Subscribe to Recent Blogs feed
Updated: 1 hour 33 min ago

From BYOD to WYOD: Get Ahead of Wearable Device Security

October 22, 2014 - 9:54am
Blog Image: 

 

Wearable technology is the new “it” thing. From FitBit, to Google Glass, to Samsung Galaxy Gear, and now the Apple iWatch, users are literally arming themselves with the latest gadgets. This is particularly true among early adopters who are counting the days until the release of the Apple iWatch.

While early adopters used to represent only a small number of technology trendsetters, a 2014 study found that of individuals aged 18 to 44, 56% say they have been the first among their friends, colleagues or family members to try a new product or service. With soon-to-be-launched devices promoted widely online and user reviews instantly pushed out to the masses via social media, anyone can step forward to be the first in line to make a purchase – including employees at your company.

This means enterprise IT teams also need to be one step ahead of the trends. While this doesn't mean that IT needs to camp out overnight at the Apple store , it does mean that IT needs to anticipate what devices will be coming into the workplace and how to keep enterprise security intact. According to a global forecast by CCS Insight, wearable device shipments are expected to hit 22 million this year, up from 9.7 million in 2013, and will continue to grow to 135 million in 2018. The age of Wear Your Own Device (WYOD) is here, and IT needs to include these devices into their security strategies to make sure that any corporate data accessed on these devices is secure. Wearable devices are promising users easy access to applications and data on smartphones, which could eventually include enterprise information.

So it's not too early to start planning how to extend your BYOD policy beyond smartphones to WYOD. Wearable tech is considered fun and hip, but from an enterprise standpoint it needs to be taken seriously. While WYOD offers opportunities for increased mobile productivity it needs to be worked into an organization's overall mobile security strategy. 

Tags:  BYOD, Mobile Productivity

Best Practices for Remote Wipe on Mobile Devices

October 16, 2014 - 10:28am
Blog Image: 

 

Remote wipe has become a fact of life for enterprise IT as more organizations adopt Bring Your Own Device (BYOD) policies and as more employees acquire a wide variety of smartphones and tablets. Mobile device management company Fiberlink Communications Corp. reported that it wiped 51,000 devices in the second half of 2013, and 81,000 devices in the first half of 2014, according to the Wall Street Journal.

There are several reasons why an enterprise might want to remote wipe the contents of a mobile device, especially if that mobile device is known to be storing confidential business data, including:

  •        The device has been lost or stolen
  •        The device belongs to an employee who has quit the organization or been fired
  •        The device contains malware that is attacking the enterprise network or other resources from a remote location

Some remote wipe operations erase the entire contents of the mobile device. Other remote wipes erase only part of the data, such as the folders and apps known to be used for business.

Challenges with Remote Wipe

One of the challenges with remote wipe policies is that employees highly value the personal data on their mobile devices, but undervalue the business data on those devices.

Recent polls have found that:

  •        15% of mobile workers believe they have little or no responsibility to protect the data stored on their personal devices
  •        59% estimated the value of the corporate data on their phones to be less than $500
  •        About 33% of employees who had lost their phones did not change their habits afterwards

This means that employees sometimes delay reporting lost devices, because they fear the IT department will erase personal files such as photos as well as business data. These delays leave business data vulnerable and potentially available to whoever finds the device and manages to access its files.

Best Practices

Given these risks and challenges, how should enterprise IT organizations manage remote wipe operations? Here are four suggestions:

  1. Deploy a secure container solution for mobile devices. Secure mobile containers store business data separately from personal data and make it easier for IT administrators to erase business data without affecting personal data. Secure mobile containers offer other security advantages as well, such as improved protection from mobile malware.
  2. Let employees know that the organization’s mobile security solution will never erase their personal data. This eliminates any reason for employees to delay reporting lost or stolen devices.
  3. Educate employees about the importance of protecting the business data on their mobile devices. Business data is often much more valuable than the $500 cited by employees in polls. Customer data in regulated industries, for example, could lead to fines costing tens of thousands of dollars or more if it were to be exposed. The loss of other business data, such as product plans, could lead to the erosion of a company’s competitive advantage. Employees should realize that a $200 smartphone might contain data of inestimable value.
  4. Track the use of business services on mobile devices. If a device known to contain business data has not accessed any enterprise servers in many weeks, chances are the device is no longer in the owner’s possession and its data may be vulnerable. Upon detecting a suspiciously quiet device, the IT department might want to contact the device owner and make an inquiry.

To learn about the remote wipe capabilities and other security features of the kiteworks solution, read here.

 

Tags:  Data Security and Compliance, Mobile Productivity

The Home Depot Breach: What’s at Stake?

October 7, 2014 - 12:03pm
Blog Image: 

 

Retailers love to earn the number one spot for holiday sales or profit margins, but lately some big names are holding a leading role that is considerably less desirable. Home Depot recently took the number one spot for the biggest data breach in retailing history when an estimated 56 million customer credit cards were compromised. The advancements of cyberhackers means that all retailers are at risk of a digital attack on their POS systems, and the likelihood of another attack being announced in the near future is high. 

The true fallout from this attack remains to be seen, but based on the impact from other breaches at other organizations it likely won’t be pretty. When confidential information gets into the wrong hands, consumer confidence takes a huge hit, causing current users to walk and making others hesitant to become new customers down the line. The bottom line: a data breach comes with a hefty price tag.

Research conducted by the Ponemon Institute – “2014 Cost of a Data Breach Study” – shows just how expensive a breach can be:

  • The organizational cost of a data breach increased from $5.4 million in 2013 to $5.9 million in 2014.
  • The average cost for each lost or stolen record containing sensitive or confidential information increased from $188 in 2013 to $201 in 2014.
  • Organizations are losing more and more customers following a data breach, with the average rate of customer turnover or churn increasing by 15% since last year.
  • Data breaches caused by third parties increased per capita costs by $25.
  • The cost of lost business – from customer churn, reputation losses, diminished goodwill and increased customer acquisition activities – increased from $3.03 million to $3.2 million.

