just the beginning. We have the technology in place to support more cloud applications, using Druva cloud connectors to request admin access to cloud applications,collect and centrally deduplicate data, and making it available for end-user data restoration and for for eDiscovery processes.

Ultimately, we feel we can promise that Druva can  access, back up, and analyze user data, even potentially social media — wherever the user takes the data. That spells big benefits for the organizations who are responsible for its protection and safekeeping.

Learn more in today’s news announcement: Druva Extends Leading Endpoint Availability and Governance Solution to Cloud Data with Microsoft Office 365 Integration. Or qualm your concerns about data governance in the cloud with this insightful report: