Take that unnamed organization that does everything possible to keep employees from working with their information when not at their cubicle: It regularly has to report privacy breaches due to lost thumb drives, driving its employees to this work-around by making it all but impossible to get VPN access to file servers and by forbidding the use of cloud storage services. (Ironically, some of its vendors use cloud storage services for critical collaboration with the organization's employees -- who now can't collaborate.) I'm shocked that employees report such losses -- the only way this organization would even know of the problems. It shows how responsible they truly are, despite how they are mistreated and distrusted by IT.
These information workers are not stupid, and many are technically smart enough to work around IT. Ban the use of Dropbox and its ilk? Fine, they'll access the same services over the Web, which doesn't have the same encryption access as the virtual drives. Ban access to those URLs? Fine, use alternative URLs -- employees have already figured out this trick, so they can still access their IT-blocked social networks from the office. Block the USB ports? Fine, use Webmail to send the sensitive data to a personal account? Disable Web access to block Webmail? Fine, print it out -- something else to get lost in transit!
Every time IT tries to block information workers from accessing their data, the users will find a way around it. And when they're finally straitjacketed by IT, they won't be able to do their work when at a satellite site or at home, and productivity will slow to the speed of oozing molasses.
There's a better way, and it's so much easier than what stupid IT is now doing: Enable the users.
What's so sad is how easy it is. The two most popular cloud storage services -- Dropbox and Box.net -- have business versions that let IT manage access and permissions. (I prefer Dropbox because it has virtual drive clients for Windows and Mac OS X, which are more natural to use for file access than the Web interface Box.net uses.) These services work on Windows, Mac OS X, iOS, Android, and BlackBerry, with Windows Phone soon to follow, and they're supported by many popular mobile apps, such as GoodReader and Quickoffice. Thus, IT has assurance across all the devices an employee may use -- not the false security of a single-platform tool or service, which by definition means other platforms are not secured. Dropbox and Box.net even have DAV-protocol service extensions to work with Apple's iWork office productivity apps for iOS.
Maybe you need more control than these broad services offer. Fine, then look at enterprise-oriented providers, such as Accellion, that provide a safe working space on users' computers and devices, as well as IT-managed controls as to what may be edited in other applications. These tools present more barriers to users than the popular services do, so I wouldn't start with them. But if you really need a higher degree of security, they're certainly better than the "just say no" approach. However, avoid those "enterprise" storage and sharing services that aren't mobile-savvy, as mobile devices are increasingly the environment used for information work.
Think about it: No more lost USB thumb drives, CDs, or printouts. No worries about unsupported platforms getting by IT's formal security systems. No reason for users to go underground. None of the hassle of managing on-premise file shares. And you get IT management and monitoring. Why isn't this already the norm for what companies provide information workers?
The only answer is that too many in IT just don't get that information workers need to use information, not just read it and not at prescribed locations. These stupid IT organizations confuse control with management, and they confuse restrictions with security. They distrust users and treat them like enemy combatants, to be sequestered indefinitely and without charge in an electronic Guantanamo.
They do grave harm to their companies, and that harm will only grow as users gain more and more capabilities and the very nature of our work requires more and more hands-on information used in an array of locations and contexts.
IT, do the right thing. Or get out of the way and let us smart users do it.
This article, "IT, keep your hands off my cloud storage," was originally published at InfoWorld.com. Read more of Galen Gruman's Smart User blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.