The reality is that no organization can afford to fall prey to a security attack and yet someone will eventually take over Home Depot’s number one spot. With each new breach headline comes a stark reminder that proactive, agile security defenses are a must to increase resilience to such events. To truly ensure that all data and content is secure, enterprises need to look for solutions that both protect information from outsider attacks, as well as from inadvertent leaks from internal employees.

 

Tags:  BYOD, Private Cloud File Sharing, Technology

The Home Depot Breach: What’s at Stake?

October 7, 2014 - 12:03pm
Blog Image: 

 

Retailers love to earn the number one spot for holiday sales or profit margins, but lately some big names are holding a leading role that is considerably less desirable. Home Depot recently took the number one spot for the biggest data breach in retailing history when an estimated 56 million customer credit cards were compromised. The advancements of cyberhackers means that all retailers are at risk of a digital attack on their POS systems, and the likelihood of another attack being announced in the near future is high. 

The true fallout from this attack remains to be seen, but based on the impact from other breaches at other organizations it likely won’t be pretty. When confidential information gets into the wrong hands, consumer confidence takes a huge hit, causing current users to walk and making others hesitant to become new customers down the line. The bottom line: a data breach comes with a hefty price tag.

Research conducted by the Ponemon Institute – “2014 Cost of a Data Breach Study” – shows just how expensive a breach can be:

  • The organizational cost of a data breach increased from $5.4 million in 2013 to $5.9 million in 2014.
  • The average cost for each lost or stolen record containing sensitive or confidential information increased from $188 in 2013 to $201 in 2014.
  • Organizations are losing more and more customers following a data breach, with the average rate of customer turnover or churn increasing by 15% since last year.
  • Data breaches caused by third parties increased per capita costs by $25.
  • The cost of lost business – from customer churn, reputation losses, diminished goodwill and increased customer acquisition activities – increased from $3.03 million to $3.2 million.

The reality is that no organization can afford to fall prey to a security attack and yet someone will eventually take over Home Depot’s number one spot. With each new breach headline comes a stark reminder that proactive, agile security defenses are a must to increase resilience to such events. To truly ensure that all data and content is secure, enterprises need to look for solutions that both protect information from outsider attacks, as well as from inadvertent leaks from internal employees.

 

Tags:  BYOD, Private Cloud File Sharing, Technology

The Apple-IBM Alliance: Illuminating the Future of BYOD

October 2, 2014 - 9:40am
Blog Image: 

 

The mobile revolution, while firmly embedded in the consumer world, is now beginning to hit its stride in the enterprise world. This can be seen in the recent announcement from Apple and IBM, whose strategic alliance to develop joint solutions leveraging Apple devices and IBM software is an important next step for how enterprises consider mobile technology.

Ginni Rometty, IBM’s CEO, described the partnership as combining two complementary sets of assets, stating that IBM has the big data, the analytics capabilities, the integration work, and the cloud. On the other hand she mentions that Apple has the devices, the development environment, and the focus on usability. The combination of these elements is what will make a truly groundbreaking enterprise experience on mobile devices.

So what can we conclude from the Apple/IBM alliance?

  • iPhones and iPads, are clearly ready for enterprise-grade computing. Whatever skepticism businesses had about the iPhone back in 2007 and 2008 has largely dissipated, so much so that IBM is willing to bet major R&D and sales initiatives on iOS devices.
  • Enterprises like iOS devices, but they’re also looking for a mature software platform with proven capabilities in the areas of security, scalability, and control.
  • IBM and Apple see the opportunity to  bridge the gap between consumer mobile devices and enterprise-grade solutions for data access, data management, and communication.

We agree - the enterprise is ready to seriously take on the mobile revolution. At Accellion we have already begun bridging the enterprise mobile gap by enabling secure file sharing, synchronization and collaboration on mobile devices. The kiteworks solution enables business users with iPhones, iPads, Android devices and Windows Phones to have access to their enterprise content wherever it is stored inside or outside the firewall to be able to share and collaborate on those files securely. The kiteworks platform provides rigorous security features such as 256-bit encryption, built-in AV scanning, and rule-based access controls, along with critical enterprise features, such as LDAP support, Data Loss Prevention (DLP) support, and essential enterprise content connectors for integrating mobile solutions with existing enterprise infrastructure and enterprise content systems.

I’m looking forward to see what kind of enterprise solutions for analytics, cloud services, and mobility Apple and IBM create through their best-of-breed partnership. There should be interesting opportunities for combining our enterprise mobile technologies to unleash the productivity gains of a mobile workforce.

Tags:  BYOD, Mobile Productivity

Lessons from the Apple iCloud Data Leak

September 23, 2014 - 9:53am
Blog Image: 

 

The theft of celebrity photos from Apple iCloud is a stark reminder of the need to think twice before storing data.  For many people using a Mac the default behavior is to automatically back up and save data to iCloud. It's wonderfully appealing and convenient and seamlessly integrates into practically everything you do on the Mac.  In fact it is so easy most people don't think twice about what they are storing and that is where the problem begins.  

When I recently updated my Macbook it felt as if I was being repeatedly nudged, reminded, coaxed, and invited to store my data in iCloud. Saying "no" to each of these invitations wasn't easy and most people cave in quite quickly, because they think "what could be the harm?" The recent Apple iCloud scandal clearly illustrates the potential risks. While in this case the target of the iCloud theft was celebrity photos, the theft could have been similarly damaging to a business if sensitive information had been stolen and shared.  

