Beyond prisonware: Smart data access for mobile and PC users alike

Here's a radical idea: Monitor what users do with corporate data, rather than keep them from using it

What good is access to corporate data if you can't actually work on it? That's a question I pose to mobile security vendors several times a month as they pitch the same bad idea over and over again: systems that provide read-only access to corporate data to make sure it's not abused. Never mind the data can't be used, either. Seriously, why bother? Tell them to use their laptop, where they can really go to town.

Oh, wait -- it's not risky to open up access to corporate data for manipulation and sharing on a PC but it is on a tablet or smartphone. Umm, why? In any event, I don't write about those prisonware products, so I was pleasantly surprised to hear about Hitachi Data Systems' approach to the issue of making corporate data available to employees on whatever devices, including PCs, tablets, smartphones.

[ Also on InfoWorld: Mobile and PC management: The tough but unstoppable union. | Mobile security: iOS vs. Android vs. Windows Phone vs. BlackBerry. | Subscribe to InfoWorld's Consumerization of IT newsletter today. ]

HDS gets that endpoint devices are endpoint devices, equally at risk, assuming basic precautions are in place. What matters is knowing who accessed what data, whether it ever left your oversight, whether it was changed, whether in full view or outside your visibillity. That information lets companies make reasonable risk assessments and, if needed, informed judgments about culpability. Hallelujah!

The Hitachi Content Platform (HCP) announced this week isn't about mobile data access specifically -- and that's a good thing. Mobile shouldn't be a separate silo, but another channel to your portfolio of endpoints. HCP is an object store that tracks the access to documents from users on the local network, a branch office, via an Internet or cloud connection (that is, via a browser), and via mobile devices. Users see folders or the equivalent of the documents they can work with and can then can view in their OS, browser, or mobile app -- or open them in a compatible app or service.

That last part is what most mobile data security tools won't let users do. Some include an inferior editing tool to try to provide safe access where the user could actually take care of meaningful tasks, but the ones I've tried are pretty weak. HCP assumes if you have permission to open a document, the company trusts you. That's the adult thing to do.

Of course, HCP does track the access and change history of the document. If you open it in an app outside of HCP's visibility (such as in iOS, which doesn't let apps snoop on each other), the system knows the document has left corporate control, and the company can decide if that was OK. If the user sends back a revised version of that document, HCP knows that too, keeping the original as well -- again, the company can determine whether the user's behavior was appropriate.

HCP is not a simple technology to deploy, so the number of companies that could consider it is less than the number of companies who struggle with document management in a world full of endpoints not under IT's absolute control. But whether or not HCP is a tool your organization would adopt, its approach to managing data is correct, and one you can do with any tool that tracks access and versions.

And it's really nice to see a traditional IT provider come up with a method that embraces the new world of heterogeneous, user-centric computing.

This article, "Beyond prisonware: Smart data access for mobile and PC users alike," was originally published at InfoWorld.com. Read more of Galen Gruman's Smart User blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2014 IDG Communications, Inc.