AIIM White Paper. Survey Report: Mobile Content Security and Productivity. Sponsored by



Similar documents
Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Top. Enterprise Reasons to Select kiteworks by Accellion

Solve the Dropbox Problem with Enterprise Content Connectors. Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors

Top. Reasons Legal Firms Select kiteworks by Accellion

Mobilize SharePoint Securely: Top 5 Enterprise Requirements

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Document Approvals Management for SharePoint

Five Best Practices for Secure Enterprise Content Mobility

How To Secure Shareware Kiteworks By Accellion

AIIM White Paper. ECM at the Crossroads - banks need to unite their numerous content repositories. Sponsored by

What We Do: Simplify Enterprise Mobility

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Enterprise Mobility Management: A Data Security Checklist. Whitepaper Enterprise Mobility Management: A Checklist for Securing Content

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Where is your Corporate Data Going? 5 tips for selecting an enterprise-grade file sharing solution.

Comparing Alternatives for Business-Grade File Sharing. intermedia.net CALL US US ON THE WEB

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

RFI Template for Enterprise MDM Solutions

The Security Impact of Mobile Device Use by Employees

Comparing Box and Egnyte. White Paper

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

AirWatch Solution Overview

Security and Privacy Considerations for BYOD

Kony Mobile Application Management (MAM)

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

Cloud Backup and Recovery for Endpoint Devices

Security Overview Enterprise-Class Secure Mobile File Sharing

Extending Capture Capabilities Measuring the ROI

The Future of Mobile Device Management

Information Security for the Modern Enterprise

Security Architecture Whitepaper

How To Make Files Share Secure (Fss) Work For Corporate Use

CHOOSING AN MDM PLATFORM

Cortado Corporate Server

Secure Data Sharing in the Enterprise

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

Secure, Centralized, Simple

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Choosing an MDM Platform

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

When enterprise mobility strategies are discussed, security is usually one of the first topics

Copyright 2013, 3CX Ltd.

Securing Office 365 with MobileIron

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

Vodafone Total Managed Mobility

Storage Made Easy. Cloud File Server Overview

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, Published May An Osterman Research Executive Brief

Introduction to the Mobile Access Gateway

A guide to enterprise mobile device management.

Kaspersky Security for Mobile

8 Critical Requirements for Secure, Mobile File Transfer and Collaboration

EasiShare Whitepaper - Empowering Your Mobile Workforce

Device Independence - BYOD -

activecho Frequently Asked Questions

How To Manage A Mobile Device Management (Mdm) Solution

STRONGER AUTHENTICATION for CA SiteMinder

Healthcare Buyers Guide: Mobile Device Management

Moving to the Cloud: What Every CIO Should Know

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Cisco Mobile Collaboration Management Service

Choosing a File Sync & Share Solution. PRESENTATION TITLE GOES HERE Darryl Pace Optimal Computer Solutions

White Paper. Data Security. journeyapps.com

Secure Your Mobile Device Access with Cisco BYOD Solutions

The Challenge of Securing and Managing Data While Meeting Compliance

Is your business secure in a hosted world?

IT Self Service and BYOD Markku A Suistola

Storgrid EFS Access all of your business information securely from any device

Whitepaper. Simple and secure. Business requirements for Enterprise File Sync and Share solutions.

The Maximum Security Marriage:

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Citrix ShareFile Enterprise technical overview

Oracle Documents Cloud Service. Secure Collaboration for the Digital Workplace

Speeding Office 365 Implementation Using Identity-as-a-Service

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software

Transcription:

AIIM White Paper Survey Report: Mobile Content Security and Productivity Sponsored by