One of the biggest concerns that companies have around cloud technologies is the security of their digital content. Personal pictures are one thing, but it’s important to remember that companies manage sensitive data ranging from upcoming product plans to employee personnel files every single day, and that it all needs be secured. That’s why, instead of allowing employees to use solutions such as iCloud for work-related information, companies must take the time to map out a cloud security strategy and deploy enterprise grade solutions to share and store their business data.

The Apple iCloud scandal offers several important lessons:

  • Use Two-Factor Authentication: Two-factor authentication that requires the user to enter not only a password but also a one-time PIN sent to a trusted cell phone should be the default setting for cloud-storage services. While it is possible to set up two-factor authentication for iCloud, it was not easy or obvious how to do so.  If the victims’ accounts had been configured to require two-factor authentication, the hackers would not have been able to log in even knowing the account passwords.
  • Store With Care: While automatic backup and sync makes life easy, it is not always the best bet when you’re working with sensitive materials.  For work, this sensitive information could include personal data from employment records, financial data, customer information or product roadmap details. Ensuring that sensitive material is only being saved into secure solutions is essential for sensitive work-related information.
  • Trust Private Clouds: For the highest degree of confidence in and control over cloud storage, enterprises should deploy private-cloud solutions, so they are not at the mercy of the security practices (and security lapses) of third-party software providers.

So what do I use to securely sync and store my work information and make sure I have a backup?

I use Time Machine with an external hard drive to make sure I can easily restore all my content if my computer gets damaged or when I want to copy over all my content to a new machine.  And to help me do my work on a daily basis I use kiteworks by Accellion for syncing and sharing information across my iPad, iPhone and Macbook since it encrypts all data in transit and at rest, supports two-factor authentication, and automatically detects and stops brute-force password attacks.

So next time that pop up window invites you to store data to iCloud - remember the celeb photos scandal and think twice. By deploying kiteworks on trusted private clouds, enterprises can greatly reduce their vulnerability to sensitive information being exposed.

 

Tags:  Data Security and Compliance, Private Cloud File Sharing

Creating The Best Fantasy Sharing Team of 2014

September 16, 2014 - 9:24am
Blog Image: 

 

The sight of trees turning golden red, and the sounds of grown men screaming at the TV can only mean one thing – its football season. But why accept only the players your team’s coaching staff has chosen? Why not go the extra yard, go beyond what Harbaugh was able to do, and create the best team of 2014?

And that is why fantasy football was invented.  So those of us obsessed with creating football perfection had an outlet for our overwhelming knowledge of player stats and competitive line-ups. Because even if the abysmal performance of the Cowboys’ Tony Romo was dragging down your score in week 1, you could have had the Seahawk’s Marshawn Lynch to pick up a slew of points and balance it all out.

This same pick-and-choose mentality should be applied to content storage, management and access. No one wants to be locked into one silo for content, we want to pick and choose those solutions that work best for us, for each type of content we work with. This way we can get to job done, as quickly and easily, as we need.

That mentality is why we here at Accellion are launching our kiteworks cloud content connectors to Box and Dropbox. Mobile employees have content stored in multiple content repositories, both inside the corporate firewall in solutions like Microsoft SharePoint, and in external cloud storage silos like Box. End users need a way to access all of their content from one common management tool, while IT teams want visibility into all sharing and activity for compliance requirements.

The new cloud connectors will provide both end-users and IT teams with what they want. kiteworks now offers seamless integration with Box and Dropbox, making mobile file sharing a breeze, while honoring existing security settings and access controls to ensure data stays secure.

These cloud connectors join other storage favorites in Accellion’s connector roster, including Microsoft SharePoint, Documentum, OpenText, Google Drive and OneDrive. With Accellion you no longer have to choose one team, you can pick your favorite storage players, and make sure that your content sharing and management is customized for your needs.

Learn more about both of these connectors here

Tags:  Data Security and Compliance, Enterprise Content

Taking kiteworks Global with our New Partner Program

September 9, 2014 - 9:50am
Blog Image: 

 

Disruptive technology advancements will always drive shifts in channel sales behavior, as both vendors and solution providers move towards new requirements and solutions. We’re seeing this in the market now, as mobile solutions continue to evolve and enterprises struggle to deploy the right kinds of technologies to support business benefits and assist in transformation of their old business models to new ones.

That’s why we’ve launched a new global kiteworks channel partner program, to make it easier for partners to create new recurring revenue streams while enjoying increased margins selling the Accellion kiteworks solution. It will create a new recurring revenue model for partners, with low overhead costs, that will increase channel margins year-over-year. A services add-on business based on partner-led installs, implementations and value-added applications consulting will also support channel partner growth.

In conjunction with the new program, Accellion is launching an online Partner Portal, where channel partners can efficiently access marketing content, track leads and register deals while receiving real-time support from the Accellion team. From within the portal, partners can find collateral and ready-to-go content, such as program guides, use cases and solution briefs to leverage in their sales cycles, as well as technical and business knowledge transfer, to help improve their bottom line.

The program is built around our kiteworks solution, an enterprise mobile content solution with broad customer appeal in horizontal and vertical market segments and attractive product margins, which was recently named a Leader in Gartner’s 2014 EFSS Magic Quadrant. We at Accellion aren’t religious about channels, but instead are very pragmatic – kiteworks is best delivered through a partner network that adds value in these different ways.

The key to a successful channel program is to create a long-term sustainable vision that can be shared between partners and the vendor. It’s a vital piece of having sustainable growth in the enterprise world, and Accellion is looking forward to growing our channel through this new partner program.

