EFSS and security/governance in 2016

As the last of my four-part series looking at 2016 in the EFSS marketplace, I spoke with ESG's VP of Research and Analyst Services John McKnight about security and governance in file-sharing.

The short version is that laws have not caught up with technology — while the Internet by definition removes global boundaries, the law still respects them. How do we deal with cross-border governance questions?

Video transcript:

John: I'm here today with Terri McClure, Senior Analyst covering Enterprise File Sync and Share technologies for ESG. Welcome Terri.

Terri: Thank you, John.

John: So Terri, early on, you were one of the first industry analysts to really cover the file sync and share market. And for a number of years now you've always been beating the drum of the importance of security and governance in these solutions as companies adopt them. What are you looking for in 2016 on that front?

Terri: Well, it's the biggest issue that we look at when you can start accessing your corporate data from any device anywhere, anytime. That introduces a lot of risk to the organization around content security. So we'll be looking for more and more data loss prevention type integrations, more and more digital rights management, more and more integrations with existing security frameworks around the content side, as well as what we talked about, the EMM integrations. Companies that are trying to sell file sync and share into an organization are going to have to go through really, really strict security audits. And while security is certain scary, I think one of the bigger issues here that still has a lot of directions to evolve is the regulatory compliance side. We saw the collapse of Safe Harbor last year. And all of a sudden, all these organizations that thought their data was relegated to EU Data Protection Guidelines really weren't. I went from being in compliance yesterday to not being in compliance today.

And, I think we're going to see all the ripple effects shake out this year. So in our past research, we saw a lot of traction for hybrid file sync and share solutions...

John: On-premises and cloud.

Terri: Some combination of on-prem and cloud. So, especially with the collapse of EU, we're seeing on-premises solutions and hybrid solutions get a lot of traction with the collapse of the Safe Harbor and the EU, as well as customers buying solutions that have the ability for customer managed keys, so that even if the data lives in the cloud somewhere, I have control of the data and where it goes.
So, I think, we're going to continue to see people struggling with regulatory compliance, I'm I in compliance and how do I get into compliance. You know what's funny? So my whole video last year, looking at 2015, was about security and compliance and keeping our eye on it. And the issue was that jurisdiction issues weren't settled yet for file sync and share. If the data's living in one country but managed and accessed and controlled from another country, which country's laws apply to that data? Because Country A can't access the data because the don't have the keys and Country B, well the data doesn't live there. And that's not even settled yet.

John: Classic case of the laws not keeping up with the technology.

Terri: The laws are not keeping up with the technology. So we're continuing to watch this entire space. But companies really have to think about the fact that the law is completely unsettled on this and that it could change like say, fiber changed, the jurisdictional issues that are still up in the air. And they just have to be careful. I know that's going to drive the hybrid adoption again.

John: Be smart. Proceed with caution and really talk to your vendors and make sure you're asking them the tough questions.

Terri: Absolutely.

John: Well, thank you Terry. This was great as always. Thanks for sharing your insights with us.

Terri: Thanks John.

John: If you'd like to read more of Terri's research, you can visit her blog and her research at esg-global.com.

object storage brief

Topics: Storage Cybersecurity