About the White Paper As the non-profit association dedicated to nurturing, growing and supporting the user and supplier communities of Information Management, ECM and Social Business Systems, AIIM is proud to provide this research at no charge. In this way the entire community can take full advantage of the education thoughtleadership and direction provided by our work. Our objective is to present the wisdom of the crowds based on our 80,000-strong community. We are happy to extend free use of the materials in this report to end-user companies and to independent consultants, but not to suppliers of ECM systems, products and services, other than Accellion, Inc. and its subsidiaries and partners. Any use of this material must carry the attribution AIIM 2013 www.aiim.org / Accellion, Inc. 2013 www.accellion.com Rather than redistribute a copy of this report to your colleagues, we would prefer that you direct them to www. aiim.org/research for a free download of their own. Our ability to deliver such high-quality research is made possible by the financial support of our underwriting sponsor, without whom we would have to return to a paid subscription model. For that, we hope you will join us in thanking our underwriter for this support: Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Phone: (+1) 650-485-4300 Web: www.accellion.com Process used and survey demographics The survey results quoted in this report are taken from a survey carried out between 07 June 2013 and 08 July 2013, with 305 responses from individual members of the AIIM community surveyed using a Web-based tool. Invitations to take the survey were sent via email to a selection of AIIM s 70,000 registered individuals. 64% of the respondents are from North America and 25% from Europe. They cover a representative spread of industry and government sectors. Results from organizations of less than 10 employees have not been included, bringing the total respondents to 284. About AIIM AIIM has been an advocate and supporter of information professionals for nearly 70 years. The association mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community: practitioners, technology suppliers, integrators and consultants. AIIM runs a series of training programs, including the ECM Master course: www.aiim.org/training/ecm-enterprise-content-management-course About the author Nick Geddes is a senior analyst within the AIIM Market Intelligence Division. He has over 15 years marketing experience in a variety of industries. Nick is also a Six Sigma Blackbelt with 10 years experience working on business improvement projects. He has a BSc in Information Technology, an MSC in Marketing and is a member of the CIM in the UK. 2013 2013 AIIM Accellion, Inc. 1100 Wayne Avenue, Suite 1100 1804 Embarcadero Road, Suite 200 Silver Spring, MD 20910 Palo Alto, CA 94303 (+1) 301 587-8202 (+1) 650-485-4300 www.aiim.org www.accellion.com 1

Table of Contents About the White Paper: About the White Paper... 1 Process used and survey demographics... 1 About AIIM... 1 About the author... 1 Introduction: Introduction... 3 Key findings... 3 Mobile Access Strategies: Mobile Access Strategies... 4 Content Access: Content Access... 5 Device Management: Device Management... 6 Content Access: Content Access... 8 Cloud Shares... 9 Mobile Access to On-Premise Content... 9 VPN... 10 File Shares... 10 Access Functionality and Collaboration: Content Function and Collaboration... 11 Content Collaboration... 12 Conclusion and Recommendations: Conclusion and Recommendations... 13 Recommendations... 13 Appendix 1: Survey Demographics: Appendix 1: Survey Demographics... 14 Survey Background... 14 Organizational Size... 14 Geography... 14 Industry Sector... 15 Job Roles... 15 Underwritten in part by: Accellion, Inc... 16 AIIM... 16 2

Introduction The growing requirement for mobile access and BYOD (Bring Your Own Device) can give organizations significant headaches in areas of security, management of devices, and content availability. How employees access corporate information is changing and organizations need to respond to these changes or risk having to play catch-up with their policies and processes. A symptom of the rapid change in this area is the confusing array of products and services claiming to provide simple and secure content collaboration through a range of cloud and mobile device offerings. However, simple and secure are somewhat relative in this context, with products ranging from consumer-grade file-sharing applications with the minimum of security, to fully managed and containerized mobile device environments. Integrating content access and collaboration workflows between enterprise systems and a range of mobile devices presents a challenge in terms of consistent end-to-end security. Providing a sufficient level of collaboration capability to satisfy employee demands on multiple devices is also difficult. In this report we investigate how important mobile access is to users, how likely they are to by-pass authorized systems, how compliant current collaboration practices are, and what collaboration functionality user expect on their mobile devices. Key Findings Mobile Access Strategies: Information access via mobile is essential (46%) or somewhat important to 70% of respondents. Information access on the move is seen as a basic corporate provision. Only 18% of organizations are confident that their mobile content management process is fully compliant with corporate policy and government regulation. 51% of respondents have big doubts about their mobile compliance. Only 30% of organizations have an approved BYOD policy in place, with a further 30% still developing one. Even for the largest organizations, only 35% have a fully-fledged BYOD policy. Only 14% of organizations have a corporate app store, with a further 14% developing one. Larger organizations are leading the way with app stores - 23% in place, 17% under development. 51% of large organizations have a Mobile Device Management (MDM) solution in place, with 31% planning one. Smaller organizations are trailing with only 24% in place and 15% planning. Content Access: Almost 70% are concerned or extremely concerned (20%) about sharing content on mobile devices. Only 12% are not at all concerned, showing that even with policies and governance in place, there are still worries. 15% of organizations sanction the use of consumer grade cloud services; 58% report employees using them anyway even when not authorized. Users will utilize cloud services to get the job done, either authorized or if they need to, unauthorized. An official policy on mobile access to corporate data does not exist in 21% of organizations, with 43% using unofficial apps or clients to access enterprise content. E-mailing attachments to mobiles is used extensively both officially and unofficially. ECM Access: Nearly two-thirds of those questioned have or plan to allow official Enterprise Content Management (ECM) access via mobile devices. ECM is seen as an important facility for mobile users to access. C-Level and Sales executives drive ECM access, with 35% of these groups being the first to get on-the-road connection to ECM. Due to the nature of the information being accessed, strong security will be important for these users. Even with ECM access, 60% still think mobile access to file shares (X: drives) will be useful. The file share shows little sign of being turned off for most users. Most organizations are looking to implement a wide range of content collaboration functions when implementing mobile access. Document creation, versioning and check-in / check-out are seen as core functionality, with off-line edit important for 53% and concurrent edit of interest to 22%. Most organizations (63%) want to eliminate or limit VPN use. MDM may be replacing VPN in the enterprise for accessing corporate information. 3