 

 

Tags:  Mobile Productivity, Technology

Healthcare Organizations Suffering Data Breaches from Stolen Devices

September 5, 2014 - 10:18am
Blog Image: 

 

There have been so many news stories of sophisticated data breaches lately that it’s easy to overlook more mundane ways that confidential data can be lost or stolen.

Unfortunately, ordinary data breaches still occur. For example, earlier this year two healthcare organizations cumulatively lost tens of thousands of data records earlier this year because of lost USB flash drives or data sticks. The data breaches were large enough to trigger the HIPAA requirement that they be listed on the data breach Web site of the Department of Health and Human Services.

As the U-T San Diego (formerly the San Diego Union-Tribune) reported about Palomar Health’s data disclosure affecting 5,000 patients:

About 5,000 patients of Palomar Health had personal information — including medical diagnoses — stolen last month when someone swiped a company laptop and two flash drives from an employee’s SUV, a company official announced Friday. The laptop was encrypted, but the two flash drives were not. . . .

The flash drives contained the personal information of more than 5,000 patients, including their names, dates of birth, and information related to their diagnoses, treatments and insurance. It also included 36 Medicare identification numbers. Neither medical records nor financial information were on the stolen flash drives, according to a Palomar Health spokesperson.

Employees taking laptops, tablets, and smartphones home is one of the leading factors in the productivity boost associated with BYOD policies and mobile computing. But as this story shows, taking mobile devices home can be risky, especially when the data on those devices isn’t encrypted.

Of course, mobile devices and data storage peripherals can be stolen from offices, too. That’s what happened in a data breach affecting nearly 34,000 patients in Northern California. As the North Bay Business Journal reported:

Santa Rosa Memorial Hospital said data on about 33,000 patients were stolen during an early June burglary. A computer “thumb drive” with information on patients X-ray went missing from an outpatient imaging center.

The following day, hospital officials learned the drive was missing from the locker of a staff member who had backed up X-ray records on the drive in preparation for a data migration to Santa Rosa Memorial’s electronic medical records system.

The drive contained references to 33,702 patients who received services at the site from Feb. 2, 2009, through May 13, 2014. That information included the patient’s first and last names, gender, medical record number, date of birth, date and time of service, area of the body imaged, the X-ray technologist’s name and the radiation level required to produce the X-ray, in compliance with patient-safety standards.

Unencrypted flash drives and data sticks are simply too risky to be used for storing confidential data such as Patient Health Information (PHI). A better approach is to store confidential data in secured clouds (preferably private clouds) where it can be accessed only by authorized devices. If data is encrypted and access controls always enforced, data will be safe whether devices are at home or in the office. Then organizations can benefit from the employees 24/7 access to their devices without the risk of data loss.

Tags:  Data Security and Compliance, Healthcare, HIPAA

Balancing the Longer Hours of a BYOD Worker with Greater Security Risks

September 3, 2014 - 9:22am
Blog Image: 

 

Three out of four managers surveyed recently by BMC Software say BYOD is a big productivity boost.

There’s a very good reason for this - at the end of the day, employees bring those same devices home, where they use them for additional work late in the evening and early in the morning. That extra work would be difficult or impossible to accomplish if the only computers employees had were desktop systems that stayed in the office.

As CIO reported in its summary of BMC Software’s findings: “The average BYOD-carrying employee works an extra two hours and sends 20 more emails every day. One out of three BYOD employees checks work email before the official start of their work day, between 6 a.m. and 7 a.m.” The employee who checks email at 7 already has a head-start on the day when he or she arrives in the office at 8 or 9.

Enterprises are clearly benefitting from this extra productivity, but the BYOD revolution brings risks as well as benefits. The survey found that enterprises are not adequately addressing the security risks of BYOD. The survey reported that:

  • 72% of enterprises offer no security training for BYOD workers.
  • 43% of companies have no official BYOD policy and allow any kind of mobile device.
  • 42% have already experienced a serious data breach.

Enterprises surely appreciate the extra hours that BYOD workers are putting in, but IT departments should make sure that those workers had adequate security training and security tools, so that BYOD work habits do not lead to data breaches, mobile malware infections, or other types of security threats. If a BYOD data breach were to lead to lost competitive advantage or a hefty regulatory fine, those 20 extra emails a day will hardly be worth the price.

Tags:  BYOD, Data Security and Compliance, Mobile Productivity

Only You Can Prevent Data Leaks

August 29, 2014 - 10:08am
Blog Image: 

 

A staggering 822 million records were exposed by data breaches in 2013, according to research firm Risk Based Security. Data breaches compel organizations to look at their network infrastructure and security processes, and shore up areas where inadvertent data leaks are taking place.

The use of free online file sharing and syncing solutions is an overlooked area that leaves organizations vulnerable to unintentional data leaks. While most employees would not consider using a non-corporate sponsored email system, those same employees often readily collaborate through a free file-sharing service, because it is often easier to use than what is available from their employer.

Unfortunately, IT departments are often unaware or turn a blind eye to ad-hoc unmanaged and controlled file sharing activity Compounding the problem, many of these ad-hoc file sharing solutions offer little user authentication, encryption, tracking or audit controls. As a result sensitive data can be shared with unauthorized users without being screened by data leak prevention (DLP) or other security solutions often deployed for corporate tools such email.

Instead of ignoring the issue at hand, IT departments and senior managers should accept that employees need an easy way to collaborate without putting the company at risk. Ask these key questions to determine which solution ensures your organization's data security:

  1. Will employees be sharing sensitive or confidential information? If the material is sensitive or confidentially, there is definitely a need for encryption both at rest and in transit, no matter what deice is being used to share the content.
  2. Will employees collaborate on files and get input from multiple parties inside and outside of the company, on a variety of platforms and devices? If yes, then the solution must be extensible inside and outside of the corporate firewall, be device and platform agnostic, as well as have features for version control and data backup.
  3. Do you need to be concerned with the location of stored information? If this is a concern, the solution must be able to host content in specific geographic regions for data sovereignty, or in an on-premise private cloud that complies with international regulations.
  4. Do you have compliance controls and authentication policies in place for email or other content management solutions? If so, you'll need the same level of control for your file sharing and sync solution, including user authentication, integration with content filtering solutions, and tracking access logs.

