Enterprise Backup in the Age of IT Consumerization
Properly Securing Mobile Worker Data
The consumerization of IT is more than just people using iPads or iPhones at work. Consumer markets for mobile devices and software continue to drive technology and applications, causing a tremendous impact on how work gets done.
And while consumerization offers many benefits for both end users and the enterprise in terms of convenience, efficiency and productivity, it presents important challenges for IT departments, especially in terms of endpoint backup and data security. To reap the benefits of consumerization while avoiding security and other pitfalls requires an understanding of the origins of this latest IT trend, its enduring presence and how the most successful enterprises have effectively embraced this new reality.
Consumer Devices are Now Business Devices
Apple’s iPhone changed mobile device use forever. And how it changed our world is important to the story of consumerization.
Similar to the original Macintosh’s effect on personal computing, iPhone made mobile Internet devices easy for the average person. Compared to the clumsy, unfriendly mobile devices enterprises were issuing at the time, iPhone was easy to use, packed with essential features and offered an ever-growing inventory of low-cost, easy-to-acquire apps. It’s no wonder users took one look at iPhone and came to the obvious conclusion: it was better for business than their IT-approved solutions.
iPhone may have been the first, but it’s no longer the only easy-to-use, mobile option on the consumer landscape. The proliferation of device types and operating systems empowers users more than ever before to choose their own tools. Today, Android is rapidly gaining market share, and multiple device manufacturers are challenging the “must have” status of iPhone. Where enterprise IT once had firm command over a standard set of devices, the constantly changing consumer technology landscape now drives a constantly changing technology landscape in the enterprise.
IT departments with the imagination to be flexible and the confidence to ease their grip on incoming devices are able realize a number of benefits in this new, consumerized workplace.
The Benefits of IT Consumerization
Numerous studies show the resulting, qualitative benefits achieved by organizations embracing bring your own device (BYOD) and/or corporate owned, personally enabled (COPE) initiatives.
Happier, more productive employees
A global workforce, demanding deadlines, multi-tasking workers—all have a role in accelerating the pace of work life. The bigger the enterprise, the more likely that—at any given time—more and more people are creating data, expecting collaboration or waiting on answers. Attempting to work without critical information is frustrating. And no one wants to miss a deadline just because office doors are locked for the night. By empowering employees to select their technological tools, they feel happier and more productive. In addition, using a device of their own choosing imparts a greater sense of control and ownership over the work, which leads to a higher incidence of workplace contentedness. According to a study by Dell and Intel, six out of 10 employees say they enjoy work more when they use their own devices.1
Better work/life integration
Employees and businesses used to be concerned with what was called a “work/life balance”—the tension between time spent with family and friends versus time spent at work. Who wants to “start the clock” when his child brings a book to read? On the other hand, when she’s “in the zone” on a major project, no one wants to call it a day to pick up groceries. With BYOD, employees are better able to integrate work into their daily lives, choosing to work wherever they happen to be at the moment inspiration strikes. Declaring the work/life balance a false choice, the younger generation of workers instead chooses to integrate work into their lives, getting the job done wherever and whenever it is more convenient. (And it should be remembered this is the same generation that believes using their personal device at work is a right, not a privilege.2)
Improved individual productivity
Employees are more accessible, mobile and efficient, and—as a result—more productive. They can respond to urgent requests as soon they receive the message. Since all the information they need is already with them, there’s no waiting to get back to the office for resolution.
While qualitative benefits are well and good, quantitative benefits create real, measurable value for companies that embrace consumerization policies:
Saved money on device purchases
Instead of buying devices in bulk in order to achieve economies of scale and then warehousing them until needed—while they depreciate in value that entire time—companies rely on their employees to supply their favorite devices from home, to use at work.
Lighter IT overhead
Since employees first used their device at home, they already are quite familiar with its operation.3 As a result, users support the devices themselves and often resolve their own technical issues, freeing up IT resources for other initiatives.
Increased organizational efficiency
When employees feel more competent using their tools, their productivity increases.4 Additionally, the greater sense of autonomy motivates them to take on additional tasks, which increases the overall efficiency of the organization.5
With such demonstrable, tangible benefits, it seems most companies would be eager to embrace consumerization. Yet consumerization also presents the IT team with challenges—primarily regarding data security and endpoint backup—which first must be addressed.