Mobile Access Strategies A mobile access strategy can be seen as one of the key elements of a modern organization s content management plan. The way information is accessed is undergoing a transformation, similar to the shift from desktop computers to laptops. Employees are now looking to their mobile device (either company provided or their own personal device), as a legitimate way of accessing, and working with, corporate information. The importance of mobile access is expressed by almost all of those who responded to the survey. Organizations are recognizing that in order to be competitive, access to corporate information needs to be facilitated through whatever means is appropriate. Figure 1: How important is mobile information access to your organization? (N=283) Essen al Somewhat important Important in some groups but not the whole organiza on 0% 10% 20% 30% 40% 50% Not at all important 0% 10% 20% 30% 40% 50% Essen al A strategy or policy for how mobile devices are managed when connected to corporate systems is therefore very important. In the not-so-long-ago past, company-funded BlackBerry roll-outs provided secure access to emails, and a degree of security for device lock-downs and lost or stolen devices. However, the increasing popularity of Apple and Somewhat Android devices, important the pressure from employees to carry a single device for both work Not at all and home, and their willingness to self-fund such a device, have created strong Fully arguments compliant, compliant, 15% for allowing, and indeed, encouraging BYOD. However, separating corporate data and personal data on such devices is not Important in some groups but not the 18% straightforward - in particular whole when organiza on looking to extend beyond email management with a wider selection of content editing and collaboration apps that might include direct access to on-premise ECM systems and other content stores that live behind the firewall. With company confidential Not information at all important being accessed and stored on these more open mobile devices, compliance is an area of considerable concern: only 18% of respondents believe that they are fully compliant with company policies, industry regulations or statutory government mandates. Figure 2: How compliant Somewhat is your mobile content management process (based on your corporate policies, industry compliant, requirements, 36% and/or government mandates)? (N=235, Mostly excl. 45 Don t Knows) compliant, 31% Not at all compliant, 15% Fully compliant, 18% 0% 10% 20% 30% 40% 50% 60% Sync to desktops Somewhat compliant, Emailing 36% a achments Consumer cloud content services, eg: Dropbox, SkyDrive, icloud, Google Drive, YouSendIt Mostly compliant, 31% Content capture services, eg: Evernote, OneNote Enterprise content services, eg: Box, Huddle, 4

Essen al Content Access Somewhat important Cloud-based Important file-sharing in some platforms, groups but consumer not the and enterprise grade, are being used more and more as a way whole organiza on to share information and collaborate with colleagues and clients. There are several different models: Basic device-to-device file synchronization or drive replication via the cloud, e.g., Dropbox, SkyDrive, icloud, Google Drive. Not at all important Content capture synchronization providing a degree of management, e.g., Evernote, OneNote. Cloud-based enterprise content management services, some of which may synchronize to on-premise systems e.g., Box, Huddle, Yammer, SharePoint 365, SaaS versions of ECM. ECM access clients, e.g., Accellion, Inc., SharePlus, or ECM vendor supplied apps Secure mobile data services Not providing at all MDM platforms with containerized application control, but limited content management and editing functionality, e.g., BlackBerry Enterprise Server, Fully compliant, compliant, 15% MobileIron, Good Technology. 18% Many of these services have both consumer and professional or enterprise versions, and many operate the freemium-premium model. However, the degree of control and security available varies enormously, even between paid-for versions with ostensibly the same name. It seems highly likely that any free service, or one that is not being paid for by the IT department, will not be considered an official or sanctioned application. In addition, using cloud-based content management products will result in additional cloud repositories, which can create ownership, e-discovery and retention management issues. The use of personal file sharing or cloud stores compounds this issue. Somewhat Reassuringly, 24% compliant, of our survey 36% respondents have official policies sanctioning the use Mostly of enterprise content services, and 16% have adopted official ECM access clients. Both of these compliant, types may 31% overlay, or lie alongside secure MDM data services (34%) in addition to approved emailing of attachments. Of more concern are the 16% who sanction the use of consumer cloud content services, and the 22% who have no official policies at all. Figure 3: Which of the following ways of accessing content on mobile devices are officially sanctioned in your organization? (N=268, excl. 13 Don t Knows) Sync to desktops Emailing a achments Consumer cloud content services, eg: Dropbox, SkyDrive, icloud, Google Drive, YouSendIt 0% 10% 20% 30% 40% 50% 60% Content capture services, eg: Evernote, OneNote Enterprise content services, eg: Box, Huddle, Yammer, SharePoint 365 ECM access clients, eg. SharePlus, Accellion, or vendor supplied apps. Secure mobile data services (basic MDM) None of these We don't have any official policies Even with policies in place, users are still finding unofficial ways to access content, suggesting that the officially sanctioned mechanisms do not meet their requirements. With 85% using email to personal devices, 58% using unofficial consumer grade products, and 43% unofficially accessing content through enterprise services, a chaotic landscape of varying access methods exists with little or no control from the organization. 5

