Maintaining Control of Your Data
In the early days of SharePoint (way back in 2006) while I was still working at Microsoft, we ran into a number of customers who were struggling with the migration of their extensive email archives and collaboration content from Lotus Notes to the (at the time) new SharePoint Online platform. We spent a lot of time working with these customers and members of the Exchange team in trying to figure out a migration strategy for these customers. After numerous migration tool vendor meetings, product reviews, interviews with consultants, and various forays into building our own technical solutions, we came to the conclusion that for many of these customers, the right path forward was to leave their content where it was.
The successful deployment of the platform in these organizations usually meant standing up SharePoint side by side against Lotus Notes (or other platforms), and as new projects were initiated, allowing the end users to decided "Does this new project need to be associated with our legacy content and customizations, or can it be built on our new SharePoint environment?" In a conversation with Jared Spataro, GM of Enterprise Social at Microsoft, at Microsoft’s Worldwide Partner Conference (WPC) last year, he shared that while at Open Text they often gave customers this same advice. From a migration perspective, this advice eases the pain. Migrations are rarely straight-forward. But what this "best practice" of standing up the new system side-by-side with the old and having end users decide whether or not to move means maintaining two (or more) platforms. For a while, at least.
With all of the platform advances made since then, some aspects of our "best practice" remains in force. We now have more options for moving data from legacy platforms to SharePoint (online or on prem), from third-party migration tools to more powerful APIs that allow us to index and search across file shares, BLOB storage on inexpensive hardware, or a variety of cloud-based and on prem storage options. Some organizations are even using OneDrive as a mechanism for bridging the gap between legacy and the cloud, allowing end users to transfer content on their own, as needed. But with all of these options, we’re not only seeing an explosion in the growth of content, but growth in the number of platforms being used.
Two years ago, Microsoft with Steve Ballmer at the helm was "all in" on the cloud, with a sales strategy to push customers to move all of their data to the cloud. As Microsoft pushed, customers began to push back — not because people did not understand the cost efficiencies and scalability of reducing or removing infrastructure, but because they began to look seriously at what it would take to re-architect customizations and line of business application integrations. The reality is that many organizations still need to realize business value at the investments they’ve already made before moving to a new platform. On top of that, some of these legacy systems — and other non-standard, vertical-specific (line of business) apps — required strict governance standards, apart from what was managed for SharePoint and other basic collaboration solutions.
In short, many enterprises have realized that while the cloud may be the future, their transition toward that future may take some time. What this means, of course, is that some of these organizations will need to maintain some very complex security and management models. As more and more cloud-based solutions are used (Dropbox, Box, Google Drive, etc) the potential risks of data mismanagement increase. While implementing a hybrid cloud solution seems like the best of both worlds — maintain business-critical on premise solutions while taking advantage of key cloud workloads, like using Office 365 and SharePoint Online for new team site provisioning — the reality is that hybrid solutions create massive security governance risks, and therefore require careful planning.
I recently sat through a demonstration of the ownCloud platform, which may answer some of the security and management concerns of organizations who increasingly find themselves with a growing number of content and data sources on premises as well as in the cloud — many of them with valid reasons for being there. Personally, I think the days of any company being locked down to a single platform are gone. As a SharePoint guy, I recognize that most of my customers (and my own company) actively use other tools and platforms, such as Dropbox, Amazon Web Services, and yes, even local file shares. What ownCloud provides is capability to centrally manage data being accessed from SharePoint and other data repositories, whether behind the firewall or through external connections, such as mobile devices.
What impressed me about the ownCloud solution is that it is completely on prem and controlled by the customer, ensuring that your data is safe and your policies and procedures are being met. Solutions like this provide much needed capability for organizations who plan to remain on prem, or who are making the transition to the cloud, ensuring that employees have access to the right data — and that access meets all of your regulatory, compliance, and governance requirements.
You can find out more about ownCloud on their website at www.owncloud.com, as well as watch this overview video which explains their solutions:
At the end of the day, I am a huge cloud advocate. The majority of my company’s data resides in Office 365 or in Azure. However, as I mentioned above, we use other platforms for specific workloads, and still maintain data on prem. And while many of the companies and customers I speak with are on a similar path toward the cloud with a mixture of on prem and cloud data sources, most will admit that their various file systems and platforms are not meeting their own security and compliance requirements.
Every time I hear about another security breach, I think of all of these unsecure, non-compliant hybrid platforms out there. Ask yourself: how secure is your data? Do you know what sensitive data is being shared between systems behind the firewall? What about outside of your firewall, on cloud-based storage systems? How much visibility do you have?
Maybe its time you developed a plan.