At BriForum Chicago last week, Gabe and I gave a session called "Brian and Gabe's 5x15," where we actually did five mini sessions within a single 75-minute breakout session block. One of the mini topics was called "Defining Data," which is what I want to look at in today's article.
Last year I wrote the article "Who cares about Dropbox, SkyDrive, etc.? We're moving to a world where traditional 'files' don't matter." The gist of it is that while we worry about whether cloud-based file-sync is secure or not, many of today's cloud-based services don't use "files" in the traditional sense. (After all, Gmail, Evernote, and Facebook aren't based on files that you're syncing with things like Dropbox.)
That got me to thinking: When it comes to the "information" or "data" that enterprises have to protect, there are two types, the "files" that live on network shares and in products like Dropbox, and the—I don't know what to call it exactly—"information" that's not in traditional file format that's locked that's inside of products like Evernote or email.
The irony here is that products like Dropbox, Box, WatchDox, Citrix ShareFile, and other mobile file syncing products have been traditionally been referred to as "Mobile Information Management" (or "MIM") products, but really that phrase isn't that accurate. I'd argue that those types of products should be called "Mobile File Management" (or "MFM") products, and the "MIM" phrase should instead refer to the information in stuff like Evernote that's not saved in traditional file structures.
From an enterprise standpoint, the MFM challenge is easy to solve today. There are dozens of products on the market that allow you to securely sync your corporate file shares to laptop and mobile devices, with options such as device authentication tokens, encryption, enterprise authentication, remote wiping, DRM, etc. So that problem today is easy to solve. (Well, it's easy to secure those files out in the world as any files on your network.)
The true MIM problem is harder to solve. Sure, you can wrap MAM around the Evernote client that users install on their phones and iPads, but how do you actually secure the "information" within those types of apps? All of today's traditional enterprise security products are built to either secure files or rely on some kind of pattern-matching algorithm which hopes to scan and protect data in flight. But all of that is worthless in today's world.
I don't actually have a good solution for this. One idea is that apps like Evernote could make enterprise editions which store their data in corporate repositories, but then you're at the whim of the app provider as to whether they'll do that. The other problem is the whole point of consumerization is that users always choose to use whatever apps they want, and even if Evernote made an on-premises or private cloud edition the next hot app will put IT back at square one.
The larger point though is that when talking about enterprise "data," it's important to separate "files" from "proprietary non-file app data." Files are easy. The latter is not.