Figure 4: To your knowledge, to what extent are the following unofficial ways of accessing content on mobile devices used in your organization? (N=279) Sync to desktops 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%100% Emailing a achments to self Sync to desktops Consumer cloud content services, eg: Dropbox, SkyDrive, icloud, Google Drive, YouSendIt Emailing a achments to self Content capture services, eg: Consumer cloud content services, Evernote, eg: Dropbox, OneNote Enterprise SkyDrive, content icloud, Google services, Drive, eg: Box, YouSendIt Huddle, Yammer, SharePoint 365 Content capture services, eg: ECM access clients/apps, Evernote, eg. SharePlus, OneNote Enterprise content services, eg: Box, Accellion Huddle, Yammer, SharePoint 365 We have noted ECM access a steady clients/apps, increase in eg. the SharePlus, Heavily used In use Not used awareness of unofficial use of cloud file-shares and related mobile Accellion access over the last two years. We can see from Figure 5 that this is now acknowledged as a widespread situation, with over half of those surveyed being at least somewhat concerned about the situation in their own organizations, with over a quarter of respondents Heavily being extremely used concerned. In use Not used Not at all Figure 5: How concerned are you about the current practice in your organization for sharing concerned, 12% content to mobile devices? (N=282) Extremely concerned, 26% Not at all concerned, 12% A li le concerned, 19% A li le concerned, 19% Extremely concerned, 26% Somewhat concerned, 43% Device Management Somewhat concerned, 43% 0% 10% 20% 30% 40% 50% Many IT managers are skeptical about a BYOD policy, as they feel that the required levels of support and management will increase. Despite the Yes 0% high prominence 10% that BYOD 20% currently 30% has, only 40% 32% of even 50% the largest organizations have such a policy in place, although a similar number have it in development. Midsized organizations are playing catch-up, and smaller organizations are split in two. This suggests that smaller organizations may be choosing to ignore the issue, or that they do not have the staff or funding to implement and maintain Under an development MDM solution. Yes AIIM 2013 www.aiim.org Under development No / Accellion, Inc. 2013 www.accellion.com 6

Somewhat concerned, 43% Figure 6: Does your company have a BYOD strategy? (N=282) 0% 10% 20% 30% 40% 50% Yes Under development No Employees 11-500 Employees 501-5000 Employees 5001+ If an organization is planning a BYOD policy, or even has company-owned devices deployed, then the management of those devices is important if they access corporate data. An MDM platform allows the IT department to manage which mobile devices are allowed to connect, monitor their use, configure settings and deploy approved applications. This ability to manage connected devices, regardless of make and model, gives an organization the ability to make use of the functionality available on modern devices while maintaining data security. Along with enhanced security, an MDM platform will also have the ability to wipe content remotely, either limited to enterprise content, or the whole device, ensuring that if a handset is lost, or an employee leaves, sensitive content is not lost. Some will also manage encryption of data on the device. As mentioned earlier, MDM platforms for restricted makes of company-issued device are not new, and indeed, many of the larger organizations shown in Figure 8 may be using BlackBerry devices and servers. However, extending those functionalities for multiple devices and mobile operating systems as part of a BYOD policy creates a much more demanding requirement. An evolving segment of vendors provide a hybrid solution that combines mobile content management with basic MDM features. This model can provide a more readily deployable solution, securing access to back end systems through existing authentication structures and working alongside native device management to restrict content access on the device. Some can also handle remote wipe of the secured content. Figure 7: Does your organization currently have a Mobile Device Management (MDM) solution in place? (N=281) 0% 10% 20% 30% 40% 50% 60% Yes Rolling out now Planned in next 6-12 months No Employees 11-500 Employees 501-5000 Employees 5001+ Separating personal apps and company-approved apps on the device is the first step to containerization of both apps and underlying content, 0% and 10% a corporate 20% 30% app store 40% may 50% be a pre-requisite 60% 70% for 80% wide deployment of approved apps across the workforce. An app store is often available through an MDM platform, but only 20% of larger organizations and 10% of others are actually using them. Depending on corporate policy, if AIIM 2013 www.aiim.org / Yes Accellion, Inc. 2013 www.accellion.com 7

