In this series so far we have concentrated on the data under our control in our datacentres and managed clouds and protected by enterprise data protection tools.
However, the reality of a modern data platform is not all of our data lives in those safe and secure locations. Today most organisations expect mobility, we want access to our key applications and data on any device and from any location.
This “edge data” presents a substantial challenge when building a modern data platform, not only is the mobility of data a security problem, it’s a significant management and compliance headache.
How do we go about managing this problem?
The aim of this series is to give examples of tools that I’ve used to solve modern data platform challenges, however with edge data it’s not that simple. It’s not only the type and location of data, but also the almost infinite range of devices that hold it.
Therefore, rather than present a single solution, we are going to look at some of the basics of edge data management and some tools you may wish to consider.
Manage the device
The fundamental building block of edge data protection is maintaining control of our mobile devices, they are repositories for our data assets and should be treated as any other in our organisation.
When we say control, what do we mean? In this case control comes from strong endpoint security.
Strong security is essential for our mobile devices, their very nature means they carry a significant risk of loss and therefore data breach, so it’s critical we get the security baseline right.
To do this mobile device management tools like Microsoft Intune can help us to build secure baseline policies, which may, for example, demand secure logon, provide application isolation and in the event of device loss ensure we can secure the data on that device to help minimise the threat of data leak and compliance breach.
Protecting the data
As critical as ensuring our mobile data repository is managed and secure, protecting the data on it is crucial. We can take three general approaches to controlling our edge data;
- No data on the device
- All data synchronised to a secure location
- Enforce edge data protection
Which approach you use depends on both the type of data and the working practices of your organisation.
For example, if your mobile users only access data from good remote links, home office for example, then having data only within our controlled central repositories and never on the device is fine.
That however, is not always practical, therefore a hybrid approach that allows us to cache local copies of that data on our devices may be more appropriate, think OneDrive for Business, Dropbox or build your own sync tools such as Centrestack.
These tools allow users access to a cached local copy of the data housed in our central data stores regardless of connectivity, with managed synchronisation back to these stores when possible.
This provides up to date data copies for users for convenience, while we maintain a central data repository ensuring the authoritative copy resides under our control.
Enforce Data Protection
However, this hybrid approach relies upon users placing the data in the correct folder locations and if they don’t this then presents a data security and compliance risk.
To overcome this we can ensure we protect all of the data on these devices by extending our enterprise data protection solution, for example we can use Veeam Agents to protect our Windows workloads, or a specialised edge data tool such as Druva InSync, which can help us protect edge data on a range of devices and operating systems.
This goes beyond synchronisation of a set of predefined folders and allows us to protect as much of the data and configuration of our mobile devices as we need to.
Understand the edge
While ensuring the device and data is robustly protected, our modern platform also demands insight into our data, where it is, how it is used and importantly how to find it when needed.
This is a real challenge with edge data, how do we know who’s mobile device has certain data types on it? If we lose a device can we identify what was on it? The ability to find and identify data across our organisation, including that on the edge, is essential to the requirements of our modern data platform.
Ensuring we have a copy of that data, that is held securely and is indexed and searchable, should be a priority.
Druva InSync, for example, allows you to do compliance searches across all of the protected mobile devices, so you can find the content on a device, even if that device is lost.
Centralising content via enterprise backup, or synchronisation tools also provides us this capability, how you do it will depend on your own platform and working practice, doing it however should be seen as a crucial element of your modern data platform.
The importance of having our data controlled even when it spends much of it’s time on the very edges of our networks is crucial to our modern data strategy. When it is, we can be sure all of our business security and compliance rules are applied to it and we can ensure it’s protected, recoverable and always available.
Managing the data on the edges of our network is a difficult challenge, but by ensuring we have strong management of devices, robust data protection and insight into that data, we can ensure edge data is as core a part of our data platform as that in our datacentre.
This is part 5 in a series of posts on building a modern data platform, the previous parts of the series can be found below.