…consumerization of IT is happening—with or without corporate support.
The Gap Between Consumerization and Data Protection
With more and more data created, stored and accessed via mobile devices, there is commensurately increasing risk. For instance, in Minnesota, a health care industry company paid more than $2 million in fines, partly due to the theft of an employee’s laptop (holding 23,000 HIPAA-regulated patient records) from a rental car.6 The company denied liability, but the hit to their bottom line (in addition to their brand) is inarguable.
As if those ramifications of data loss aren’t enough cause for concern, Symantec conducted a social experiment with “intentionally lost” mobile devices. The result?
“Shockingly, 83 percent of the devices showed attempts to access corporate-related applications or data. This included attempts on roughly 50 percent of the devices to access a corporate email client, a remote admin app and files titled ’HR Salaries’ and ’HR Cases.’”7
Yet the same study also found that 73 percent of businesses polled said they had achieved increases in efficiency by deploying new mobile technology.8 This is the story of consumerization at its essence: mitigating risk while realizing reward.
After examining the risks associated with consumerization, it may be tempting to dismiss this IT trend as a passing fad or deny its existence altogether. But a recent IDC study suggests a concern regarding denial: while many IT leaders insist their employees use company-purchased devices almost exclusively, a survey of their employees shows the employees actually use their personal devices for business.
At the same time, other companies acknowledge consumer devices are used at work, but—shockingly—do not have automatic backup applications deployed to protect those devices. Instead, they rely on the user to voluntarily secure their own data, or they attempt to manage data loss risk via policies that restrict (or even ban) the use of personal devices for any work-related activity.
But recent research shows both strategies fail to properly secure corporate information. A Fortinet study found that, among the Millennial generation of employees (sometimes referred to as “Gen-Y”), 36 percent either have or would deliberately disregard corporate policies restricting the use of personal devices at work.11 Among companies instructing employees to back up their own devices, IDG reported that 94 percent of employees don’t actually do it.12
We have seen that the consumerization of IT is happening—with or without corporate support. And independent, third-party studies prove that merely setting policies and hoping for the best is ineffective and risky.
So, if consumerization really is inevitable, how can the modern enterprise realize its productivity and efficiency gains while mitigating the risk to data? Whichever decisions a company ultimately makes regarding consumer devices at work, it is essential to ensure all data, regardless of where it resides, is sufficiently protected.
Backing up in the Age of Consumerization
Backing up business information used to be the easiest part of IT responsibilities. All data was created on networked desktop machines and hardwired to servers, which were then backed up to tape. Everything was secure, automated and—for the most part—confined to within four walls. But in the age of consumerization, relying on server backup alone is no longer adequate.
Now, most data is created on portable endpoints, on a variety of platforms, in remote locations, using different network connections. And, increasingly, those devices are not corporate-owned, and they multiply every time an employee brings home a new gadget and decides to do work on it. Significantly, a recent finding by Forrester Research predicts that the average organization will grow their data by 50 percent in the coming year.13
Obviously, a modern enterprise backup solution must take into account all aspects of increasingly mobile data. Given this, which features are critical for today’s enterprise backup system?
Secure and compliant
First and foremost, it must be absolutely secure and meet industry compliance standards. Data should be encrypted from end-to-end — from the device all the way to the server.
Support for all endpoints
It must support all data endpoints: desktop or laptop, wired or wireless network, on all platforms—with admin-controlled backup settings.
Users need to easily and securely access backed up files from mobile devices.
End user self-service/self-support
End users need to be able to back up and restore data on their own, without involving IT or creating additional issues.
Consistent features/functionality across all platforms
It needs to offer consistent features to all platforms, with synchronized releases for updates.
Easy management and monitoring by IT staff
It must be easy to manage, with enterprise-level reporting, real-time monitoring and administration tools.
It must ensure that, as employees onboard/offboard, they are completely backed up, regardless of hardware or operating system (OS). As storage requirements change, managing storage should not require constant tending; in fact, managing free space across storage servers needs to be automatic and hands-off.
The solution must feature tamper-proof archives and guaranteed restore of backed up data.
Real-time policy enforcement and access to real-time statistics
It needs to provide centralized reporting and administration, with instant push deployment of backup policy changes.