Rolling out now 0% 10% 20% 30% 40% 50% 60% Planned in next 6-12 months the organization deploys only company-owned, approved devices then the corporate app store can be the only place users can download Yes apps. If the organization has a BYOD strategy then the corporate app store can provide apps that access corporate data in a containerized way. It is unclear how Apple s recent policy change will impact organizations No ability to operate ios App stores, but some vendors and App developers are already limiting their exposure by only allowing their app to be accessed from the Apple Store. Rolling out now Figure 8: Do you have a corporate app store for mobile device applications? (N=282) Employees 11-500 Employees 501-5000 Employees 5001+ Planned in next 6-12 months 0% 10% 20% 30% 40% 50% 60% 70% 80% No Yes Under development No Yes Under development Content Access Employees 11-500 Employees 501-5000 Employees 5001+ 0% 10% 20% 30% 40% 50% 60% 70% 80% Employees 11-500 Employees 501-5000 Employees 5001+ No Deciding what information users can access is a vital part of an organization s BYOD strategy. Email, file shares and ECM repositories may all be important content sources, needed by mobile workers to do their job. However, without appropriate systems in place to provide secure access to this content, businesses should Employees 11-500 Employees 501-5000 Employees 5001+ be cautious. Will not provide mobile access Yes already Over half of those who answered the survey said that they will allow mobile access providing for information held in to content, 4% the ECM system, with only 4% ruling this out completely. The crucial point mobile is that access, if users are given direct and convenient access to the content they need to do their jobs, they are less likely 19% to find unsanctioned routes to the information. Undecided/no Figure 9: Are plans you working yet, 28% on a solution to provide mobile access to content stored in ECM systems or file shares behind the firewall? (N=281) Will not provide mobile access to content, 4% Undecided/no plans yet, Yes 28% -but not scheduled yet, 20% Yes already Yes live within providing 6 months, 11% mobile access, 19% Yes live within 18 months, 7% Yes live within 6 months, 11% Yes - but not scheduled yet, 20% Yes live within 18 months, 7% 8

Cloud Shares As we have seen in both the authorized and unauthorized mobile access types, cloud file-sharing systems are one of the most popular ways to extend content to mobile devices. Providing users with enterprise-grade, cloud collaboration and file-sharing platforms with comprehensive security controls is a fast and easy way to access corporate information while providing the feature set required. However, it is not the only way, or necessarily the best way, to provide this functionality. Most cloud file sharing systems require that the content to be accessed and shared is first placed in the cloud, creating another repository, and certainly limiting the degree of search and exploration that can be achieved. It is also likely that unless the cloud system is a unified extension of on-premise ECM, it will have its own workflows, access restrictions and indexing mechanisms that need to be set-up, aligned and maintained. It may also be quite limited when it comes to content creation and content editing requiring that the mobile device be connected online to allow remote editing, rather than providing offline editing, for example. If content resides on the on-premise system, in the cloud, and out on mobiles, version control and check-out/ check-in can become major problems. Perhaps of greater significance is that corporate compliance and IT have no visibility into what has been shared, with whom, or when. This places the organization in a highly compromised position, especially if the employee leaves and does not expunge all corporate information from their cloud file-share. We have seen in other surveys that business users have frequently bypassed IT in order to utilize these cloud-share systems, and IT managers need to be aware of this. We asked who will first have access to planned mobile roll-outs, and senior management and sales executives are priority users in many organizations. Of course, if the requirement is for C-level execs, sales-persons or a line-of-business such as R & D, then information security is likely to be one of the main project requirements. Figure 10: Who first had/will have access to the content stored in ECM systems via mobile devices? (N=180) Sales, 16% Specific Line-of- Business/Other (Please specify), 14% Midmanagement, 8% No priori es/all at same me, 44% Senior management (C-level execs), 19% Mobile Access to On-Premise Content An alternative way to give mobile employees access to on-premise ECM systems without replicating content in the cloud is to simply extend the firewall to the mobile 0% device 5% 10% using a 15% VPN in 20% much 25% the same 30% way 35% as remote access works from a desktop or laptop. The first issue here is that the native ECM system may not provide a browser-based Essen al we access, do not want let alone to use an VPN optimized mobile application that allows for any real degree of functionality. Secondly, as we will see later, VPN access does not provide any of the MDM functionality that we outlined earlier in terms of security across multiple device types, remote-wipe for lost devices, and Somewhat important we want to limit or so on. If files are downloaded out of the ECM system onto the device, then they are in open space and any avoid VPN applications used to edit them or create them will not be secure or in any way containerized. We re OK with VPN 9

