Virtual Space Wars: How the Intersection of Mobility and Collaboration Will Threaten Enterprise Data ProtectionVirtual Space Wars: How the Intersection of Mobility and Collaboration Will Threaten Enterprise Data Protection

A kind of "end of world moment" is coming for enterprises and they don’t know it. No, it isn't because of the worldwide financial meltdown, and it isn’t as a result of hyper-competition. It is happening because employees will soon be able to divest themselves of all but the most basic enterprise technology infrastructure. Consider:

A new MBA, named Fred, has just reported to work at Immense Enterprises and has been shown to his cubicle. "Here's your PC," the manager proudly tells Fred. "In just a couple of days, we will be able to set you up on company email and get your desktop applications installed. In the meantime, why don't you go around and introduce yourself to your fellow workers? Get back to me with any questions."

After sitting quietly by himself for a while with nothing to do, Fred walks around to talk to his co-workers. At each desk, he asks what their email address is and notes it in his personal smart phone directory. At the end of the day, he goes home and sets up a collaboration space on the Web, using one of the many collaboration space service providers such as Google, Facebook, Yahoo and so forth, and adds all of his new-found friends to the collaboration directory. Early next morning all of his co-workers find that they have been invited to join this new group. Many do--after all, Fred is a new employee.

When Fred gets in, he inquires if there is anything he can begin working on right away, and his boss gives him the task of assisting his work group in documenting the new project. "Just do it on paper for now," his boss informs him. "Your applications will be set up any day now."

In short order, the new project plan is completed using on-line applications in the collaboration space and Fred has socialized it with his co-workers, who find that it is easy to comment on the new plan and provide input. By the end of the week, when Fred has his access set up on his desktop machine, it is already easier for everyone to just interact in the Fred-provided collaboration site.

Far fetched, you say? Actually this scenario has already taken place and is occurring much more frequently as collaboration-technology improves. However, a new aspect has entered the equation. For those who read the above scenario and thought, "Well, Fred's coworkers won’t have access to his collaboration space on company machines"--Who said anything about company machines? It is likely that both Fred and his co-workers are using personal machines connected through a wireless network; one that the company has no direct control over.

In fact, as wireless enters the new era of 3G and pre-4G networks, some of which uses frequency spectra that can penetrate walls with ease, the enterprise computing environment will increasingly compete with employee-provided computing support that is every bit as good, and often better, than the technology provided by the company. And the important distinction here is that the company has no control over the data that is being exposed by employee provided computing.

Let's take a look at why this is happening:

HOW WE GOT HERE

Of course, employees have had access to home PCs and cell phones for nearly 20 years now. In many cases, they have done work for their employers on these devices. Many people now work at home; frequently using personal computers and personal cell phones. This situation exposes some company business to intercept or leakage, and many enterprises have policies designed to impose appropriate controls on employees to ensure that information doesn't leak.

However, the difference now is that mobile devices can be every bit as capable as fixed devices, and they now have sufficient bandwidth available to access network provided applications in real time, with reasonable refresh rates. This combination of reasonable performance coupled with innovative new Web delivered applications means that a person can develop a portable Web presence where it is easy to connect with other people, share information, perform work and develop new ideas. In most cases, this environment is easier to use and more accessible than anything provided by enterprises, where just getting access to desktop productivity applications can often be challenging.

COLLABORATION TECHNOLOGY AND SaaS

One of the primary drivers behind this new portability is the evolution of collaboration spaces on the Internet. Beginning with sites like Facebook, YouTube, MySpace and virtual worlds like 2ndLife, people have begun to accept the idea of socializing on the Web. It is a small step from socializing to working on the Web.

New entrants like Atlassian, Firstclass, Google, Grovesite, HiveLive, LongJump and others have recognized this and are offering fully enabled work environments where it is possible to interact with other people, collect the interactions and integrate the collected information into new content. Many of these sites have fully functional office productivity capabilities (word processor, spreadsheet, presentation, etc.) for delivering the new intellectual property to consumers.

And this process is seductive. When it becomes very easy to tap other people's intelligence and seamlessly create output, people naturally migrate to these environments and tend to stay with them as their preferred creation modality. This is precisely why Apple will never die in the enterprise: Macs are much easier to use and people will use them regardless of what their employer provides. In most cases, a hardened Mac owner will use his or her Mac to create a document and then email it over to a work machine for distribution within the enterprise.

The new collaboration is also viral. Many collaboration spaces are free. Many more are very inexpensive. Anyone can afford to use such capabilities and it is highly probable that your employees are using them.

Consider a new college hire that may be on many social networks and may have gotten in the habit of doing most school assignments collaboratively on the Web. Once that person is hired, it is unlikely that he or she will unplug from the social networks or the software tools that support them. It is highly probable that a good deal of interaction will continue to take place. And if existing employees are already part of those social networks, it makes it easy to establish a contact and conduct business "off line."

WIRELESS EVOLUTION

Of course, just having access to collaborative sites wouldn't matter much if the access were through company networks. It is easy for the IT department to identify and block access to sites that have been deemed to be security threats. Many companies now do exactly that and more are considering doing so. As long as the employees must use company infrastructure to access collaboration, the company can impose some control. However, wireless blows this control away.