The days of turning a blind eye and ignoring ad hoc, BYOD solutions are over.  You should answer these four questions to set your company practices around sharing information to avoid the worst-case scenario of sensitive data leaking outside the company.

 

 

Tags:  Data Security and Compliance, Enterprise Content

Bringing More Transparency to our Industry

August 26, 2014 - 8:50am
Blog Image: 

 

As anyone who follows the EFSS market can tell you, it's an insanely crowded and competitive space to operate within. In order to stay ahead, you need to make sure potential customers understand exactly what benefits they're getting from your solution.

More and more often IT departments need to go past the "operationally desirable" statements from vendors, and quantitatively prove the ROI of potential investments their team is making in hardware or software. After hearing this from our customers, we wanted to step up and provide the type of transparency they're requesting.

That's why we worked with the Enterprise Strategy Group (ESG) to create an economic value analysis calculator, to provide transparency into the benefits we're providing to customers, as well as break out the costs of our solution compared to pure public cloud vendors. IT teams want to understand real advantages and financial models of solutions, not be offered generalization of potential benefits they could see in the future.

I want our industry to be more like the automotive industry, where consumer or company purchases can be based on a number of comparative factors from third-party agencies like Edmunds or Consumer Reports. Whether buyers are looking for luxury, fuel economy, or industrial strength, they're able to choose the right vehicle to fit their personal or professional requirements, because the ROI is easily understandable. This kind of accountability and transparency is even more crucial in our ever shifting mobile and cloud computing enabled world and should be better implemented across all technology verticals.  

EFSS solutions are a critical part of how all enterprises get work accomplished, as content is shared, created, synced and edited day-in and day-out. Companies should be able to evaluate the true ROI that we an dither vendors are offering, and make an informed decision about what solution is best for the bottom line of their business.

To learn more about the ESG economic value analysis of EFSS, click here

Tags:  File Sharing, File Sync, UX

Gartner Predicts Rise of the Digital Risk Officer

August 22, 2014 - 11:12am
Blog Image: 

 

The number of devices connected to enterprise networks is skyrocketing. One reason is mobile computing. Mobile workers in the US now carry on average 3 mobile devices, according to a recent survey by Sophos. Fifteen years ago, each of those workers would have connected to the network through a single desktop computer. The number of devices storing business data and connected to the network per employee has tripled (or quadrupled for those employees who still have desktop computers in addition to their mobile devices). And unlike the devices of a decade or more ago, many of these devices have been selected and configured by employees themselves, regardless of whether or not the organization has officially adopted a Bring Your Own Device (BYOD) policy.

Another reason for the increase in devices is the ongoing rapid adoption of special-purpose networked devices, a trend that Gartner and others now refer to as the Internet of Things (IoT). Gartner defines the IoT as “the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.” Examples include surveillance cameras, environmental monitoring systems, and factory automation systems. Gartner says that there were 0.9 billion of these devices in 2009, but by 2020 there will be 26 billion—a 30-fold increase.

All those devices and connections create risk for data confidentiality and integrity, which is why Gartner is now predicting the rise of a new executive role, the Digital Risk Officer. According to Gartner:

More than half of CEOs will have a senior "digital" leader role in their staff by the end of 2015, according to the 2014 CEO and Senior Executive Survey by Gartner, Inc. Gartner said that by 2017, one-third of large enterprises engaging in digital business models and activities will also have a digital risk officer (DRO) role or equivalent.

By 2020, 60 percent of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. IT, operational technology (OT), the Internet of Things (IoT) and physical security technologies will have interdependencies that require a risk-based approach to governance and management. Digital risk management is the next evolution in enterprise risk and security for digital businesses that are expanding the scope of technologies requiring protection. . . .

The advent of the Digital Risk Officer is another sign of just how vast are the changes taking in place in enterprise IT. Connected corporations are becoming hyperconnected as the number of devices multiplies. Services are moving to the cloud, and access is moving from cubicle-tethered desktops to smartphones and tablets. Networks, many now running at speeds of 10G or faster, are supporting more devices and more types of data than ever before.

As Gartner points out, when access is everywhere, risk is everywhere. BYOD and the IoT can make enterprises more agile and productive, but they also introduce new vulnerabilities and security hazards. The next data breach could come from a smartphone, tablet, or networked sensor (many of which were designed without security in mind).

But risk management isn’t the only challenge facing enterprise management teams grappling with the implications of their hyperconnected infrastructures. Keeping security in mind, they should look for ways to re-engineer services and processes to take full advantage of the connectivity and agility enabled by BYOD and IoT. The goal should be to create not only IT services that are more extensive and secure, but also a workforce that is more productive and enthusiastic.

Tags:  BYOD, Data Security and Compliance

The Lesson from Shadow IT? Workers Want Easy-to-Use Services for Getting Work Done

August 19, 2014 - 10:22am
Blog Image: 

 

The phrase “Shadow IT” refers to products and services used by employees without the knowledge or approval of the IT department.

Shadow IT is everywhere: it can be found in just about any department of any organization. When Frost & Sullivan surveyed line of business (LOB) and IT managers, they found that 80% of respondents admitted using non-approved SaaS applications for their work. Moreover, the survey found:

Non-approved applications represent a sizable proportion of all SaaS apps used in a company. According to respondents, the average company utilizes around 20 SaaS applications; of these, more than 7 are non-approved. That means you can expect that upwards of 35 percent of all SaaS apps in your company are purchased and used without oversight.