Companies need to be able to choose to back up to a public cloud, a private cloud or a combination -- whichever is their preference.
A Comprehensive Data Security Solution for Consumerization
After successful deployments at some of the largest companies in the world, enterprise backup innovator Code 42 Software is poised to capture an even larger share of the enterprise backup market with CrashPlan PROe.
Comprehensive, continuous endpoint backups
Every laptop and desktop is backed up, regardless of manufacturer or OS platform. Backups happen automatically, without user intervention; interrupted backups resume automatically upon reconnection to a network.
With 448-bit Blowfish encryption on the client, data is secured before it even leaves the device. Then, in transit to the servers and cloud, it’s further encrypted with 128-bit AES protocol. And all data remains encrypted until restored to an authenticated device. PROe also supports customizable backup sets to multiple destinations for maximum physical security of data.
LDAP integration and a REST API enable seamless integration with existing authentication systems and data management software.
CrashPlan PROe is scalable and adaptable, with unlimited file size and file types plus unlimited versioning and deleted file retention; backups can be automatically deactivated when employees become inactive.
“Set it and forget it”
With customizable push installs, invisible and continuous backups, and automatic load balancing, PROe system admins can—literally— set it and forget it.
Employees can restore any file themselves—without IT assistance—from the CrashPlan PROe client on their computer or from another computer by using a web browser.
True cross-platform compatibility and interoperability
CrashPlan PROe appears and operates consistently across every device in the enterprise.
Restores are guaranteed via six global data centers across the globe, data mirroring, available data isolation and self-healing servers.
Easy, secure content access from any mobile device
With PROe, users can instantly download backed up files on the device, even when offline; easily browse through files and folders; view downloaded files right within the app—or open them in another compatible app—then share via email; and get the latest version of all downloaded files using One-Touch Update, which notifies a user when a newer version of a file has been backed up. PROe mobile apps are available for iOS, Android, Windows Phone and Amazon Kindle.
Use a PROe Managed Appliance to build a private cloud for data storage, use the PROe public cloud, or back up data to any combination of the two.
Powerful, real-time administrative tools
Admins can specify which settings users can change, over which networks backups are allowed, and even which file types are supported over specific networks.
It is clear the consumerization of IT is a real, permanent change in the way we work and do business. As younger, highly-mobile workers comprise an ever growing percentage of the workforce, consumerization will increasingly influence content creation and access in all markets. The modern enterprise must adapt to this new reality in order to attract and retain talent, achieve better work/life integration, improve worker productivity, save IT costs and increase organizational effectiveness. At the same time, organizations must mitigate the security risks of user-supported devices.
With CrashPlan PROe, any organization can embrace consumerization with confidence, knowing its data is secure regardless of where it is created or which new devices the future may yield.
1 Dell, and Intel. 2011. The Evolving Workforce: The Workflow Perspective. Round Rock, Texas, USA
2 PC World, “Young Employees Say Using Their Own Mobiles at Work is a ‘Right’ not ‘Privilege’,” June 20, 2012.
3 Harris, J. G., Ives, B., and Junglas, I. 2011a. The Genie is Out of the Bottle: Managing the Infiltration of Consumer IT into the Workforce, Accenture Institute for High Performance.
4 Ryan, R. M., and Deci, E. L. 2000. “Self-determination theory and the facilitation of intrinsic motivation, social development, and well-being,” The American Psychologist (55:1), pp. 68-78.
6 Minnesota Public Radio, “Accretive to Pay $2.5M in Settlement,” July 2012.
7 “The enterprise mobility revolution by the numbers (and the security implications),” Symantec, July 2012.
9 IDC White Paper sponsored by Unisys, “2011 Consumerization of IT Study: Closing the ‘Consumerization Gap’,” (IDC #1156), July 2011.
10 IDC White Paper sponsored by Unisys, “2011 Consumerization of IT Study: Closing the ‘Consumerization Gap’,” (IDC #1156), July 2011.
11 Houston Chronicle, “2012 Business Data Loss Survey: 60% of Companies Don’t feel their Data is Secure”; Fortinet: Study, “Gen-Y Would Break Rules For BYOD.”
13 Forbes.com, “Best Practices For Managing Big Data,” July 2012