March 17, 2015|
Solving the Last ‘Last Mile Problem’
In today’s collaboration-based world, data is being duplicated, shared and spread through time and space whether we like it or not. Amy Pascal’s recent debacle at Sony Pictures paints a perfect example and proves that maintaining complete control of your personal or corporate data — emails, files or photos — is an impossible feat. We have yet to overcome this challenge because today there is almost zero friction when it comes to sharing data. Want to pull off data from your laptop and get it to your mobile device? No problem. Want to share a 20GB file with a colleague? Easy. It’s no wonder malicious break-ins and insider attacks are becoming more apparent.
Consider a common concept that first stemmed from the telecommunications industry: the last mile. For those unfamiliar, the ‘last mile problem’ is a challenge that businesses of all types face every day. In telecom, It’s a phrase that refers to the final leg of communication networks delivering connectivity to retail customers–the last 20% of the overall network fabric that actually reaches the end-user. Unfortunately, this last 20% more often than not can account for 80% of the overall costs of the entire network. This stark reality has sounded the death knell of many-a-company across a multitude of industries (anyone remember Webvan back in the day?)
Securing sensitive enterprise data as it travels from corporate servers, through firewalls and eventually making it through to a complex web of corporate and BYOD devices and cloud storage platforms, poses its own hugely complex dilemma. When it comes to securing data in this day and age, there really is no endpoint. And in fact, there is no last mile. The combinations and permutations of where data can and does travel is truly never-ending.
So how does one address the never-ending maze of last miles in attempt to secure data? The answer is: you don’t. When it comes to securing data today, you have to look at the problem itself in an entirely different way. You must eliminate the need to have to worry about the last mile altogether, because there is no last mile. Sound like an impossible task? It’s not.
The solution is to actually attach security and control to the data itself and have it follow it wherever it goes, in whatever form that data may take: docs, images, movies, music, SaaS data consumed via a web browser or mobile app, or data originating from a database. Couple that with the power to change security policy and access privileges in real-time, how ever far from the corporate firewall data travels, and the problem of worrying about the last mile literally evaporates.
Solving the last mile problem — by basically obviating it altogether — is a necessary, but actually not quite sufficient solution. There are other vital ingredients that are required to solve for security in a world without borders. Most important among these is striking a careful balance between end-user usability and security. The last decade has seen the balance of power in the enterprise forever shift in favor of end-users over IT. That means security that is not usable, will simply go unused and as a result will be rendered moot and useless. Bearing these facts in mind, here are a couple of basic tenets to live by in a world without borders:
Access control isn’t enough. It’s become our reality that even the most sophisticated access control isn’t good enough because security doesn’t stop at the end-point–it has to reach beyond. Everyone is worried about untrusted cloud providers because the very centralization of information makes them high value targets for unplanned data disclosures and malicious break-ins. The benefits of cloud-based services, like word processing and calendaring which allow multiple users to edit concurrently and in real-time, often come at a cost with potentially sensitive and important data. All too often, security solutions focus heavily on controlling access to data, but have few mechanisms in place to control what happens once access is granted. The value here truly lies in the ability to control and track data access as your files travel across mobile and desktop devices.
Zero-friction or die. Security that is unused is useless. There are not a lot of basic, undisputed truths when it comes to software, but this is surely one of them: friction kills. Users — as do all things in nature — will always take the path of least resistance. If there is an easier, more frictionless way to get something done, you can trust users will figure it out. Test this basic and most fundamental law of user behavior at your own peril. When it comes to data, users want to view, edit, store and share data exactly how they choose to. They don’t want to be forced to use proprietary, obscure applications to do so, and they definitely don’t want to be forced into using convolute, unnatural modes of collaboration or sharing. Add friction and die. It’s that simple.
As CTO of a company that’s meeting this challenge head on, I tend to view the problem of data security in world with no borders and indeed with no last mile, with technical optimism. I believe that the next wave of innovation, especially in the enterprise security space, will deliver a fresh perspective on ways to protect data, regardless of where it is and how long it’s there. At Veradocs, this is unequivocally our most fundamental and core mission.