Popular categories of shadow IT applications include business productivity, social media, file sharing, storage, and backup, according to the survey.

Why are employees using shadow IT? Frost & Sullivan found that these employees just want to get their jobs done. Many shadow IT users felt that the applications they selected met their needs better than those selected by the IT department. In some cases, the employees were already familiar with the applications they selected, and they felt further swayed when the applications were free. In many organizations, there was confusion about who had the authority to select an application: was it the department or IT? Lacking clear guidance from management, employees decided to act for themselves.

If this ad hoc provisioning seems to be meeting employees’ needs, why not just let it continue? Unfortunately, enterprises must stop shadow IT, because it creates enormous security risks and can lead to data breaches and regulatory fines.

How can an enterprise—especially an enterprise in a highly regulated industry such as financial services or healthcare—possibly keep track of all its confidential files if employees are posting files to an ad hoc collection of unmonitored public-cloud file sharing services? How can the finance department of any public company claim it is complying with Sarbanes-Oxley requirements for managing the distribution of financial data, if it has no idea how its files are being distributed?

Files leaked through shadow IT can make the shadow itself especially long, dark, and gloomy, once data breaches are publicized and regulatory penalties accrue.

Enterprises need to take action.

First, they should establish clear policies about who can select which type of application. If IT is in charge, this should be made clear. If departments have leeway to select certain types of applications, that, too, should be made clear. Next, enterprises should educate employees about the risks of public-cloud services that might leak files or admit malware to the network.

Finally, enterprises should select and provision SaaS services that are as powerful and easy-to-use as those being used in shadow IT. Employees are turning to applications to get their work done. Enterprises would be wise to select applications and services that let their employees do just that.

Tags:  Data Security and Compliance, Financial Services, Private Cloud File Sharing

In-house Counsel Should Take BYOD Risks Seriously

August 14, 2014 - 8:50am
Blog Image: 

 

In many organizations, decisions about mobile technology are made primarily or exclusively by the IT and IT security departments working together.

All too often, there’s one department that’s left out of these discussions:  the organization’s own legal team, and In-house Counsel. This omission is unfortunate. Legal counsel is familiar with laws, including the latest rulings about electronic discovery and data privacy, and others issues pertaining to liability and risks. Enterprises would be wise to consult in-house counsel when establishing employee policies about data confidentiality, BYOD, and use of mobile devices. There’s another reason, too, for consulting in-house counsel when mobile security policies are being formulated. In the unfortunate case that mobile technology leads to a data breach or regulatory violation, in-house counsel will likely end up spearheading the response. If the company’s legal team has the opportunity to offer guidance before a possible breach or violation occurs, then the opportunity for legal surprises is minimized.

In a series of articles for InsideCounsel Magazine (here and here), attorney and legal security expert Matt Nelson explains why inside counsel should be involved in mobile security decisions from the start. He makes the following points about legal issues and a mobile workforce:

  • Whether a company adopts a BYOD policy and allows employees to use personal devices for work or rejects BYOD requests and issues all employees company-sanctioned mobile devices, the legal liability is roughly the same. Employees are going to mix personal data and business data on their mobile devices regardless. Enterprise IT organizations should plan accordingly and deploy security solutions that protect business data, regardless of who owns the device.
  • Data stored on mobile devices may be discoverable (that is, required by a court to be presented as evidence by a specific deadline). The IT organization may need to have technology for tracking and retrieving material information stored on mobile devices, including devices owned by employees. Nelson cites a recent case from Illinois: For example, in In re Pradaxa Product Liability Litigation, the Southern District of Illinois recently fined defendants $931,000 to encourage them “to respect this court and comply with its orders.” Central to the order was defendants’ failure to preserve text messages on employees’ mobile phones.
  • Data on mobile devices is at risk. Mobile malware is proliferating, and lost devices usually compromised. Nelson describes an experiment in which Symantec left 50 mobile phones in public locations in 5 different cities to see how the phones would fare when discovered by strangers. In 96% of the cases, people who found phones tried to access their data. Only half of the people who found the phones attempted to return them. The experiment demonstrated that enterprises cannot assume that lost devices will be returned or left untampered with. On the contrary, a lost device is likely going to result in a data breach, even if it’s only a minor one.

Nelson’s advice for enterprises? IT teams should bring their In-house Counsel and legal teams to the table when defining security policies. Also any mobile security solutions should provide IT administrators and legal counsel with the ability to monitor, track, and retrieve data on mobile devices. In addition, mobile security solutions should guard against mobile malware and protect data on devices that are lost or stolen.

In my judgment, Nelson makes a solid case.

 

 

Tags:  Data Security and Compliance, Legal, Mobile Productivity

Can't All of Your Enterprise Content Just Get Along?

August 12, 2014 - 10:59am
Blog Image: 

 

In how many different places does your enterprise data reside? Think about what’s stored on-premise versus in the cloud. Are you using SharePoint and other ECM systems? What about Google Drive and Microsoft OneDrive? Have you lost count?

If you’re like the majority of organizations, your enterprise information is taking on a life of its own. A survey by AIIM, “Get More from On-Premise ECM,” found that 40% of enterprises say they are looking to put some of their active documents in the cloud, while leaving static documents or historical records on-premise. Plus, more than 50 % of companies already have three or more storage solutions in place.

Therefore, it should come as no surprise that employee productivity is taking a hit, with users struggling to find the information they need when they need it. This is particularly true when trying to share information with customers, prospects or others outside of the company. A separate AIIM survey, “Content Collaboration and Processing in a Cloud and Mobile World,” revealed that 71% of users believe their organization has shortfalls in technical support for external collaboration.