As we discussed earlier, use of an MDM platform will overcome many of these issues, but is unlikely in itself to provide integration with the ECM application, nor any useful tools for content editing and collaboration. Hence the need for a content access and/or content collaboration application that sits on top of the MDM, or provides Specific Line-of- MDM-like functionality, delivering access to the ECM system through the firewall, and providing a secure, containerized capability Business/Other on the device to interact with the content (and to a varying extent, the ECM system itself). Many vendors (Please offer specify), a high degree of integration with SharePoint, exposing features such as check-out/ check-in, version control, 14% and collaborative workflows. Some also offer additional capabilities not available in SharePoint, and may also connect with other ECM systems through native APIs, WebDAV or CMIS. VPN Sales, 16% Secure access into corporate systems has historically been accomplished with VPN, but this is changing, along with mobile and BYOD policies. Over 30% of organizations wish to limit their No use priori es/all of VPN, while only 13% feel it to be an essential element of mobile content access. With MDM platforms same able me, to push out settings to multiple devices, and cloud share platforms enabling secure mobile access 44% to corporate data outside the firewall, Midmanagement, step when logging in and potential support issues across different devices. It is important many organizations are deciding against using VPN. Users will welcome this as it removes an extra to note that one of 8% the key reasons for providing mobile access to content is so that it may, in turn, be shared with others outside the organization. VPN does not address this need and increasingly, organizations are not even allowing external users Senior or contractors onto the corporate network via temporary user accounts within Active Directory. management (C-level execs), In a BYOD world, VPN connections 19% from the mobile device could also be used by unauthorized apps, creating potential security risks for the enterprise. Once the VPN is opened up, any app on the device has access through the VPN to internal systems a fact that 30% of our respondents were unaware of. Figure 11: How important to you is secure mobile access WITHOUT using a VPN? (N=183) Essen al we do not want to use VPN Somewhat important we want to limit or avoid VPN We re OK with VPN We very much require use of VPN 0% 5% 10% 15% 20% 25% 30% 35% File Shares Although mobile access Would can not be achieved want by synchronizing cloud-based repositories to on-premise ECM platforms, a pragmatic issue this may to be still arise. Many organizations are still very reliant on network file shares in fact, a recent AIIM possible, survey indicated 15% that for 61% of organizations, file shares still play a significant role as a content repository, and this is reflected in Figure 11, where 59% would like to extend file share access to mobile devices. Although published documents may be managed through an ECM Yes, system, very useful, many users store all work-in-progress on the file share the very documents that they wish to have readily 27% available on mobile devices. Replicating file shares in a cloud repository would not be a particularly sensible step, although this might well be the issue that drives greater adoption of the ECM system in some organizations. An alternative would be to make the file system available to the mobile device using the secure content access systems described. Obviously, folder restrictions that exist in the file share would need to be respected on the mobile device. Unsurprisingly, 91% of those surveyed confirmed that they would like more granular control of what can and cannot be accessed by mobile users. User authentication is usually achieved with an interface to the AD/ Not that useful -most content Yes, quite is in ECM, 27% useful, 32% 10

Somewhat important we want to limit or avoid VPN We re OK with VPN LDAP, and the We ECM very system much require or file share use of controls VPN what a user can then view, edit or share. Mobile access applications or systems (including MDM systems) need to provide an additional level of granularity. They need to control access, as well as content what can be done with content, and under what circumstances. Figure 12: Would it be useful for users to have access to content stored on the file share (X:Drive)? (N=181) Would not want this to be possible, 15% Not that useful -most content is in ECM, 27% Yes, quite useful, 32% Access Functionality and Collaboration Access to content stored on enterprise systems is only part of the story: finding content and the management of that content is also an important factor and this speaks to the capability of the ECM access application. Full text as well as metadata search is an essential part of the landscape, enabling users to quickly find what they need as easily as possible. Three-quarters of respondents also wanted access to multiple content repositories, either directly, or using the primary ECM as a portal. Figure 13: How fully-featured would you want content access on mobile to be? (N=181) Yes, very useful, 27% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Basic content access and management Content search via metadata Full text content search Manage versions Federated/cross-repository content management Essen al Useful Not that important 11