Wireless data has evolved quickly from very slow data rates available on 2.5G networks to very acceptable data rates available in 3.5G networks. In the past, no one would have considered serious Web access over a smart phone operating at 14.4 kbps. This data rate was barely acceptable for email and IMS (instant messaging services). With 3.5G HSUPA operating at 28 Mbps and beyond, though, refresh rates are more than acceptable. All of a sudden, wireless collaboration starts to make sense.

And these devices are more or less ubiquitous. As Figure 1 shows, wireless device deployment is showing no signs of slowing down. High uptake combined with the inexorable influence of Moore's Law on performance and capability, ensures that every employee is carrying a device that can act as a gateway to collaboration spaces.

Figure 1: Worldwide Mobile Data Devices (Worldwide Web Consortium, 2007)

Many enterprise IT organizations are aware that this is possible, however many don't find it particularly threatening since most cellular wireless devices have reception issues when confined to indoor offices. It is true that current frequency spectra are not very penetrating, but the technology is improving rapidly and newer frequency bands such as the 700 MHZ spectrum recently auctioned off by the FCC can be very penetrating.

And, things will likely evolve fairly quickly. Not only are wireless devices becoming more capable, but the collaboration sites are becoming more friendly to wireless. It is now possible to collaborate through what is effectively IMS (instant messaging service) on steroids. As instant messages are exchanged, the collaboration site collects and collates them for later analysis and evaluation. This can include collecting good ideas for later productization or merely reducing ideation to leveragable intellectual property.

Form factors, too, are improving. Vendors such as Dell and Lenovo are building small form factor PCs (Web books) somewhere between a laptop and a palm top. Armed with wireless air cards and solid state memory, these devices literally ensure that a collaboration environment can be carried anywhere and, because they are so small, they can easily fit inside a portfolio, purse or briefcase.

Such wireless enabled devices do a complete end run around perimeter and network security. People will use them because they are used to using them, because they feel at home in their own collaboration environments and because it is the way they keep in touch with their friends and professional acquaintances.

WHAT CAN WE DO?

So what can enterprises do? Stop focusing on security through infrastructure boundary control and shift to data access control.

Currently, many enterprises are moving to build their own internal collaboration environments. Software such as IBM Lotus and Microsoft Sharepoint allow enterprises to build very extensive collaboration spaces that are tied to routinely used tools such as email and calendaring. It is hoped that employees will use these in favor of anything else they might have.

Yet this approach is largely likely to fail. Employees will obviously use such systems because they have to, but will increasingly maintain a separate presence on their own devices and spaces. Especially in current economic times when employees generally feel less secure in their employment, they are likely to maintain these separate virtual existences simply because they know that if the company lets them go, they will lose access to their virtual communities and contacts if all of their virtual interaction is through company systems.

Companies have tried to threaten employees into dropping their personal networks through a variety of "condition of employment" agreements, but once again, this is likely to fail as well, as employees begin to perceive such conditions as personally threatening to their security.

The only viable response for enterprises is to embrace mobile collaboration, but only to a point. Instead of focusing on boundary control, the enterprise should invest in access control technology that enables the appropriate access to, encryption of and audit of use for highly proprietary intellectual property and protected data. For general operations, employees should be allowed to use their own collaboration technology. In order to work with encrypted data, the employee would need to log into a secured environment where such data is visible, but not transferable.

Do such environments exist? Sort of.

Vendors such as McAfee, Websense, and Falconstor provide solutions for securing data at rest and in transit, however, integrating these solutions into a dynamic access environment that allows for positive control combined with flexible access is a chore: one that requires a lot of maintenance. Such solutions currently allow for the creation of directories of authorized users and the content to which they are allowed access. Content that rises to the level of proprietary is encrypted so that only authorized personnel with the appropriate decryption agent can actually use it. What is lacking is a cohesive environment where such access controls and encryption work together seamlessly. However, these products and others like them can be counted on to evolve quickly, with end to end protection, access management and encryption built in. Enterprises should be aware of the need and press their vendors of choice to develop viable responses to the problems.

CONCLUSIONS

Wireless evolution has brought us to a point where employees are empowered with personal technology every bit as capable and accessible as enterprise computing technology. In fact, as we have seen, personal technology has the added benefit of providing a personal workspace that transcends the enterprise workspace by making a working environment independent of the current employer. This, however, poses a challenge to the enterprise.

Enterprises must recognize that their options to control the spread of wireless collaboration are limited. What they can do, though, is focus on intellectual property protection rather than on infrastructure control. When they do, they are in the position of leveraging the productivity of employees’ personal collaboration environments while protecting critical data assets.

One thing is certain: the technology wars that were once dominated by the enterprise and its ability to deploy IT infrastructure with more features than employees could afford to buy for themselves are largely over. Personal technology is capable, cheap and pervasive. Enterprises will need to start thinking in terms of service provision to enable that technology to deliver value to the enterprise.

Mike Jude is a long time business analyst and expert on decision analysis who specializes in virtualization technology. Co-founder of Nova Amber LLC, a consulting firm focused on business process virtualization, Jude is currently a senior analyst with Current Analysis and can be contacted at [email protected]