The last thing you want is a complex, tangled web of content that frustrates users, hinders mobile access and potentially compromises security. Yet, here you are.

Wouldn’t it be nice to have one solution that enables collaboration regardless of where content is stored? One solution that provides a consistent user interface for accessing, reviewing, editing and sharing information on the go? One solution that supports your company’s security and auditing policies across numerous storage systems? Are you nodding your head yes?

To address this issue, we created our kiteworks content connectors, which allow you to accomplish exactly that and more. And today we’ve announced our new cloud connect connectors (LINK to release), enabling enterprises to access data stored in Google Drive for Work and Microsoft OneDrive for Business. We bridge the gaps between your existing content and your users – connecting and unifying data located in the cloud and on-premise.

Whether your information is stored in Google Drive, Microsoft SharePoint, Microsoft OneDrive, Windows File Shares, Documentum, OpenText or Distributed File Systems, your users gain ubiquitous mobile access, easy file sharing and secure collaboration. Learn more about how simple it is to connect your content

Tags:  Enterprise Content, UX

New Study Finds Enterprises Struggling with BYOD

August 7, 2014 - 9:26am
Blog Image: 

CompTIA, a non-profit trade organization for the IT industry, recently released its Third Annual Trends in Enterprise Mobility study, surveying 400 business and IT executives responsible for mobility policies and processes. The study might have been expected to find widespread enthusiasm for BYOD and a nice smattering of success stories, but it didn’t. Instead it found that U.S. companies of all sizes are having difficulty managing their mobile deployments and realizing all the benefits of mobility promised by BYOD enthusiasts.

Specifically, the study found:

  • Over 70% of organizations “have made some level of investment to build out mobility” solutions.
  • 55% of organizations have implemented some form of BYOD—a figure much lower than the 95% cited in a recent study by Cisco.
  • Just 30% of companies put formal mobility policies in place.
  • Just 8% have adjusted workflow to account for mobile technology.

The top investment is mobile devices. BYOD hype notwithstanding, many companies are providing employees with smartphones and tablets, rather than counting on or requiring employees to provide their own devices.

  • Small companies are struggling to support and integrate mobile devices and mobile services.
  • Mid-sized companies are struggling to balance end user needs with those of the IT department.
  • Large companies are struggling to support and integrate a large number of devices.

What can one conclude from these findings? Here are several thoughts.

First, mobility is being added to, rather than integrated with, legacy infrastructure. Why? Integration has been difficult. Mobile Device Management (MDM) solutions are designed for managing, provisioning, and tracking mobile devices. They do nothing to make it easier for a mobile worker in the field to be productive, including quick, easy, and secure access to important files stored behind the corporate firewall in enterprise content management systems such as Documentum or SharePoint. Employees might be carrying multiple mobile devices, but the IT infrastructure and file access controls are still centered on the desktop. For now, enterprises are desktop-first, mobile-second.

The other conclusion follows from the finding that only 8% of organizations had adjusted their workflow to account for mobile devices—that even now, many years into the BYOD revolution and 7 years after the iPhone was introduced, business processes still assume that employees are sitting at their desks, staring into big screens and typing on full keyboards.

Until mobile services are more fully integrated into legacy systems, it is going to be difficult for companies to reshape their workflows to take advantage of mobile devices. Think about it: How can you streamline a workflow if a mobile user still has to struggle with a VPN on a smartphone to access a Web form that’s still hosted behind the firewall and designed for desktop users? Mobile workflow optimization depends on integration, and integration—for too many enterprises—has been a struggle.

However impressive the ROI and productivity gains are that enterprises have achieved with mobile technology so far, they’re only a fraction of what will be achieved once enterprises adopt a mobile-first infrastructure.

We know that employees are spending most of their online time now on smartphones and tablets. When IT services are available—with convenience and without compromise—on those same small, portable devices, the real revolution will begin.

Tags:  BYOD, Enterprise Content, Mobile Productivity

What Every Marketing Leader Needs to Know About Mobile

August 5, 2014 - 2:36pm
Blog Image: 

Mobile technology represents not only a revolution in how buyers research and purchase goods and services, but also represents a revolution in how marketing teams are able to create, and deliver, marketing messages and tools. However, for most marketing organizations the benefits of mobile as an enhancer of productivity are mostly untapped. Marketing leaders need to wake up and realize that mobile technology offers the opportunity for dramatic improvements in productivity through faster collaboration and information sharing both internally and externally. 

  • A recent survey by Polycom found that 35% of respondents find it hard to share content with others in a remote meeting, much less find a way to collaborate during it.
  • 86% of marketers lack coordination with other teams within the company and 85% lack coordination within their own team, according to a recent Marketo survey.
  • 28% of marketers believe that marketing investments should focus on collaboration tools, according to a survey by The Economist Intelligence Unit.

So what are the four key mobile technology capabilities that every marketing leader needs to put in place for the mobile marketing magic to happen?

  1. Secure mobile collaboration tools that work across any smartphone, tablet, laptop and desktop so that work can keep moving forward wherever the marketing team members find themselves.
  2. Easy, secure sharing of marketing content with internal and external parties from any device, since marketing often involves both internal team members and many outside vendors.
  3. Secure access to marketing materials from any device that allows everyone on the marketing team to stay in sync with the latest versions and keep projects moving forward inside and outside the office.
  4. Mobile protection of confidential marketing materials to ensure that the latest product release or SuperBowl video doesn't appear on YouTube prior to launch.