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Basic content access and management Content Collaboration Looking in more detail at the kinds of content functionality users are looking for, the content-access solution should give IT departments control over what users can have access to, and what they can do with the Content search via metadata information they can see. Simply being able to view information while away from the office may be enough for some users, but collaboration and sharing are the real benefits users seek from mobile access. Creating and uploading a new document would seem to be a crucial requirement for nearly 60%, possibly in association with a form Full of mobile text content data capture, search or even uploading photographs or scanned documents from the field. Offline functionality is also seen as important, for both editing and commenting on documents. True concurrent editing is less sought after, although it has a place for 22%. Manage versions Sharing content with external users raises a number of issues. This kind of functionality is symptomatic of the mobile device issue where every consumer app has the option to share to social channels, or send as an SMS or Federated/cross-repository e-mail attachment. Ideally, content the mobile access app or solution should give IT the ability to white-list apps so that only authorized apps management can be used to share the content. External users of a specific collaboration app may also be allowed access to the document and this may replicate the file to a cloud element of that app in order to share it with outsiders. The key challenge for organizations is to ensure that there is continuity in the process - from the back-end system to the collaborative platform Essen al and back Useful - and that Not it that happens important without compromising content fidelity or system security. Figure 14: Which of the following basic content functions can/will users have via mobile devices? (N=180 using or planning mobile access) View only (no direct access to source document) Download source document and view only On-line edit while connected Check out, edit offline and check in new version Create and upload a new document Concurrent edit with other users (online) 0% 10% 20% 30% 40% 50% 60% 70% Share with external users Ensuring that the mobile device does not accumulate content and thereby create a security risk is relatively easy in a view-only mode, but as soon as creation and editing capabilities are added, particularly off-line ones, the risk of latent, on-device content storage becomes greater, hence increasing the need for an underlying MDM or other platform to containerize the content and manage its deletion. A combined content access and content management app may well be simpler to deploy to a collaborative community than a very corporate-specific MDM. 12

Conclusion and Recommendations Organizations want their employees to have access to corporate information from mobile devices, but security and compliance are major areas of concern. Preventing access or banning BYOD merely drives users to use unauthorized methods to access enterprise information, with even greater security risks. IT departments need tools that allow mobile content access to be managed and controlled in a secure way. They need to provide granular, file-level access, limit the ability to download unprotected content to the device, and have the ability to remotely wipe any enterprise content held on the device should it be lost or the employee leaves the organization. A secure connection through the firewall direct to the on-premise content system would be an obvious solution to many IT departments, but this demands a higher level of device security and on-going support, particularly if reliant on VPN connection. An MDM platform that containerizes the corporate information on the device, and allows sophisticated policy enforcement can provide a secure and robust solution for large enterprises, although this will need to be combined with an ECM access and content management application to provide true mobile content management. As we have seen, the majority of organizations do not have an MDM deployment, and for these a combined content-security/content-access application may provide a more flexible and affordable arrangement. Access to basic content may well satisfy user s needs, particularly on smartphones, but as tablets continue to replace laptops in many situations, users will expect more comprehensive functionality. Creating and editing documents, commenting on and approving changes, and other interactions with ECM workflows will all be required. Recommendations Acknowledge that mobile access to corporate information is essential, allowing employees to be more productive while giving them more flexibility. Provide users with authorized tools, accessing the information they require with the functionality they need. In this way, policy can be enforced, controlling access to information and managing it where access is permitted. Prevent users from accessing corporate content through unauthorized methods, such as consumer-grade cloud-share services. Communicate and enforce a zero-tolerance policy for usage of such systems for corporate information. Direct ECM content access from mobile may be more attractive than synchronized or hybrid cloud-based systems. Search capability is likely to be improved, workflows respected, and access to other back-office content stores can be opened up. While MDM platforms can provide limited content capabilities, a content access and management application will provide much greater functionality. Some will also replicate many of the security elements of an MDM platform, protecting on-device content, containerizing approved applications, and providing remote-wipe functionality. Simple view-only access is unlikely to satisfy your employees. Look for ECM access solutions that allow local editing, commenting and sharing, and ideally also support content management functions on the ECM system such as check-out/check-in and version control. If your file shares are still in heavy use, or you don t have an ECM system, chose an access product that supports file-share access, but be sure that it respects access permissions and policies set by existing authentication systems. If collaboration with third parties is required, the access system may also need to invoke a cloud-share element. Above all, update company policies to include mobile access with or without BYOD - and enforce them. 13

