In reading "IT, keep your hands off my cloud storage" by InfoWorld's Galen Gruman, as well as some of the feedback to it, I was reminded of the many, many times I've had strikingly similar conversations with my own clients -- both those in the IT trenches and the C-level folks expressing usability concerns on behalf of the user base. No matter how many times I've heard it, I'm always surprised by how often these two groups fail to find middle ground on the issue of access to data and data security.
Can't we all just get along?
On one hand, IT is charged with -- and held responsible for -- protecting the organization's data against loss or exposure. The easiest way to do that is to throw up huge walls around the enterprise IT infrastructure over which the organization's data ne'er shall cross. That seems simple enough, and it's traditionally the approach most enterprise IT organizations have clung to -- relenting only when forced.
Unfortunately, that approach completely fails to take into account the legitimate business needs of the employees. From their perspective, if they can't get that presentation done from home the night before a meeting with a client because corporate IT is preventing offsite access to their data, you better believe they're going to at least complain or, more often, go right around IT and use unsanctioned (or even prohibited) means to get what they need -- a point Gruman aptly makes in his piece.
If you want some kind of proof of that assertion, a study conducted by economists at Wellesley College and the University of Minnesota recently showed BitTorrent sharing of recently released movies has very little impact on box office -- except in situations where that content isn't available to the consumer (a delayed European release, for example). Then the user is far more likely to break the rules and steal the content.
All these content providers need to do to kill piracy is make their content easily available to anyone who wants to consume it. If it's easy to do while staying within the rules, people will follow them. If it's not, people will break them. It's that simple.
The exact same is true in IT. If IT continues to play the stereotypically obstructionist role, users will go around them -- often with the tacit approval of management. However, "let us do whatever we want" is no answer, either. Solving this problem is a two-way street and requires users and management alike to tell IT what they need and let IT design a system that will enable them to do it -- then live within that system.
Having your cake and eating it, too
How do you accomplish that? There are many widely used solutions to this challenge that allow both users and IT to get what they want. Many VDI implementations -- VMware's View, by way of example -- make it astonishingly easy to offer up a secure, full-featured remote-access solution that is functionally identical to the access offered onsite.