Just ask Chris – a marketing director at a major retailer. Last November, he turned a potential marketing disaster into a marketing victory because he had access to these mobile productivity capabilities. Just prior to launching a huge promotional campaign for Black Friday, one of the key suppliers faced serious production issues, meaning that a highly anticipated product would no longer be available to sell. Chris had to re-do the advertisements and related collateral to remove the highlighted product and substitute another – and fast!

Because Chris had the four key capabilities for mobile magic immediately available, he averted an impending disaster and turned it into a marketing success. Even though Chris was outside of the office he was alerted on his iPhone of the product delivery problems. Using kiteworks by Accellion, Chris was able to easily collaborate and share content with his internal team and the external Webmaster and designer. Updates of redesigned ads and web pages were reviewed and approved as quickly as they were produced, with edit and review cycles conducted while on-the-go. The end result was record-breaking Black Friday sales and a marketer who proved the value of having the four key critical mobile capabilities available and at hand.  

Learn more about how your marketing team can benefit from mobile file sharing and collaboration here http://www.accellion.com/kiteworks-for-marketing-teams.

Tags:  BYOD, UX

Legal Teams Working Faster and Smarter: Mobile Technology Boosts Attorney Productivity

July 31, 2014 - 10:20am
Blog Image: 

Most legal organizations are saying "yes" to mobile as a vehicle to help legal teams work faster and smarter. Corporate Counsel’s “2013 In-house Tech Survey” revealed that 76% of firms allow legal staff to bring their own devices to work.

The survey also revealed that 60% of legal departments report that mobile devices are being used in lieu of laptops when legal professionals are traveling away from the office. Sounds like a recipe for improved productivity on the road, but Corporate Counsel’s survey went on to reveal that these devices aren’t necessarily well integrated into the corporate IT and security environment or legal workflow:

  • Most mobile users only use mobile devices for messaging or document viewing, with more sophisticated uses going untapped.
  • 23% of legal departments have no formal security policy for mobile devices.

This is a little concerning since law firms are not only missing opportunities to boost the performance of legal staff, but are also potentially jeopardizing the confidentiality of client documents. Signing off on a BYOD program can deliver huge benefits, but only if organizations have a secure mobile solution in place to allow staff to productively use their mobile devices for more than checking email.

At Accellion we designed kiteworks Team Starter to help introduce legal professionals, corporate counsel and attorneys to the productivity gains that can be achieved with mobile capabilities to:

  1. Securely create, edit, view, share and print documents right from tablets and smartphones
  2. Easily collaborate with team members, clients and partners on case information
  3. Universally access content no matter where information is stored

Being able to work securely from anywhere translates into improvements in business productivity.

Here’s an example of how:  

Anne is the in-house counsel at OpenSource Software, which makes accounting software. Tax season is approaching which typically means the biggest quarter of the year for the sales team. Tony, one of the sales managers, is just about to close a million dollar deal with a large corporation.

The problem is that the customer is asking for edits to the standard purchase agreement.  The deal is still moving forward but Anne needs to revise the purchase agreement based on input from the customer’s attorney and have all parties sign-off before the quarter closes – in 48 hours.

With kiteworks by Accellion, the deal goes from slow to “go” just in the nick of time:

  • Tony creates a shared folder on kiteworks, granting access to Anne and the customer’s attorney.
  • Anne updates the purchase agreement and uploads it to the folder.
  • The customer’s attorney is alerted that the agreement is ready for review, providing redline comments via kiteworks’ built-in PDF annotator.
  • Anne sees the edits and revises the agreement accordingly.
  • She then assigns a task to the attorney to sign the document.
  • Tony closes the million-dollar deal – with a few hours to spare.

Mobile technology yields real business results by enabling employees to keep business moving forward 24x7.  Learn more about how kiteworks Team Starter helps increase mobile productivity for legal and other teams http://www.accellion.com/kiteworks-for-your-team

Tags:  Collaboration, Legal, Mobile Productivity

Field Work is No Picnic without Mobile Technology

July 29, 2014 - 9:43am
Blog Image: 

Today’s field operations teams face increasing pressure from customers to deliver exceptional services. And if field teams don’t deliver, customers aren't shy about finding another vendor who will. The 2013 Field Service Management Benchmark Survey found that while less than half of organizations (43%) are currently attaining as high as a 90% customer satisfaction rating, most are striving to do better. 

Many organizations are reporting that they are looking to mobile technology to help them improve field operation performance.  Over the next 12 months, more than three-quarters (77%) of field service organizations will have invested in mobile tools to support field technicians and more than 70% will have integrated new technologies into existing field service operations – showing a clear commitment to boosting those satisfaction ratings via mobile.

Here's a typical example of how mobile technology is helping improve field performance.  Paul, a field technician, has detected serious issues with equipment recently installed in the field at a power plant. He cannot begin the reinstall process without the latest version of the equipment manual. If plant operations are halted – whether due to faulty equipment or extended maintenance downtime – business performance suffers and customer satisfaction goes down.

Fortunately Paul is equipped with kiteworks by Accellion, and has real-time mobile access to the necessary data and information in the field to complete the equipment reinstallation rapidly. This means that Paul can keep equipment downtime at a minimum, and deliver superior customer service.

Secure mobile content access enables field operations staff to improve customer service, reduce unexpected downtime and boost productivity.  With kiteworks for Field Operations teams can 

  • Access the complete knowledge base, including reference materials and customer documentation, stored across all enterprise content sources.
  • Take field inspection notes via a mobile device, which in turn can be easily accessed by operations managers and other team members.
  • Collaborate on-demand with expert field office staff and external contractors to more quickly resolve on-site issues and boost overall productivity.

Learn how kiteworks Team Starter increases employee productivity, improves internal and external collaboration and boosts service efficiencies, allowing field operations staff to go well beyond meeting customer expectations.

Tags:  BYOD, Collaboration, Mobile Productivity

Pages