Appendix 1: Survey Demographics Survey Background The survey was taken by 305 individual members of the AIIM community between 07 June 2013 and 08 July 2013 using a web-based tool. Invitations to take the survey were sent via email to a selection of the 70,000 AIIM community members. Organizational Size Organizations with less than 11 employees are excluded from all of the results in this report. On this basis, larger organizations (over 5,000 employees) represent 27%, with mid-sized organizations (500 to 5,000 employees) at 36%. Small-to-mid sized organizations (10 to 500 employees) are 37%. Geography 5,001-10,000 emps, 8% 5,001-10,000 emps, 8% Australia, New Zealand, 3% Australia, New Zealand, 3% Eastern Europe, Russia, 2% Eastern Europe, Russia, 2% Other Western Europe, 10% Other Western Europe, 10% over 10,000 emps, 18% over 10,000 emps, 18% 1,001-5,000 emps, 27% 1,001-5,000 emps, 27% UK, Ireland, 11% UK, Ireland, 11% 11-100 emps, 17% 11-100 emps, 17% 501-1,000 emps, 10% 501-1,000 emps, 10% 101-500 emps, 19% 101-500 emps, 19% The survey was international, with US and Canada making up 64% of respondents, and 26% from Europe. Middle East, Africa, S. Africa, Asia, Far East, 2% 3% Middle East, Africa, S. Africa, 2% Asia, Far East, 3% Central/S. America, 2% Central/S. America, 2% US, 52% US, 52% Canada, 17% Canada, 17% Pharmaceu cal Professional and Chemicals, 2% Services and Legal, 3% Pharmaceu cal Media, Publishing, Professional and Chemicals, Other, 2% 2% Services and Legal, Government & 14

UK, Ireland, UK, Ireland, 11% 11% Industry Sector Canada, Canada, 17% 17% A fairly even split between industry sectors with national and local government 17% and finance and insurance 10%. Professional Services Services and Legal, and Legal, 3% 3% Media, Media, Publishing, Publishing, Web, Web, 3% 3% Consultants, 3% 3% Retail, Retail, Transport, Transport, Real Real Estate, Estate, 5% 5% Mining, Mining, Oil & Oil Gas, & Gas, 5% 5% Job Roles Manufacturing, Aerospace, Aerospace, Food, Food, 4% 4% Power, Power, U li es, U li es, Telecoms, Telecoms, 5% 5% Healthcare, Healthcare, 5% 5% Pharmaceu cal and Chemicals, and Chemicals, 2% 2% Charity, Charity, Not-for- Not-for- Profit, Profit, 6% 6% Educa on, Educa on, 7% 7% Engineering Engineering & & Construc on, 8% 8% Other, Other, 2% 2% Government & & Public Public Services Services - - Local/State, Local/State, 15% 15% Government & & Public Public Services Services - - Na onal, Na onal, 5% 5% Finance/Banking, 10% 10% Insurance, Insurance, 8% 8% IT & IT High & High Tech Tech, 8%, 8% 44% of respondents are from IT, 25% have a records management or information management role. President, President, CEO, CEO, Business Business MD, MD, 2% 2% Other Other, 3%, 3% Consultant, Consultant, 5% 5% LOB execu ve, LOB execu ve, department department IT staff, IT staff, 21% 21% head head or process or process owner, owner, 9% 9% Head Head of Print of Print Department, 1% 1% Head Head of of records/ records/ compliance/ informa on informa on management, 12% 12% Records Records or document document management staff, staff, 20% 20% Head Head of IT, of 8% IT, 8% IT Consultant IT Consultant or or Project Project Manager, Manager, 17% 17% 15

UNDERWRITTEN BY Accellion, Inc. Accellion, Inc. provides enterprise-class mobile file sharing and productivity solutions that enable secure, anytime, anywhere access to information while ensuring compliance. The world s leading corporations and government agencies use Accellion, Inc. to protect intellectual property, ensure compliance, improve business productivity and reduce IT costs. Founded in 1999, Accellion solutions can be deployed on public, private and hybrid cloud environments and provide the ease-of-use business users need while giving the enterprise organization the flexibility, scalability and protection it needs. For more information please visit www.accellion.com or call (650)-485-4300. About AIIM AIIM (www.aiim.org) is the global community of information professionals. We provide the education, research and certification that information professionals need to manage and share information assets in an era of mobile, social, cloud and big data Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community, with programs and content for practitioners, technology suppliers, integrators and consultants. 2013 AIIM AIIM Europe 1100 Wayne Avenue, Suite 1100 The IT Centre, Lowesmoor Wharf Silver Spring, MD 20910 Worcester, WR1 2RR, UK 301.587.8202 +44 (0)1905 727600 www.aiim.org www.aiim.eu 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information