It is of the highest importance in the art of detection to be able to recognize, out of a number of facts, which are incidental and which vital.
When Arthur Conan Doyle created the character of Sherlock Holmes in 1887, he also created John H. Watson. Watson serves as the narrator of nearly all of Holmes' adventures as a consulting detective. The stories often begin when a potential client visits Holmes' residence at 221B Baker Street in London.
Holmes and Watson typically view the same scene and hear the same story, yet Watson consistently fails to grasp details that Holmes observes. Holmes sees details that Watson overlooks. These details, woven together, provide the evidence necessary to solve the case.
Here is our mystery: Where is your organization's data? Let's review the particulars.
Data: Confused cloud
Cloud computing remains a mystery to the general public. "51 percent of respondents, including a majority of Millennials, believe stormy weather can interfere with cloud computing," according to an August 2012 study paid for by Citrix.
The same study found "A majority of Americans (54 percent) claim to never use cloud computing. However, 95 percent of this group actually does use the cloud." The study goes on to cite how respondents use online banking, shopping, social networking, online games, and photo sharing. Like Sherlock Holmes, IT professionals grasp the significance: those activities all involve cloud computing.
The evidence suggests that users might not understand where data is stored.
Data: Cloud control
Cloud computing systems enable rapid access to processing and storage systems outside of an organization's walls. The PC revolution put a computer on every desktop: users had control. The client-server revolution connected PCs to a central system: system administrators had control.
With a client-server setup, your data is on the server. With a 100% cloud setup, your data is on someone else's servers. With a virtual desktop system, your data resides on your virtual machines. And there are various ways to make your data available both on-site and off-site (via VPN, remote access tools, or cloud sync tools).
The evidence suggests that your data may be scattered across multiple servers and vendor systems.
Data: More mobile
Yet, there's another revolution taking place: people are moving to mobile devices. The Pew Internet and American Life reports that 45% of American adults own smartphones (September 2012), and 25% of American adults own a tablet (August 2012). The smartphone is the new PC: users often have control.
The evidence suggests your organization's data is also on smartphones and tablets.
Solve the cloudy data mystery
1. Pay attention to your service level agreements
In the cloud era, your data almost certainly will "live" on someone else's servers. Power shifts to those who control the clouds (or, more technically, the APIs). Amazon Web Services dominates the space in which Microsoft, Google and many others also compete. Your IT team needs to negotiate, manage and monitor Service Level Agreements.
2. Manage and secure your mobile devices
The NIST document, "Guidelines for Managing and Securing Mobile Devices in the Enterprise" (PDF) provides a useful introduction to the topic of mobile security. Practically, though, you need a system for mobile device management. Both Office365 and Google Apps enable administrators to enforce password requirements, auto-lock settings, and require data encryption as well as remotely wipe mobile devices.
3. Design as secure a system as possible (and educate your users)
Time after time reports show social engineering or user behavior contributes to corporate data breaches or loss. Above all, you need to design security into your systems: choose settings that favor security over convenience (e.g., require 2-step authentication). A well designed system minimizes the need for user training.
Understanding where your corporate data is - and securing it - is not, as Holmes might say, "Elementary." Instead: "It is of the highest importance in the art of detection to be able to recognize, out of a number of facts, which are incidental and which vital." That seems like excellent advice for tech professionals today, even though it was spoken by Sherlock Holmes in The Adventure of the Reigate Squire, published in 1893. Tools change, but logic doesn't. Case closed.