A Cloud of Your Own - TVP Strategy

Ever since iOS 7 came out with its corresponding version of iTunes, I have not been able to sync my iPhone contacts and calendars directly to my MacBook any more. Since that update, you have to use iCloud (preferred by Apple), or you have to roll your own cloud that has similar functionality. This seems even more difficult than it sounds, and to this day I still don’t have everything working. But the majority is. So, do you need a Cloud of Your Own?

Most will use iCloud and be done with it, while others will use a cloud of their own for security and control reasons. Most SMEs or SMBs want a cloud of their own apparently for the same reason: privacy. In reality, however, the need to have a cloud of their own may be imposed on them due to compliance mandates and control requirements. This also holds true for medium and large enterprises that set up file share and sync clouds within their organizations, perhaps because many companies still fear public cloud file sync and share. Given the number of corporate data breaches, the cloud may actually be better. However, that’s an article for another time.
What is required to replace cloud services for your mobile and other devices? Requirements can be divided into two categories, groupware and file sharing. Their components are:

Secure file sharing
Secure calendar sharing
Secure address book sharing
Secure document sharing

Many on-site solutions contain secure file sharing, such as ownCloud, Connected Data, Synology, and others. Questions remain about the security of these services and devices compared to the likes of Dropbox, Citrix ShareFile, and Box. But even if the security stacks up, is file sharing all you can expect from an on-premises solution? At the moment that may be, unless you use ownCloud or some other similar service that plugins into your file sharing solution. Synology has these services (either through the use of ownCloud or other applications within their application store).
These solutions are designed to sit behind firewalls and the like, not exposed on the internet. Connected Data solutions use custom applications on mobile devices and establish their own secure tunnels. For true plug-and-play, you are looking at securing whichever device you choose yourself. It is, after all, your cloud. Figure 1 shows these possibilities:

Your Own Cloud Security — Figure 1: Your Own Cloud

The first possibility uses something like Connected Data and other tools that embed an application on a mobile device or desktop. These applications use an encrypted channel to contact the service to provide file sharing. The security of this first option is embedded within the application and the device on the other end, with data in motion encryption using SSL or other VPN technologies. If a device is lost, a remote wipe of the data can take place without affecting the other aspects of the mobile device. This is the most common approach used by some clouds and enterprises today.
The second possibility, the middle diagram of Figure 1, is to only access the service from within the firewall. This has the advantage that data will never leave your environment. In addition, the native mobile device applications can be used to access the groupware data stored within the device. A little change to the device configuration gives you a remote place to store address books, group calendars, files, and the like. You can even share those items among groups of users or the entire organization.
The third possibility, the final diagram of Figure 1, is to allow access to the service from outside but through your controlled firewall or gateway device. Unlike the first option, the native applications are in use. When I have seen this option in use, most users and organizations have forgotten to put in the firewall. They think someone else may protect them. A properly configured firewall is a requirement unless the device itself adds a firewall functionality, and even then, I might put in another firewall or similar service, perhaps even a security as a service solution that front ends your own network, perhaps using Incapsula, Zscaler, and others.
It makes no difference if these systems are virtual or physical; what does matters is that they are properly secured, used according to best practices, and kept up to date, and that the data on the devices is protected. In addition, it is critical to practice strong authentication and authorization, with a login using two-factor authentication being required to access data from the outside (and even from the inside, depending on trust level).

Final Thoughts

Given the recent ruling on net neutrality, your data will not be relegated to the slow lane, which implies that a cloud of your own is possible using native applications, if you take the proper security steps. But first, you need to decide two things: what you wish to share, and the classification level of that data. Classifying your data helps determine how much security must be put in place (such as the difference between digital signatures and outright encryption of data at rest) and which data protection tools are required. It also tells you whether or not you really need a cloud of your own. If the data is public, then a public cloud may be just the tool to use. However, if the data needs to meet some form of regulatory compliance or is considered confidential, then you may need to augment your security for all data shared within an organization.
The key to a successful cloud of your own is to make it easy, using native applications or applications widely used by your organization, which will help with adoption. In addition, you need to ensure your data is always available, which mandates some form of data protection. Ultimately, the questions come down to: “Do you need a cloud of your own?” and “Do you trust the major groupware and file sharing clouds?”