IT, keep your hands off my cloud storage

Too many IT organizations try to block information workers from information -- imperiling their businesses in the process

What does IT have against information workers, anyhow? This week, two events showed me how many IT organizations not only not get it, but actively endanger their companies by trying to block information workers from using the very information they need. They're not called information workers for nothing, you know.

The first event was the inevitable hue and cry from security and file-sharing vendors about the dangers of cloud storage, this time citing the pending Google Drive service and how it will expose every single corporate secret to the Russian mafia, the Chinese government, the teenage hacker down the street, and who knows who else. Before that the existential threat in the cloud was Apple's iCloud, Google Docs, Dropbox, and Box.net, and next fall it will be Microsoft's Windows Live for Windows 8.

[ Subscribe to InfoWorld's Consumerization of IT newsletter today, then join our #CoIT discussion group at LinkedIn. | Learn about consumerization of IT in person March 4-6, 2012, at IDG's CITE conference in San Francisco. | Get expert advice about planning and implementing your BYOD strategy with InfoWorld's 29-page "Mobile and BYOD Deep Dive" PDF special report. ]

The second event was what I learned about a large organization I'll not name. This organization has lots of employees who work at multiple sites; many also work at home after their kids go to bed. The organization's IT group sent out an edict saying cloud storage services must not be used. The threat cited was that the passwords to access these services' virtual drives from a computer did not have a high-enough level of encryption. Never mind that these services use 256-bit AES encryption, which the financial industry and defense industry both find perfectly safe. And disregard that for a hacker to access the employees' computers to decrypt the cloud storage password, the hacker would need physical possession of the PC and be able to get past its boot- and sleep-level encryption (which IT deployed, so presumably it's strong enough).

This same organization makes employees wait for years to get VPN access so that they can securely access work on information when outside the firewalled building networks. It's now thinking of disabling PCs' USB ports because employees keep putting their files on thumb drives so that they can work at home and when offsite.

The irony is too sad to be funny. This organization is driving its employees to unsafe data practices by not letting them use tried-and-true information access services -- and it's hardly the only example I've come across of this mindlessly controlling approach. Can you say "stupid IT"?

That mindless control is also the problem with most of the solutions offered by enterprise collaboration and cloud storage vendors. Worse, many of them (like Microsoft SharePoint, the granddaddy of them all) don't work on modern devices, such as smartphones, tablets, and Macs -- more stupidity.

Both these stupid IT organizations and the vendors that cater to them simply do not address the real workplace. By ignoring reality so throroughly, they do more than inconvenience employees and reduce productivity -- they also endanger their companies. How? By pretending they're securing information that is in fact not secure. They can go on and on to their executive committees and auditors about their security implementations and compliance adherence, but it's meaningless paper compliance. And that puts everyone at risk.

At best, their organizations have a false sense of security. At worst, they've trained their employees to dismiss all of IT's concerns, creating a culture of rogues and guerrillas -- or, more accurately, freedom fighters.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies